diff options
48 files changed, 328 insertions, 340 deletions
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index f050d9a2..781527f4 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -7,12 +7,6 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index e061c0a5..0429a4b4 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -16,12 +16,6 @@ resource_registry: # TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/ OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml @@ -124,7 +118,7 @@ parameter_defaults: CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' CephPoolDefaultSize: 1 - DockerCephDaemonImage: ceph/daemon:tag-build-master-jewel-centos-7 + DockerCephDaemonImage: ceph/daemon:tag-build-ceph-dfg-jewel-centos-7 NovaEnableRbdBackend: true CinderEnableRbdBackend: true CinderBackupBackend: ceph diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 0ca67d00..bec5f48e 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -10,12 +10,6 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index 107b66b2..65fa6a65 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -11,12 +11,6 @@ resource_registry: OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index e2be75cc..4b647925 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -1,8 +1,3 @@ -# NOTE: This is an environment specific for containers CI. Mainly we -# deploy non-pacemakerized overcloud. Once we are able to deploy and -# upgrade pacemakerized and containerized overcloud, we should remove -# this file and use normal CI multinode environments/scenarios. - resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml @@ -18,16 +13,27 @@ resource_registry: OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml OS::TripleO::Services::ManilaShare: ../../docker/services/pacemaker/manila-share.yaml OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None + # TODO: in Queens, re-add bgp-vpn and l2gw services when + # containerized. + # https://bugs.launchpad.net/bugs/1713612 + # OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml + # OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml + # OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml + # These enable Pacemaker + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml + OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml + OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml + OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml + OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml - OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: @@ -80,6 +86,9 @@ parameter_defaults: # TODO: in Queens, re-add bgp-vpn and l2gw services when # containerized. # https://bugs.launchpad.net/bugs/1713612 + # - OS::TripleO::Services::NeutronBgpVpnApi + # - OS::TripleO::Services::NeutronL2gwApi + # - OS::TripleO::Services::NeutronL2gwAgent ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -98,4 +107,10 @@ parameter_defaults: CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' CephPoolDefaultSize: 1 SwiftCeilometerPipelineEnabled: false + # TODO: in Queens, re-add bgp-vpn and l2gw services when + # containerized. + # https://bugs.launchpad.net/bugs/1713612 + # NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin' + # BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' + # L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default'] NotificationDriver: 'noop' diff --git a/ci/environments/scenario006-multinode-containers.yaml b/ci/environments/scenario006-multinode-containers.yaml index d0a952d5..025fd81e 100644 --- a/ci/environments/scenario006-multinode-containers.yaml +++ b/ci/environments/scenario006-multinode-containers.yaml @@ -5,7 +5,6 @@ resource_registry: OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml - OS::TripleO::Services::Docker: OS::Heat::None parameter_defaults: ControllerServices: diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index faf56ba4..bad3e4a5 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -1,12 +1,6 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - # NOTE: This is needed because of upgrades from Ocata to Pike. We - # deploy the initial environment with Ocata templates, and - # overcloud-resource-registry.yaml there doesn't have this Docker - # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can - # remove this. - OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml # Some infra instances don't pass the ping test but are otherwise working. diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index 2b004af1..a1bd8826 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -4,6 +4,9 @@ # On upgrade certain roles can be disabled for operator driven upgrades # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml {%- set enabled_roles = roles -%} + {%- set is_upgrade = false -%} +{%- else %} + {%- set is_upgrade = true -%} {%- endif -%} {%- set primary_role = [enabled_roles[0]] -%} {%- for role in enabled_roles -%} @@ -63,7 +66,7 @@ conditions: {%- for role in enabled_roles %} - not: equals: - - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] + - get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}] - '' - False {%- endfor %} @@ -95,7 +98,7 @@ resources: _TASKS: {get_file: deploy-steps-tasks.yaml} {%- for step in range(1, deploy_steps_max) %} -# BEGIN service_workflow_tasks handling +# BEGIN workflow_tasks handling WorkflowTasks_Step{{step}}: type: OS::Mistral::Workflow condition: WorkflowTasks_Step{{step}}_Enabled @@ -111,14 +114,14 @@ resources: {%- endfor %} {%- endif %} properties: - name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} + name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]} type: direct tasks: yaql: expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() data: {%- for role in enabled_roles %} - - get_param: [role_data, {{role.name}}, service_workflow_tasks] + - get_param: [role_data, {{role.name}}, workflow_tasks] {%- endfor %} WorkflowTasks_Step{{step}}_Execution: @@ -148,7 +151,7 @@ resources: {%- endfor %} evaluate_env: false always_update: true -# END service_workflow_tasks handling +# END workflow_tasks handling {% endfor %} # Artifacts config and HostPrepConfig is done on all roles, not only @@ -189,7 +192,11 @@ resources: tasks: # Join host_prep_tasks with the other per-host configuration list_concat: +{%- if is_upgrade|default(false) and role.disable_upgrade_deployment|default(false) %} + - [] +{%- else %} - {get_param: [role_data, {{role.name}}, host_prep_tasks]} +{%- endif %} - {%- raw %} # Write the manifest for baremetal puppet configuration @@ -363,8 +370,3 @@ outputs: with_sequence: start=0 end={{upgrade_steps_max-1}} loop_control: loop_var: step - - include: deploy_steps_tasks.yaml - with_sequence: start=0 end={{deploy_steps_max-1}} - loop_control: - loop_var: step - diff --git a/common/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml index 5eb93d39..36b342f9 100644 --- a/common/major_upgrade_steps.j2.yaml +++ b/common/major_upgrade_steps.j2.yaml @@ -187,6 +187,43 @@ resources: role_data: {get_param: role_data} ctlplane_service_ips: {get_param: ctlplane_service_ips} +{%- for step in range(0, upgrade_steps_max) %} + {%- for role in roles %} + {{role.name}}PostUpgradeConfig_Config{{step}}: + type: OS::TripleO::UpgradeConfig + depends_on: + {%- for role_inside in enabled_roles %} + {%- if step > 0 %} + - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}} + {%- else %} + - AllNodesPostUpgradeSteps + {%- endif %} + {%- endfor %} + properties: + UpgradeStepConfig: {get_param: [role_data, {{role.name}}, post_upgrade_tasks]} + step: {{step}} + {%- endfor %} + + {%- for role in enabled_roles %} + {{role.name}}PostUpgradeConfig_Deployment{{step}}: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: + {%- for role_inside in enabled_roles %} + {%- if step > 0 %} + - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}} + {%- else %} + - AllNodesPostUpgradeSteps + {%- endif %} + {%- endfor %} + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}PostUpgradeConfig_Config{{step}}} + input_values: + role: {{role.name}} + update_identifier: {get_param: UpdateIdentifier} + {%- endfor %} +{%- endfor %} + outputs: # Output the config for each role, just use Step1 as the config should be # the same for all steps (only the tag provided differs) diff --git a/common/services.yaml b/common/services.yaml index a8186e43..a0015c7e 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -174,13 +174,13 @@ resources: expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - ServiceWorkflowTasks: + WorkflowTasks: type: OS::Heat::Value properties: type: json value: yaql: - expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) + expression: coalesce($.data.role_data, []).where($ != null).select($.get('workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} UpgradeTasks: @@ -193,6 +193,16 @@ resources: expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + PostUpgradeTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: coalesce($.data, []).where($ != null).select($.get('post_upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + UpdateTasks: type: OS::Heat::Value properties: @@ -260,9 +270,10 @@ outputs: config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: {get_attr: [GlobalConfigSettings, value]} service_config_settings: {get_attr: [ServiceConfigSettings, value]} - service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} + workflow_tasks: {get_attr: [WorkflowTasks, value]} step_config: {get_attr: [PuppetStepConfig, value]} upgrade_tasks: {get_attr: [UpgradeTasks, value]} + post_upgrade_tasks: {get_attr: [PostUpgradeTasks, value]} update_tasks: {get_attr: [UpdateTasks, value]} upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 99412341..8cc81fb0 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -68,7 +68,7 @@ parameters: CephPoolDefaultPgNum: description: default pg_num to use for the RBD pools type: number - default: 32 + default: 128 CephPools: description: > It can be used to override settings for one of the predefined pools, or to create @@ -182,7 +182,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: + workflow_tasks: step2: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } @@ -272,10 +272,11 @@ outputs: keys: *openstack_keys pools: [] ceph_conf_overrides: - map_merge: - - global: - osd_pool_default_size: {get_param: CephPoolDefaultSize} + global: + map_merge: + - osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum} rgw_keystone_api_version: 3 rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} rgw_keystone_accepted_roles: 'Member, _member_, admin' @@ -284,7 +285,7 @@ outputs: rgw_keystone_admin_user: swift rgw_keystone_admin_password: {get_param: SwiftPassword} rgw_s3_auth_use_keystone: 'true' - - {get_param: CephConfigOverrides} + - {get_param: CephConfigOverrides} ntp_service_enabled: false generate_fsid: false ip_version: diff --git a/docker/services/ceph-ansible/ceph-client.yaml b/docker/services/ceph-ansible/ceph-client.yaml index 55d8d9da..0b782941 100644 --- a/docker/services/ceph-ansible/ceph-client.yaml +++ b/docker/services/ceph-ansible/ceph-client.yaml @@ -54,5 +54,5 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: {} diff --git a/docker/services/ceph-ansible/ceph-external.yaml b/docker/services/ceph-ansible/ceph-external.yaml index f93dd566..bb2fc20a 100644 --- a/docker/services/ceph-ansible/ceph-external.yaml +++ b/docker/services/ceph-ansible/ceph-external.yaml @@ -58,7 +58,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: ceph_client_ansible_vars: map_merge: diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml index 4ef3a669..abdb3c3f 100644 --- a/docker/services/ceph-ansible/ceph-mds.yaml +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -68,7 +68,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: map_merge: - tripleo.ceph_mds.firewall_rules: diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 90149d1e..45f939c2 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -71,7 +71,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: map_merge: - tripleo.ceph_mon.firewall_rules: diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index fe7d311d..a441f5c9 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -63,7 +63,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: map_merge: - tripleo.ceph_osd.firewall_rules: diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml index 4bed9b46..4479fdbf 100644 --- a/docker/services/ceph-ansible/ceph-rgw.yaml +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -62,7 +62,7 @@ outputs: config_volume: '' step_config: '' docker_config: {} - service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]} config_settings: map_merge: - tripleo.ceph_rgw.firewall_rules: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 5a6958a0..9a114458 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -90,7 +90,7 @@ outputs: owner: gnocchi:gnocchi recurse: true docker_config: - step_4: + step_5: gnocchi_metricd: image: {get_param: DockerGnocchiMetricdImage} net: host diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 2957312b..834d0055 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -90,7 +90,7 @@ outputs: owner: gnocchi:gnocchi recurse: true docker_config: - step_4: + step_5: gnocchi_statsd: image: {get_param: DockerGnocchiStatsdImage} net: host diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index f0e2f71d..70e1f893 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -96,8 +96,7 @@ outputs: config_settings: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - - tripleo::haproxy::haproxy_daemon: false - tripleo::haproxy::haproxy_service_manage: false + - tripleo::haproxy::haproxy_service_manage: false # NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy # when this is updated tripleo::haproxy::crl_file: null @@ -130,7 +129,7 @@ outputs: - null kolla_config: /var/lib/kolla/config_files/haproxy.json: - command: haproxy -f /etc/haproxy/haproxy.cfg + command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 4d5a0a15..9dace271 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -159,6 +159,7 @@ outputs: detach: false image: {get_param: DockerMysqlImage} net: host + user: root # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: - 'bash' @@ -167,8 +168,9 @@ outputs: list_join: - "\n" - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' - - 'kolla_start' - - 'mysqld_safe --skip-networking --wsrep-on=OFF --wsrep-provider=none &' + - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf' + - 'sudo -u mysql -E kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index a325f286..2cc04e96 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -78,8 +78,7 @@ outputs: config_settings: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - - tripleo::haproxy::haproxy_daemon: false - haproxy_docker: true + - haproxy_docker: true tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} # the list of directories that contain the certs to bind mount in the countainer # bind-mounting the directories rather than all the cert, key and pem files ensures @@ -120,7 +119,7 @@ outputs: data: *tls_mapping kolla_config: /var/lib/kolla/config_files/haproxy.json: - command: haproxy -f /etc/haproxy/haproxy.cfg + command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" diff --git a/environments/docker-uc-light.yaml b/environments/docker-uc-light.yaml new file mode 100644 index 00000000..3220489c --- /dev/null +++ b/environments/docker-uc-light.yaml @@ -0,0 +1,29 @@ +# A lightweight UC for pre-provisioned deployed servers +resource_registry: + OS::TripleO::Services::Docker: ../puppet/services/docker.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml + + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml + OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml + OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml + OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml + OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml + OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml + OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml + OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml + +parameter_defaults: + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy'
\ No newline at end of file diff --git a/environments/network-isolation-no-tunneling.j2.yaml b/environments/network-isolation-no-tunneling.j2.yaml new file mode 100644 index 00000000..6bf00f1e --- /dev/null +++ b/environments/network-isolation-no-tunneling.j2.yaml @@ -0,0 +1,34 @@ +# ****************************************************************************** +# DEPRECATED: Modify networks used for custom roles by modifying the role file +# in the roles/ directory, or disable the network entirely by setting network to +# "enabled: false" in network_data.yaml. +# ****************************************************************************** +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. This version of the environment +# has no dedicated VLAN for tunneling, for deployments that use +# VLAN mode, flat provider networks, etc. +resource_registry: + # networks as defined in network_data.yaml, except for tenant net + {%- for network in networks if network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endfor %} + OS::TripleO::Network::Tenant: OS::Heat::None + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.name != 'Tenant' %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endfor %} + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml + + # Port assignments for each role are determined by the role definition. +{%- for role in roles %} + # Port assignments for the {{role.name}} role. + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant'%} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- elif network.enabled|default(true) %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{% endfor %} diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml deleted file mode 100644 index ff1d7887..00000000 --- a/environments/network-isolation-no-tunneling.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Enable the creation of Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. This version of the environment -# has no dedicated VLAN for tunneling, for deployments that use -# VLAN mode, flat provider networks, etc. -resource_registry: - OS::TripleO::Network::External: ../network/external.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml - OS::TripleO::Network::Storage: ../network/storage.yaml - OS::TripleO::Network::Tenant: ../network/noop.yaml - # Management network is optional and disabled by default. - # To enable it, include environments/network-management.yaml - #OS::TripleO::Network::Management: ../network/management.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 1b792afd..2db1a828 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -22,9 +22,6 @@ resource_registry: {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - - OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml - {%- for role in roles %} # Port assignments for the {{role.name}} {%- for network in networks %} diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index ce64311b..fb47770f 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -28,6 +28,8 @@ parameter_defaults: NeutronTunnelIdRanges: '' NeutronNetworkVLANRanges: '' NeutronVniRanges: '' + NovaPatchConfigMonkeyPatch: false + NovaPatchConfigMonkeyPatchModules: '' NovaOVSBridge: 'default_bridge' NeutronMetadataProxySharedSecret: 'default' InstanceNameTemplate: 'inst-%08x' diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml index 5e75ed9e..e8e3aaa4 100644 --- a/environments/nova-nuage-config.yaml +++ b/environments/nova-nuage-config.yaml @@ -1,8 +1,7 @@ # A Heat environment file which can be used to enable # Nuage backend on the compute, configured via puppet resource_registry: - OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginNuage parameter_defaults: NuageActiveController: '0.0.0.0' diff --git a/environments/services/neutron-lbaasv2.yaml b/environments/services/neutron-lbaasv2.yaml index 385bb2fe..ca42d20d 100644 --- a/environments/services/neutron-lbaasv2.yaml +++ b/environments/services/neutron-lbaasv2.yaml @@ -8,7 +8,7 @@ # - OVS: neutron.agent.linux.interface.OVSInterfaceDriver # - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver resource_registry: - OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml + OS::TripleO::Services::NeutronLbaasv2Agent: ../../puppet/services/neutron-lbaas.yaml parameter_defaults: NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver" diff --git a/network/management_v6.yaml b/network/management_v6.yaml deleted file mode 100644 index 2eb8c876..00000000 --- a/network/management_v6.yaml +++ /dev/null @@ -1,71 +0,0 @@ -heat_template_version: pike - -description: > - Management network. System administration, SSH, DNS, NTP, etc. This network - would usually be the default gateway for the non-controller nodes. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ManagementNetCidr: - default: 'fd00:fd00:fd00:6000::/64' - description: Cidr for the management network. - type: string - ManagementNetValueSpecs: - default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} - description: Value specs for the management network. - type: json - ManagementNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ManagementNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ManagementNetName: - default: management - description: The name of the management network. - type: string - ManagementSubnetName: - default: management_subnet - description: The name of the management subnet in Neutron. - type: string - ManagementAllocationPools: - default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the management network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - -resources: - ManagementNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ManagementNetAdminStateUp} - name: {get_param: ManagementNetName} - shared: {get_param: ManagementNetShared} - value_specs: {get_param: ManagementNetValueSpecs} - - ManagementSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: ManagementNetCidr} - name: {get_param: ManagementSubnetName} - network: {get_resource: ManagementNetwork} - allocation_pools: {get_param: ManagementAllocationPools} - -outputs: - OS::stack_id: - description: Neutron management network - value: {get_resource: ManagementNetwork} - subnet_cidr: - value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 48c509df..1a170045 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -4,8 +4,7 @@ description: Create networks to split out Overcloud traffic resources: {%- for network in networks %} - {%- set network_name = network.compat_name|default(network.name) %} - {{network_name}}Network: + {{network.name}}Network: type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -19,9 +18,8 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- set network_name = network.compat_name|default(network.name) %} {{network.name_lower}}: yaql: - data: {get_attr: [{{network_name}}Network, subnet_cidr]} + data: {get_attr: [{{network.name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') {%- endfor %} diff --git a/network_data.yaml b/network_data.yaml index fed11576..90293ab3 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -58,7 +58,6 @@ allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] ipv6_subnet: 'fd00:fd00:fd00:2000::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] - compat_name: Internal - name: Storage vip: true name_lower: storage @@ -81,8 +80,9 @@ ipv6_subnet: 'fd00:fd00:fd00:5000::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] - name: Management - # Management network is disabled by default - enabled: false + # Management network is enabled by default for backwards-compatibility, but + # is not included in any roles by default. Add to role definitions to use. + enabled: true vip: false # Management network does not use VIPs name_lower: management ip_subnet: '10.0.1.0/24' diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index e5ae5279..c8bdf9e4 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -152,6 +152,7 @@ resource_registry: # can be the same as NeutronCorePlugin but some vendors install different # things where VMs run OS::TripleO::Services::ComputeNeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::ComputeNeutronCorePluginNuage: puppet/services/neutron-compute-plugin-nuage.yaml # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml deleted file mode 100644 index ea2fd71c..00000000 --- a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml +++ /dev/null @@ -1,92 +0,0 @@ -heat_template_version: pike - -description: Configure hieradata for Nuage configuration on the Compute - -parameters: - server: - description: ID of the compute node to apply this config to - type: string - - NuageActiveController: - description: IP address of the Active Virtualized Services Controller (VSC) - type: string - NuageStandbyController: - description: IP address of the Standby Virtualized Services Controller (VSC) - type: string - NuageMetadataPort: - description: TCP Port to listen for metadata server requests - type: string - default: '9697' - NuageNovaMetadataPort: - description: TCP Port used by Nova metadata server - type: string - default: '8775' - NuageMetadataProxySharedSecret: - description: Shared secret to sign the instance-id request - type: string - NuageNovaClientVersion: - description: Client Version Nova - type: string - default: '2' - NuageNovaOsUsername: - description: Nova username in keystone_authtoken - type: string - default: 'nova' - NuageMetadataAgentStartWithOvs: - description: Set to True if nuage-metadata-agent needs to be started with nuage-openvswitch-switch - type: string - default: 'True' - NuageNovaApiEndpoint: - description: One of publicURL, internalURL, adminURL in "keystone endpoint-list" - type: string - default: 'publicURL' - NuageNovaRegionName: - description: Region name in "keystone endpoint-list" - type: string - default: 'regionOne' - -# Declaration of resources for the template. -resources: - NovaNuageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - datafiles: - nova_nuage_data: - mapped_data: - nuage::vrs::active_controller: {get_input: ActiveController} - nuage::vrs::standby_controller: {get_input: StandbyController} - nuage::metadataagent::metadata_port: {get_input: MetadataPort} - nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort} - nuage::metadataagent::metadata_secret: {get_input: SharedSecret} - nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion} - nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername} - nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs} - nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType} - nuage::metadataagent::nova_region_name: {get_input: NovaRegionName} - - NovaNuageDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: NovaNuageDeployment - config: {get_resource: NovaNuageConfig} - server: {get_param: server} - input_values: - ActiveController: {get_param: NuageActiveController} - StandbyController: {get_param: NuageStandbyController} - MetadataPort: {get_param: NuageMetadataPort} - NovaMetadataPort: {get_param: NuageNovaMetadataPort} - SharedSecret: {get_param: NuageMetadataProxySharedSecret} - NovaClientVersion: {get_param: NuageNovaClientVersion} - NovaOsUsername: {get_param: NuageNovaOsUsername} - MetadataAgentStartWithOvs: {get_param: NuageMetadataAgentStartWithOvs} - NovaApiEndpointType: {get_param: NuageNovaApiEndpoint} - NovaRegionName: {get_param: NuageNovaRegionName} - -# Specify output parameters that will be available -# after the template is instantiated. -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [NovaNuageDeployment, deploy_stdout]} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index a593d55e..38e2a280 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -99,12 +99,12 @@ It is also possible to use Mistral actions or workflows together with a deployment step, these are executed before the main configuration run. To describe actions or workflows from within a service use: - * service_workflow_tasks: One or more workflow task properties + * workflow_tasks: One or more workflow task properties which expects a map where the key is the step and the value a list of dictionaries descrbing each a workflow task, for example:: - service_workflow_tasks: + workflow_tasks: step2: - name: echo action: std.echo output=Hello diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 011ec037..1c2da401 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -60,6 +60,11 @@ parameters: ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. type: number + InotifyIntancesMax: + default: 1024 + description: Configures sysctl fs.inotify.max_user_instances key + type: number + outputs: role_data: @@ -129,5 +134,9 @@ outputs: value: {get_param: NeighbourGcThreshold2} net.ipv4.neigh.default.gc_thresh3: value: {get_param: NeighbourGcThreshold3} + # set inotify value for neutron/dnsmasq scale + fs.inotify.max_user_instances: + value: {get_param: InotifyIntancesMax} + step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index f1a56530..e594c2da 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -38,6 +38,39 @@ parameters: description: TCP Port to listen for metadata server requests type: string default: '9697' + NuageActiveController: + description: IP address of the Active Virtualized Services Controller (VSC) + type: string + NuageStandbyController: + description: IP address of the Standby Virtualized Services Controller (VSC) + type: string + NuageNovaMetadataPort: + description: TCP Port used by Nova metadata server + type: string + default: '8775' + NuageMetadataProxySharedSecret: + description: Shared secret to sign the instance-id request + type: string + NuageNovaClientVersion: + description: Client Version Nova + type: string + default: '2' + NuageNovaOsUsername: + description: Nova username in keystone_authtoken + type: string + default: 'nova' + NuageMetadataAgentStartWithOvs: + description: Set to True if nuage-metadata-agent needs to be started with nuage-openvswitch-switch + type: string + default: 'True' + NuageNovaApiEndpoint: + description: One of publicURL, internalURL, adminURL in "keystone endpoint-list" + type: string + default: 'publicURL' + NuageNovaRegionName: + description: Region name in "keystone endpoint-list" + type: string + default: 'regionOne' outputs: role_data: @@ -45,6 +78,16 @@ outputs: value: service_name: neutron_compute_plugin_nuage config_settings: + nuage::vrs::active_controller: {get_param: NuageActiveController} + nuage::vrs::standby_controller: {get_param: NuageStandbyController} + nuage::metadataagent::metadata_port: {get_param: NuageMetadataPort} + nuage::metadataagent::nova_metadata_port: {get_param: NuageNovaMetadataPort} + nuage::metadataagent::metadata_secret: {get_param: NuageMetadataProxySharedSecret} + nuage::metadataagent::nova_client_version: {get_param: NuageNovaClientVersion} + nuage::metadataagent::nova_os_username: {get_param: NuageNovaOsUsername} + nuage::metadataagent::metadata_agent_start_with_ovs: {get_param: NuageMetadataAgentStartWithOvs} + nuage::metadataagent::nova_api_endpoint_type: {get_param: NuageNovaApiEndpoint} + nuage::metadataagent::nova_region_name: {get_param: NuageNovaRegionName} tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml index a7dc2e8b..4cd541cc 100644 --- a/puppet/services/neutron-plugin-ml2-nuage.yaml +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -67,6 +67,16 @@ parameters: type: boolean default: false + NovaPatchConfigMonkeyPatch: + description: Apply monkey patching or not + type: boolean + default: false + + NovaPatchConfigMonkeyPatchModules: + description: List of modules/decorators to monkey patch + type: comma_delimited_list + default: '' + resources: NeutronML2Base: @@ -95,5 +105,7 @@ outputs: neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} nova::api::use_forwarded_for: {get_param: UseForwardedFor} + nova::patch::config::monkey_patch: {get_param: NovaPatchConfigMonkeyPatch} + nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules} step_config: | include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index f4675875..cbbf2eaf 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,17 +66,9 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: get bootstrap nodeid - tags: step5 - command: hiera bootstrap_nodeid - register: bootstrap_node - - block: - - name: Sync cinder DB - tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable - when: bootstrap_node.stdout == ansible_hostname + post_upgrade_tasks: + - name: Start cinder_volume service (pacemaker) + tags: step1 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 541a2eb6..251d8092 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -114,6 +114,7 @@ outputs: tacker::keystone::authtoken::project_name: 'service' tacker::keystone::authtoken::user_domain_name: 'Default' tacker::keystone::authtoken::project_domain_name: 'Default' + tacker::keystone::authtoken::password: {get_param: TackerPassword} tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} diff --git a/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml b/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml new file mode 100644 index 00000000..bdce1348 --- /dev/null +++ b/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + This adds post_upgrade_tasks, ansible tasks that can be added to any + service manifest (currently, pacemaker/cinder-volume for bug 1706951). + + These are similar to the existing upgrade_tasks in their format, however + they will be executed *after* the docker/puppet config. So the order is + upgrade_tasks, deployment steps (docker/puppet), then post_upgrade_tasks. + + Also like the upgrade_tasks these are serialised and you can use 'tags' + with 'step0' to 'step6' (more can be added if needed). diff --git a/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml b/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml new file mode 100644 index 00000000..2e7e79f1 --- /dev/null +++ b/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes heat resource OS::TripleO::Network::Internal to be renamed back to + OS::TripleO::Network::InternalApi for backwards compatibility with + previous versions. diff --git a/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml b/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml new file mode 100644 index 00000000..7d8d3dd1 --- /dev/null +++ b/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes missing Keystone authtoken password for Tacker. diff --git a/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml b/releasenotes/notes/workflow_tasks-4da5830821b7154b.yaml index cf99ec5d..cf99ec5d 100644 --- a/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml +++ b/releasenotes/notes/workflow_tasks-4da5830821b7154b.yaml diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 066962c1..2f86d2d2 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -75,6 +75,10 @@ - OS::TripleO::Services::Memcached - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NovaApi - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaConsoleauth diff --git a/roles/Networker.yaml b/roles/Networker.yaml index ac30c2fd..afd3b101 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -3,10 +3,11 @@ ############################################################################### - name: Networker description: | - Standalone networking role to run Neutron services their own. Includes + Standalone networking role to run Neutron agents their own. Includes Pacemaker integration via PacemakerRemote networks: - InternalApi + - Tenant HostnameFormatDefault: '%stackname%-networker-%index%' ServicesDefault: - OS::TripleO::Services::AuditD @@ -17,12 +18,8 @@ - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronBgpVpnApi - - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL2gwAgent - - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronLbaasv2Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/roles/UndercloudLight.yaml b/roles/UndercloudLight.yaml new file mode 100644 index 00000000..bc1b1c9a --- /dev/null +++ b/roles/UndercloudLight.yaml @@ -0,0 +1,34 @@ +############################################################################### +# Role: Undercloud # +############################################################################### +- name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the minimal undercloud for pre-provisioned + deployed servers via heat using the 'openstack undercloud deploy' command. + Should be used with the 'environments/docker-uc-light.yaml' template + instead of the 'environments/docker.yaml'. + CountDefault: 1 + disable_constraints: True + tags: + - primary + - controller + ServicesDefault: + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Zaqar diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 682cb8df..f7a45d7b 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -31,12 +31,13 @@ envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', 'tls-endpoints-public-ip.yaml', 'tls-everywhere-endpoints-dns.yaml'] ENDPOINT_MAP_FILE = 'endpoint_map.yaml' -OPTIONAL_SECTIONS = ['service_workflow_tasks'] +OPTIONAL_SECTIONS = ['workflow_tasks'] REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', 'config_settings', 'step_config'] OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', - 'service_config_settings', 'host_prep_tasks', - 'metadata_settings', 'kolla_config'] + 'post_upgrade_tasks', 'service_config_settings', + 'host_prep_tasks', 'metadata_settings', + 'kolla_config'] REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config', 'config_image'] OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ] @@ -87,6 +88,8 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'OVNSouthboundServerPort': ['description'], 'ExternalInterfaceDefaultRoute': ['description', 'default'], + 'ManagementInterfaceDefaultRoute': + ['description', 'default'], 'IPPool': ['description'], 'SSLCertificate': ['description', 'default', |