summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.rst6
-rw-r--r--capabilities-map.yaml10
-rw-r--r--ci/environments/multinode-3nodes.yaml2
-rw-r--r--ci/environments/scenario001-multinode.yaml21
-rw-r--r--deployed-server/deployed-server-bootstrap-centos.sh3
-rw-r--r--deployed-server/deployed-server-bootstrap-rhel.sh3
-rwxr-xr-xdeployed-server/scripts/get-occ-config.sh29
-rwxr-xr-xdocker/docker-puppet.py11
-rw-r--r--docker/services/aodh-api.yaml32
-rw-r--r--docker/services/aodh-evaluator.yaml11
-rw-r--r--docker/services/aodh-listener.yaml11
-rw-r--r--docker/services/aodh-notifier.yaml11
-rw-r--r--docker/services/database/mongodb.yaml24
-rw-r--r--docker/services/database/mysql.yaml33
-rw-r--r--docker/services/glance-api.yaml15
-rw-r--r--docker/services/gnocchi-api.yaml32
-rw-r--r--docker/services/gnocchi-metricd.yaml11
-rw-r--r--docker/services/gnocchi-statsd.yaml11
-rw-r--r--docker/services/heat-api-cfn.yaml13
-rw-r--r--docker/services/heat-api.yaml13
-rw-r--r--docker/services/heat-engine.yaml15
-rw-r--r--docker/services/ironic-api.yaml13
-rw-r--r--docker/services/ironic-conductor.yaml22
-rw-r--r--docker/services/ironic-pxe.yaml67
-rw-r--r--docker/services/keystone.yaml4
-rw-r--r--docker/services/mistral-api.yaml15
-rw-r--r--docker/services/mistral-engine.yaml12
-rw-r--r--docker/services/mistral-executor.yaml13
-rw-r--r--docker/services/neutron-api.yaml15
-rw-r--r--docker/services/neutron-dhcp.yaml15
-rw-r--r--docker/services/neutron-l3.yaml17
-rw-r--r--docker/services/neutron-ovs-agent.yaml15
-rw-r--r--docker/services/nova-api.yaml11
-rw-r--r--docker/services/nova-compute.yaml13
-rw-r--r--docker/services/nova-conductor.yaml13
-rw-r--r--docker/services/nova-ironic.yaml11
-rw-r--r--docker/services/nova-libvirt.yaml11
-rw-r--r--docker/services/nova-placement.yaml36
-rw-r--r--docker/services/nova-scheduler.yaml13
-rw-r--r--docker/services/panko-api.yaml30
-rw-r--r--docker/services/rabbitmq.yaml21
-rw-r--r--docker/services/swift-proxy.yaml4
-rw-r--r--docker/services/swift-storage.yaml13
-rw-r--r--docker/services/zaqar.yaml18
-rw-r--r--environments/hyperconverged-ceph.yaml2
-rw-r--r--environments/major-upgrade-all-in-one.yaml2
-rw-r--r--environments/neutron-bgpvpn.yaml2
-rw-r--r--environments/neutron-l2gw-api.yaml20
-rw-r--r--environments/neutron-nuage-config.yaml1
-rw-r--r--environments/neutron-opendaylight.yaml1
-rw-r--r--environments/securetty.yaml12
-rw-r--r--environments/services/ceilometer-api.yaml6
-rw-r--r--environments/services/disable-ceilometer-api.yaml2
-rw-r--r--environments/services/keystone_domain_specific_ldap_backend.yaml18
-rw-r--r--environments/services/qdr.yaml2
-rw-r--r--extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration1
-rwxr-xr-xextraconfig/tasks/pacemaker_common_functions.sh9
-rw-r--r--extraconfig/tasks/tripleo_upgrade_node.sh3
-rwxr-xr-xextraconfig/tasks/yum_update.sh3
-rw-r--r--network/endpoints/endpoint_data.yaml1
-rw-r--r--network/endpoints/endpoint_map.yaml82
-rw-r--r--network/service_net_map.j2.yaml1
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml6
-rw-r--r--overcloud.j2.yaml2
-rw-r--r--puppet/major_upgrade_steps.j2.yaml45
-rw-r--r--puppet/services/ceilometer-agent-ipmi.yaml77
-rw-r--r--puppet/services/ceilometer-base.yaml7
-rw-r--r--puppet/services/congress.yaml1
-rw-r--r--puppet/services/database/mongodb.yaml5
-rw-r--r--puppet/services/ec2-api.yaml5
-rw-r--r--puppet/services/heat-engine.yaml6
-rw-r--r--puppet/services/horizon.yaml5
-rw-r--r--puppet/services/ironic-conductor.yaml21
-rw-r--r--puppet/services/kernel.yaml22
-rw-r--r--puppet/services/keystone.yaml27
-rw-r--r--puppet/services/mistral-base.yaml6
-rw-r--r--puppet/services/neutron-base.yaml5
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml10
-rw-r--r--puppet/services/neutron-compute-plugin-ovn.yaml1
-rw-r--r--puppet/services/neutron-l2gw-api.yaml54
-rw-r--r--puppet/services/neutron-ovs-agent.yaml35
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml5
-rw-r--r--puppet/services/neutron-plugin-ml2-odl.yaml45
-rw-r--r--puppet/services/neutron-plugin-nuage.yaml7
-rw-r--r--puppet/services/nova-base.yaml6
-rw-r--r--puppet/services/opendaylight-ovs.yaml36
-rw-r--r--puppet/services/openvswitch-upgrade.yaml50
-rw-r--r--puppet/services/ovn-dbs.yaml6
-rw-r--r--puppet/services/pacemaker.yaml14
-rw-r--r--puppet/services/qdr.yaml60
-rw-r--r--puppet/services/securetty.yaml36
-rw-r--r--puppet/services/swift-proxy.yaml33
-rw-r--r--puppet/services/tacker.yaml1
-rw-r--r--releasenotes/notes/add-ceilometer-agent-ipmi-2c86726d0373d354.yaml3
-rw-r--r--releasenotes/notes/add-l2gw-api-support-2206d3d14f409088.yaml3
-rw-r--r--releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml5
-rw-r--r--releasenotes/notes/add-qdr-99a27dffef42c13e.yaml8
-rw-r--r--releasenotes/notes/add_db_sync_timeout-c9b2f401cca0b37d.yaml3
-rw-r--r--releasenotes/notes/deployed-server-firewall-purge-9d9fe73faf925056.yaml6
-rw-r--r--releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml4
-rw-r--r--releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml12
-rw-r--r--releasenotes/notes/disable-kernel-parameter-for-icmp-redirects-f325f91d71b58b5f.yaml19
-rw-r--r--releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml5
-rw-r--r--releasenotes/notes/enable-logging-suspicious-packets-d5545586f917d2ca.yaml9
-rw-r--r--releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml10
-rw-r--r--releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml9
-rw-r--r--releasenotes/notes/leave-satellite-repo-enabled-8b60528bd5450c7b.yaml6
-rw-r--r--releasenotes/notes/ovn-fcd4b0168e6745a8.yaml6
-rw-r--r--releasenotes/notes/ovs-2.5-2.6-composable-upgrades-workaround-73f4e56127c910b4.yaml12
-rw-r--r--releasenotes/notes/restrict-mongodb-memory-de7bf6754d7234d9.yaml3
-rw-r--r--releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml5
-rw-r--r--roles_data.yaml13
-rwxr-xr-xtools/yaml-validate.py4
113 files changed, 995 insertions, 676 deletions
diff --git a/README.rst b/README.rst
index e2b59c59..51a21f6b 100644
--- a/README.rst
+++ b/README.rst
@@ -128,3 +128,9 @@ and should be executed according to the following table:
+----------------+-------------+-------------+-------------+-------------+-----------------+
| manila | | | | X | |
+----------------+-------------+-------------+-------------+-------------+-----------------+
+| collectd | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
+| fluentd | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
+| sensu-client | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index 83b3ac40..947ba8b6 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -370,6 +370,11 @@ topics:
description: Enable FOS in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-l2gw.yaml
+ title: Neutron L2 gateway Service Plugin
+ description: Enables Neutron L2 gateway Service Plugin
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Nova Extensions
description:
@@ -592,3 +597,8 @@ topics:
environments:
- file: environments/cadf.yaml
title: Keystone CADF auditing
+ - title: SecureTTY Values
+ description: Set values within /etc/securetty
+ environments:
+ - file: environments/securetty.yaml
+ title: SecureTTY Values
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
index d6e2376a..8307db96 100644
--- a/ci/environments/multinode-3nodes.yaml
+++ b/ci/environments/multinode-3nodes.yaml
@@ -24,7 +24,6 @@
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- - OS::TripleO::Services::Core
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
@@ -63,7 +62,6 @@
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderVolume
- - OS::TripleO::Services::Core
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index 2203665a..5dd1f0f6 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -18,6 +18,8 @@ resource_registry:
OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ OS::TripleO::Services::FluentdClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/logging/fluentd-client.yaml
+ OS::TripleO::Services::SensuClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/monitoring/sensu-client.yaml
parameter_defaults:
ControllerServices:
@@ -49,6 +51,7 @@ parameter_defaults:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
@@ -62,6 +65,7 @@ parameter_defaults:
- OS::TripleO::Services::CeilometerCollector
- OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentIpmi
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
@@ -79,6 +83,9 @@ parameter_defaults:
- OS::TripleO::Services::Congress
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::SensuClient
+
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
@@ -112,3 +119,17 @@ parameter_defaults:
******************************************************************
CollectdExtraPlugins:
- rrdtool
+ LoggingServers:
+ - host: 127.0.0.1
+ port: 24224
+ MonitoringRabbitHost: 127.0.0.1
+ MonitoringRabbitPort: 5676
+ MonitoringRabbitPassword: sensu
+ TtyValues:
+ - console
+ - tty1
+ - tty2
+ - tty3
+ - tty4
+ - tty5
+ - tty6
diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh
index c86e771c..6f2bb124 100644
--- a/deployed-server/deployed-server-bootstrap-centos.sh
+++ b/deployed-server/deployed-server-bootstrap-centos.sh
@@ -15,3 +15,6 @@ ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
+
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
diff --git a/deployed-server/deployed-server-bootstrap-rhel.sh b/deployed-server/deployed-server-bootstrap-rhel.sh
index 10b4999b..9e9e9b3b 100644
--- a/deployed-server/deployed-server-bootstrap-rhel.sh
+++ b/deployed-server/deployed-server-bootstrap-rhel.sh
@@ -12,3 +12,6 @@ yum install -y \
openstack-selinux
ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
+
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh
index d0cc4dff..28f038ce 100755
--- a/deployed-server/scripts/get-occ-config.sh
+++ b/deployed-server/scripts/get-occ-config.sh
@@ -89,16 +89,16 @@ for role in $OVERCLOUD_ROLES; do
done
echo "======================"
- echo "$role$i os-collect-config.conf configuration:"
+ echo "$role$i deployed-server.json configuration:"
- config="
-[DEFAULT]
-collectors=request
-command=os-refresh-config
-polling_interval=30
-
-[request]
-metadata_url=$deployed_server_metadata_url"
+ config="{
+ \"os-collect-config\": {
+ \"collectors\": [\"request\", \"local\"],
+ \"request\": {
+ \"metadata_url\": \"$deployed_server_metadata_url\"
+ }
+ }
+}"
echo "$config"
echo "======================"
@@ -108,12 +108,11 @@ metadata_url=$deployed_server_metadata_url"
host=
eval host=\${${role}_hosts_a[i]}
if [ -n "$host" ]; then
- # Delete the os-collect-config.conf template so our file won't get
- # overwritten
- ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo /bin/rm -f /usr/libexec/os-apply-config/templates/etc/os-collect-config.conf
- ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo \"$config\" > os-collect-config.conf"
- ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp os-collect-config.conf /etc/os-collect-config.conf
- ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl restart os-collect-config
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo '$config' > deployed-server.json"
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo mkdir -p -m 0700 /var/lib/os-collect-config/local-data/ || true
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp deployed-server.json /var/lib/os-collect-config/local-data/deployed-server.json
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl start os-collect-config
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl enable os-collect-config
fi
let i+=1
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index eb647737..c364d039 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -259,4 +259,13 @@ for p in process_map:
# Fire off processes to perform each configuration. Defaults
# to the number of CPUs on the system.
p = multiprocessing.Pool(process_count)
-p.map(mp_puppet_config, process_map)
+returncodes = list(p.map(mp_puppet_config, process_map))
+config_volumes = [pm[0] for pm in process_map]
+success = True
+for returncode, config_volume in zip(returncodes, config_volumes):
+ if returncode != 0:
+ print('ERROR configuring %s' % config_volume)
+ success = False
+
+if not success:
+ sys.exit(1)
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index ca410d6d..32294958 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -58,29 +58,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-api.json:
- command: /usr/sbin/httpd -DFOREGROUND
- config_files:
- - dest: /etc/aodh/aodh.conf
- owner: aodh
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
- - dest: /etc/httpd/conf.d/10-aodh_wsgi.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-aodh_wsgi.conf
- - dest: /etc/httpd/conf/httpd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- - dest: /etc/httpd/conf/ports.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- - dest: /var/www/cgi-bin/aodh/app
- owner: aodh
- perm: '0644'
- source: /var/lib/kolla/config_files/src/var/www/cgi-bin/aodh/app
+ /var/lib/kolla/config_files/aodh-api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
aodh-init-log:
@@ -97,7 +76,7 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
@@ -110,8 +89,9 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
- - /var/lib/config-data/aodh/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/aodh/var/www/:/var/www/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml
index d3c8c595..1553df3c 100644
--- a/docker/services/aodh-evaluator.yaml
+++ b/docker/services/aodh-evaluator.yaml
@@ -57,13 +57,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-evaluator.json:
- command: /usr/bin/aodh-evaluator
- config_files:
- - dest: /etc/aodh/aodh.conf
- owner: aodh
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ /var/lib/kolla/config_files/aodh-evaluator.json:
+ command: /usr/bin/aodh-evaluator
docker_config:
step_4:
aodh_evaluator:
@@ -73,7 +68,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml
index 7aa9618d..300dfde3 100644
--- a/docker/services/aodh-listener.yaml
+++ b/docker/services/aodh-listener.yaml
@@ -57,13 +57,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-listener.json:
- command: /usr/bin/aodh-listener
- config_files:
- - dest: /etc/aodh/aodh.conf
- owner: aodh
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ /var/lib/kolla/config_files/aodh-listener.json:
+ command: /usr/bin/aodh-listener
docker_config:
step_4:
aodh_listener:
@@ -73,7 +68,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml
index f525d6bd..b4056603 100644
--- a/docker/services/aodh-notifier.yaml
+++ b/docker/services/aodh-notifier.yaml
@@ -57,13 +57,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-notifier.json:
- command: /usr/bin/aodh-notifier
- config_files:
- - dest: /etc/aodh/aodh.conf
- owner: aodh
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ /var/lib/kolla/config_files/aodh-notifier.json:
+ command: /usr/bin/aodh-notifier
docker_config:
step_4:
aodh_notifier:
@@ -73,7 +68,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 15795828..7d2d1a15 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -62,33 +62,19 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/mongodb.json:
command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
- config_files:
- - dest: /etc/mongod.conf
- source: /var/lib/kolla/config_files/src/etc/mongod.conf
- owner: mongodb
- perm: '0600'
- - dest: /etc/mongos.conf
- source: /var/lib/kolla/config_files/src/etc/mongos.conf
- owner: mongodb
- perm: '0600'
+ permissions:
+ - path: /var/lib/mongodb
+ owner: mongodb:mongodb
+ recurse: true
docker_config:
step_2:
- mongodb_data_ownership:
- start_order: 0
- image: *mongodb_image
- net: host
- user: root
- command: ['chown', '-R', 'mongodb:', '/var/lib/mongodb']
- volumes:
- - /var/lib/mongodb:/var/lib/mongodb
mongodb:
- start_order: 1
image: *mongodb_image
net: host
privileged: false
volumes: &mongodb_volumes
- /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/mongodb/etc/:/etc/:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log/kolla
- /var/lib/mongodb:/var/lib/mongodb
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 0ffd0336..cba2070d 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -71,29 +71,14 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/bin/mysqld_safe
- config_files:
- - dest: /etc/mysql/my.cnf
- source: /var/lib/kolla/config_files/src/etc/my.cnf
- owner: mysql
- perm: '0644'
- - dest: /etc/my.cnf.d/galera.cnf
- source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
- owner: mysql
- perm: '0644'
+ permissions:
+ - path: /var/lib/mysql
+ owner: mysql:mysql
+ recurse: true
docker_config:
step_2:
- mysql_data_ownership:
- start_order: 0
- detach: false
- image: *mysql_image
- net: host
- user: root
- # Kolla does only non-recursive chown
- command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
- volumes:
- - /var/lib/mysql:/var/lib/mysql
mysql_bootstrap:
- start_order: 1
+ start_order: 0
detach: false
image: *mysql_image
net: host
@@ -101,7 +86,7 @@ outputs:
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/mysql/etc/:/etc/:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
@@ -122,7 +107,7 @@ outputs:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql:
- start_order: 2
+ start_order: 1
image: *mysql_image
restart: always
net: host
@@ -137,8 +122,8 @@ outputs:
step_config: 'include ::tripleo::profile::base::database::mysql'
config_image: *mysql_image
volumes:
- - "/var/lib/mysql:/var/lib/mysql/:ro"
- - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf
+ - /var/lib/mysql:/var/lib/mysql/:ro
+ - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
host_prep_tasks:
- name: create /var/lib/mysql
file:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index 77e4aa01..fdfdbc68 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -58,17 +58,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/glance-api.json:
- command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
- config_files:
- - dest: /etc/glance/glance-api.conf
- owner: glance
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf
- - dest: /etc/glance/glance-swift.conf
- owner: glance
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf
+ /var/lib/kolla/config_files/glance-api.json:
+ command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
docker_config:
step_3:
glance_api_db_sync:
@@ -78,9 +69,9 @@ outputs:
detach: false
volumes: &glance_volumes
- /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /dev:/dev
- /etc/hosts:/etc/hosts:ro
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index a64d1507..08f4b56b 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -58,29 +58,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-api.json:
- command: /usr/sbin/httpd -DFOREGROUND
- config_files:
- - dest: /etc/gnocchi/gnocchi.conf
- owner: gnocchi
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf
- - dest: /etc/httpd/conf.d/10-gnocchi_wsgi.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-gnocchi_wsgi.conf
- - dest: /etc/httpd/conf/httpd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- - dest: /etc/httpd/conf/ports.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- - dest: /var/www/cgi-bin/gnocchi/app
- owner: gnocchi
- perm: '0644'
- source: /var/lib/kolla/config_files/src/var/www/cgi-bin/gnocchi/app
+ /var/lib/kolla/config_files/gnocchi-api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
gnocchi-init-log:
@@ -97,7 +76,7 @@ outputs:
detach: false
privileged: false
volumes:
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
@@ -110,8 +89,9 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro
- - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 6437e942..6b41eaa3 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -55,13 +55,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-metricd.json:
- command: /usr/bin/gnocchi-metricd
- config_files:
- - dest: /etc/gnocchi/gnocchi.conf
- owner: gnocchi
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf
+ /var/lib/kolla/config_files/gnocchi-metricd.json:
+ command: /usr/bin/gnocchi-metricd
docker_config:
step_4:
gnocchi_metricd:
@@ -71,7 +66,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 32c16521..93b616c4 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -55,13 +55,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-statsd.json:
- command: /usr/bin/gnocchi-statsd
- config_files:
- - dest: /etc/gnocchi/gnocchi.conf
- owner: gnocchi
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf
+ /var/lib/kolla/config_files/gnocchi-statsd.json:
+ command: /usr/bin/gnocchi-statsd
docker_config:
step_4:
gnocchi_statsd:
@@ -71,7 +66,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index 85ad9212..e1226471 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -64,13 +64,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/heat_api_cfn.json:
- command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
- config_files:
- - dest: /etc/heat/heat.conf
- owner: heat
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ /var/lib/kolla/config_files/heat_api_cfn.json:
+ command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
docker_config:
step_4:
heat_api_cfn:
@@ -82,12 +77,12 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev:/dev
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 12884f56..3212d909 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -64,13 +64,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/heat_api.json:
- command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
- config_files:
- - dest: /etc/heat/heat.conf
- owner: heat
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ /var/lib/kolla/config_files/heat_api.json:
+ command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
docker_config:
step_4:
heat_api:
@@ -82,12 +77,12 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev:/dev
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 85a00b1d..83c63095 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -59,13 +59,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
kolla_config:
- /var/lib/kolla/config_files/heat_engine.json:
- command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
- config_files:
- - dest: /etc/heat/heat.conf
- owner: heat
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ /var/lib/kolla/config_files/heat_engine.json:
+ command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
docker_config:
step_3:
heat_engine_db_sync:
@@ -74,7 +69,7 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/heat/etc/heat:/etc/heat:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
command: ['heat-manage', 'db_sync']
@@ -85,11 +80,11 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index 5ae82d46..bef84e2e 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -61,13 +61,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/ironic_api.json:
- command: /usr/bin/ironic-api
- config_files:
- - dest: /etc/ironic/ironic.conf
- owner: ironic
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ /var/lib/kolla/config_files/ironic_api.json:
+ command: /usr/bin/ironic-api
docker_config:
step_3:
ironic_db_sync:
@@ -82,8 +77,6 @@ outputs:
- /var/lib/config-data/ironic/etc/:/etc/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
step_4:
ironic_api:
@@ -94,7 +87,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/ironic/etc/:/etc/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml
index 678b8c27..3047f30b 100644
--- a/docker/services/ironic-conductor.yaml
+++ b/docker/services/ironic-conductor.yaml
@@ -69,20 +69,12 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/ironic_conductor.json:
- command: /usr/bin/ironic-conductor
- config_files:
- - dest: /etc/ironic/ironic.conf
- owner: ironic
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
- permissions:
- - path: /var/lib/ironic/httpboot
- owner: ironic:ironic
- recurse: true
- - path: /var/lib/ironic/tftpboot
- owner: ironic:ironic
- recurse: true
+ /var/lib/kolla/config_files/ironic_conductor.json:
+ command: /usr/bin/ironic-conductor
+ permissions:
+ - path: /var/lib/ironic
+ owner: ironic:ironic
+ recurse: true
docker_config:
step_4:
ironic_conductor:
@@ -96,7 +88,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
index c6607094..51538e73 100644
--- a/docker/services/ironic-pxe.yaml
+++ b/docker/services/ironic-pxe.yaml
@@ -49,52 +49,10 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/ironic_pxe_http.json:
- command: /usr/sbin/httpd -DFOREGROUND
- config_files:
- - dest: /etc/ironic/ironic.conf
- owner: ironic
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
- - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf
- - dest: /etc/httpd/conf/httpd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- - dest: /etc/httpd/conf/ports.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:
- command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
- config_files:
- - dest: /etc/ironic/ironic.conf
- owner: ironic
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
- - dest: /var/lib/ironic/tftpboot/chain.c32
- owner: ironic
- perm: '0744'
- source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32
- - dest: /var/lib/ironic/tftpboot/pxelinux.0
- owner: ironic
- perm: '0744'
- source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0
- - dest: /var/lib/ironic/tftpboot/ipxe.efi
- owner: ironic
- perm: '0744'
- source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi
- - dest: /var/lib/ironic/tftpboot/undionly.kpxe
- owner: ironic
- perm: '0744'
- source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe
- - dest: /var/lib/ironic/tftpboot/map-file
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file
+ /var/lib/kolla/config_files/ironic_pxe_http.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ /var/lib/kolla/config_files/ironic_pxe_tftp.json:
+ command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
docker_config:
step_4:
ironic_pxe_tftp:
@@ -108,11 +66,20 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ # TODO(mandre) check how docker like mounting in a bind-mounted tree
+ # This directory may contain migrated data from BM
+ - /var/lib/ironic:/var/lib/ironic/
+ # These files were generated by puppet inside the config container
+ # TODO(mandre) check the mount permission (ro/rw)
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/log:/dev/log
- - /var/lib/ironic:/var/lib/ironic/
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_pxe_http:
@@ -123,8 +90,8 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
- - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/ironic:/var/lib/ironic/
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 0597b906..90ddeb9f 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -71,8 +71,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
kolla_config:
- /var/lib/kolla/config_files/keystone.json:
- command: /usr/sbin/httpd -DFOREGROUND
+ /var/lib/kolla/config_files/keystone.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
keystone-init-log:
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 4dd3b74c..5b5e1f50 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -61,13 +61,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/mistral_api.json:
- command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
- config_files:
- - dest: /etc/mistral/mistral.conf
- owner: mistral
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ /var/lib/kolla/config_files/mistral_api.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
docker_config:
step_3:
mistral_db_sync:
@@ -83,8 +78,6 @@ outputs:
- /var/lib/config-data/mistral/etc/:/etc/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
mistral_db_populate:
start_order: 2
@@ -96,8 +89,6 @@ outputs:
- /var/lib/config-data/mistral/etc/:/etc/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
@@ -110,7 +101,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml
index db2721bd..feecd5d7 100644
--- a/docker/services/mistral-engine.yaml
+++ b/docker/services/mistral-engine.yaml
@@ -62,13 +62,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/mistral_engine.json:
- command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
- config_files:
- - dest: /etc/mistral/mistral.conf
- owner: mistral
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ /var/lib/kolla/config_files/mistral_engine.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
docker_config:
step_4:
mistral_engine:
@@ -82,7 +77,7 @@ outputs:
volumes:
- /run:/run
- /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
@@ -91,4 +86,3 @@ outputs:
- name: Stop and disable mistral_engine service
tags: step2
service: name=openstack-mistral-engine state=stopped enabled=no
-
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
index d68830ed..45fed7b2 100644
--- a/docker/services/mistral-executor.yaml
+++ b/docker/services/mistral-executor.yaml
@@ -62,13 +62,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/mistral_executor.json:
- command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
- config_files:
- - dest: /etc/mistral/mistral.conf
- owner: mistral
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ /var/lib/kolla/config_files/mistral_executor.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
docker_config:
step_4:
mistral_executor:
@@ -80,11 +75,11 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ - /run:/run
# FIXME: this is required in order for Nova cells
# initialization workflows on the Undercloud. Need to
# exclude this on the overcloud for security reasons.
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index ed03de6c..c5001a30 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -62,17 +62,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron_api.json:
- command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
- config_files:
- - dest: /etc/neutron/neutron.conf
- owner: neutron
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
- - dest: /etc/neutron/plugin.ini
- owner: neutron
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini
+ /var/lib/kolla/config_files/neutron_api.json:
+ command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
docker_config:
step_3:
neutron_db_sync:
@@ -100,7 +91,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index 9be13ad3..03fbf766 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -62,17 +62,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron_dhcp.json:
- command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
- config_files:
- - dest: /etc/neutron/neutron.conf
- owner: neutron
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
- - dest: /etc/neutron/dhcp_agent.ini
- owner: neutron
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini
+ /var/lib/kolla/config_files/neutron_dhcp.json:
+ command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
docker_config:
step_4:
neutron_dhcp:
@@ -86,7 +77,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /lib/modules:/lib/modules:ro
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index db4fa863..0b04b56d 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -59,30 +59,21 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/neutron-l3-agent.json:
- command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
- config_files:
- - dest: /etc/neutron/neutron.conf
- owner: neutron
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
- - dest: /etc/neutron/l3_agent.ini
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/neutron/l3_agent.ini
+ command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
docker_config:
step_4:
neutronl3agent:
image:
list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ]
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ]
net: host
pid: host
privileged: true
restart: always
volumes:
- /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 4102693b..bea08e91 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -55,19 +55,6 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/neutron-openvswitch-agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
- config_files:
- - dest: /etc/neutron/neutron.conf
- owner: neutron
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
- - dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini
- owner: neutron
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/openvswitch_agent.ini
- - dest: /etc/neutron/plugins/ml2/ml2_conf.ini
- owner: neutron
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini
docker_config:
step_4:
neutronovsagent:
@@ -78,7 +65,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index e5c78d6c..4cd48b75 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -62,13 +62,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova_api.json:
- command: /usr/bin/nova-api
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ /var/lib/kolla/config_files/nova_api.json:
+ command: /usr/bin/nova-api
docker_config:
step_3:
nova_api_db_sync:
@@ -129,7 +124,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 957eed7f..eefcb367 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -55,16 +55,7 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
/var/lib/kolla/config_files/nova-compute.json:
- command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
- - dest: /etc/nova/rootwrap.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
+ command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
docker_config:
# FIXME: run discover hosts here
step_4:
@@ -76,7 +67,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /dev:/dev
- /etc/iscsi:/etc/iscsi
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
index f85cf546..b7a1d742 100644
--- a/docker/services/nova-conductor.yaml
+++ b/docker/services/nova-conductor.yaml
@@ -60,13 +60,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova_conductor.json:
- command: /usr/bin/nova-conductor
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ /var/lib/kolla/config_files/nova_conductor.json:
+ command: /usr/bin/nova-conductor
docker_config:
step_4:
nova_conductor:
@@ -78,11 +73,11 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 3d849f59..9941abda 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -58,15 +58,6 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/nova_ironic.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
- - dest: /etc/nova/rootwrap.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
docker_config:
step_5:
novacompute:
@@ -80,7 +71,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /etc/localtime:/etc/localtime:ro
- /run:/run
- /dev:/dev
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 480bb80e..15cee597 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -60,12 +60,7 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/nova-libvirt.json:
- command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
- config_files:
- - dest: /etc/libvirt/libvirtd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/libvirt/libvirtd.conf
+ command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
docker_config:
step_3:
nova_libvirt:
@@ -79,10 +74,10 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro
- - /dev:/dev
+ - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
+ - /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index e49839b5..0c595dc2 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -58,35 +58,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova_placement.json:
- command: /usr/sbin/httpd -DFOREGROUND
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
- - dest: /etc/httpd/conf.d/10-placement_wsgi.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf
- # puppet generates a stubbed out version of the stock one so we
- # copy it in to overwrite the existing one
- - dest: /etc/httpd/conf.d/00-nova-placement-api.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/00-nova-placement-api.conf
- - dest: /etc/httpd/conf/httpd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- - dest: /etc/httpd/conf/ports.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- - dest: /var/www/cgi-bin/nova/nova-placement-api
- owner: nova
- perm: '0644'
- source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api
+ /var/lib/kolla/config_files/nova_placement.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# start this early so it is up before computes start reporting
step_3:
@@ -98,8 +71,9 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro
- - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
index de1199e1..e6f4896b 100644
--- a/docker/services/nova-scheduler.yaml
+++ b/docker/services/nova-scheduler.yaml
@@ -59,13 +59,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova_scheduler.json:
- command: /usr/bin/nova-scheduler
- config_files:
- - dest: /etc/nova/nova.conf
- owner: nova
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ /var/lib/kolla/config_files/nova_scheduler.json:
+ command: /usr/bin/nova-scheduler
docker_config:
step_4:
nova_scheduler:
@@ -77,11 +72,11 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index 32efc5d7..f4f1f7b0 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -58,29 +58,8 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/panko-api.json:
- command: /usr/sbin/httpd -DFOREGROUND
- config_files:
- - dest: /etc/httpd/conf.d/10-panko_wsgi.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-panko_wsgi.conf
- - dest: /etc/httpd/conf/httpd.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- - dest: /etc/httpd/conf/ports.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- - dest: /etc/panko/panko.conf
- owner: panko
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/panko/panko.conf
- - dest: /var/www/cgi-bin/panko/app
- owner: panko
- perm: '0644'
- source: /var/lib/kolla/config_files/src/var/www/cgi-bin/panko/app
+ /var/lib/kolla/config_files/panko-api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
panko-init-log:
@@ -111,8 +90,9 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/panko/:/var/lib/kolla/config_files/src:ro
- - /var/lib/config-data/panko/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
+ - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/panko/var/www/:/var/www/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 341ec3de..9d5a52a6 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -61,23 +61,6 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/lib/rabbitmq/bin/rabbitmq-server
- config_files:
- - dest: /etc/rabbitmq/rabbitmq.config
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config
- - dest: /etc/rabbitmq/enabled_plugins
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins
- - dest: /etc/rabbitmq/rabbitmq-env.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf
- - dest: /etc/rabbitmq/rabbitmqadmin.conf
- owner: root
- perm: '0644'
- source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf
docker_config:
step_1:
rabbitmq_bootstrap:
@@ -87,7 +70,7 @@ outputs:
privileged: false
volumes:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
@@ -113,7 +96,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index 0d7cd7b9..e60aca12 100644
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -64,10 +64,10 @@ outputs:
net: host
user: swift
restart: always
- # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime?
volumes:
- /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro
+ # FIXME I'm mounting /etc/swift as rw. Are the rings written to
+ # at all during runtime?
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 301ef69b..cccddb46 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -115,7 +115,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -131,7 +130,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -146,7 +144,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -161,7 +158,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -179,7 +175,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -194,7 +189,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -209,7 +203,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -224,7 +217,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -242,7 +234,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -257,7 +248,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -272,7 +262,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -287,7 +276,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -302,7 +290,6 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 3ec819e0..21aff31a 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -57,22 +57,8 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
- config_files:
- - dest: /etc/zaqar/zaqar.conf
- owner: zaqar
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
- config_files:
- - dest: /etc/zaqar/zaqar.conf
- owner: zaqar
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
- - dest: /etc/zaqar/1.conf
- owner: zaqar
- perm: '0640'
- source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf
docker_config:
step_4:
zaqar:
@@ -82,7 +68,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
@@ -94,7 +80,7 @@ outputs:
restart: always
volumes:
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
environment:
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 8f74ec35..f1c90e2d 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -13,6 +13,7 @@ parameter_defaults:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Kernel
@@ -32,3 +33,4 @@ parameter_defaults:
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Docker
diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml
deleted file mode 100644
index 4283b212..00000000
--- a/environments/major-upgrade-all-in-one.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resource_registry:
- OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
diff --git a/environments/neutron-bgpvpn.yaml b/environments/neutron-bgpvpn.yaml
index dc6c1454..58157dfa 100644
--- a/environments/neutron-bgpvpn.yaml
+++ b/environments/neutron-bgpvpn.yaml
@@ -9,7 +9,7 @@
# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
# - Nuage: BGPVPN:Nuage:nuage_neutron.bgpvpn.services.service_drivers.driver.NuageBGPVPNDriver:default
resource_registry:
- OS::TripleO::Services::NeutronBgpvpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
+ OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
parameter_defaults:
NeutronServicePlugins: 'networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
diff --git a/environments/neutron-l2gw-api.yaml b/environments/neutron-l2gw-api.yaml
new file mode 100644
index 00000000..09894671
--- /dev/null
+++ b/environments/neutron-l2gw-api.yaml
@@ -0,0 +1,20 @@
+# A Heat environment file that can be used to deploy Neutron L2 Gateway service
+#
+# Currently there are only two service provider for Neutron L2 Gateway
+# The default option is a dummy driver that allows to enable the API.
+# In order to enable other backend, replace the content of L2gwServiceProvider
+#
+# - L2 gateway agent: L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default
+# - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+resource_registry:
+ OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
+ L2gwServiceProvider: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+
+ # Optional
+ # L2gwServiceDefaultInterfaceName:
+ # L2gwServiceDefaultDeviceName:
+ # L2gwServiceQuotaL2Gateway:
+ # L2gwServicePeriodicMonitoringInterval:
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index 74899246..601554a1 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -10,7 +10,6 @@ resource_registry:
OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
parameter_defaults:
- NeutronNuageOSControllerIp: '0.0.0.0'
NeutronNuageNetPartitionName: 'default_name'
NeutronNuageVSDIp: '0.0.0.0:0'
NeutronNuageVSDUsername: 'username'
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
index ed7292b7..4644725d 100644
--- a/environments/neutron-opendaylight.yaml
+++ b/environments/neutron-opendaylight.yaml
@@ -3,6 +3,7 @@ resource_registry:
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml
OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
diff --git a/environments/securetty.yaml b/environments/securetty.yaml
new file mode 100644
index 00000000..cdadf376
--- /dev/null
+++ b/environments/securetty.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+ OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml
+
+parameter_defaults:
+ TtyValues:
+ - console
+ - tty1
+ - tty2
+ - tty3
+ - tty4
+ - tty5
+ - tty6
diff --git a/environments/services/ceilometer-api.yaml b/environments/services/ceilometer-api.yaml
new file mode 100644
index 00000000..1e37e73b
--- /dev/null
+++ b/environments/services/ceilometer-api.yaml
@@ -0,0 +1,6 @@
+resource_registry:
+ OS::TripleO::Services::CeilometerApi: ../../puppet/services/ceilometer-api.yaml
+
+parameter_defaults:
+ CeilometerApiEndpoint: true
+
diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml
deleted file mode 100644
index 94cd8d5d..00000000
--- a/environments/services/disable-ceilometer-api.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resource_registry:
- OS::TripleO::Services::CeilometerApi: OS::Heat::None
diff --git a/environments/services/keystone_domain_specific_ldap_backend.yaml b/environments/services/keystone_domain_specific_ldap_backend.yaml
new file mode 100644
index 00000000..40b02fc5
--- /dev/null
+++ b/environments/services/keystone_domain_specific_ldap_backend.yaml
@@ -0,0 +1,18 @@
+# This is an example template on how to configure keystone domain specific LDAP
+# backends. This will configure a domain called tripleoldap will the attributes
+# specified.
+parameter_defaults:
+ KeystoneLDAPDomainEnable: true
+ KeystoneLDAPBackendConfigs:
+ tripleoldap:
+ url: ldap://192.0.2.250
+ user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com
+ password: Secrete
+ suffix: dc=tripleo,dc=example,dc=com
+ user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com
+ user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
+ user_objectclass: person
+ user_id_attribute: cn
+ user_allow_create: false
+ user_allow_update: false
+ user_allow_delete: false
diff --git a/environments/services/qdr.yaml b/environments/services/qdr.yaml
new file mode 100644
index 00000000..e4ad87bd
--- /dev/null
+++ b/environments/services/qdr.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Qdr: ../../puppet/services/qdr.yaml
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index 0d0fa3f1..d14ed73f 100644
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -240,7 +240,6 @@ case "${REG_METHOD:-}" in
retry subscription-manager $repos
retry yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
- retry subscription-manager repos --disable ${satellite_repo}
else
pushd /usr/share/rhn/
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh
index aae4a2de..4480f74d 100755
--- a/extraconfig/tasks/pacemaker_common_functions.sh
+++ b/extraconfig/tasks/pacemaker_common_functions.sh
@@ -299,9 +299,10 @@ function systemctl_swift {
}
# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205
+# Update condition and add --notriggerun for +bug/1669714
function special_case_ovs_upgrade_if_needed {
- if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then
- echo "Manual upgrade of openvswitch - restart in postun detected"
+ if rpm -qa | grep "^openvswitch-2.5.0-14" || rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart" ; then
+ echo "Manual upgrade of openvswitch - ovs-2.5.0-14 or restart in postun detected"
rm -rf OVS_UPGRADE
mkdir OVS_UPGRADE && pushd OVS_UPGRADE
echo "Attempting to downloading latest openvswitch with yumdownloader"
@@ -310,8 +311,8 @@ function special_case_ovs_upgrade_if_needed {
if rpm -U --test $pkg 2>&1 | grep "already installed" ; then
echo "Looks like newer version of $pkg is already installed, skipping"
else
- echo "Updating $pkg with nopostun option"
- rpm -U --replacepkgs --nopostun $pkg
+ echo "Updating $pkg with --nopostun --notriggerun"
+ rpm -U --replacepkgs --nopostun --notriggerun $pkg
fi
done
popd
diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh
index 24211ab0..a5a312dc 100644
--- a/extraconfig/tasks/tripleo_upgrade_node.sh
+++ b/extraconfig/tasks/tripleo_upgrade_node.sh
@@ -28,12 +28,15 @@ SCRIPT_NAME=$(basename $0)
$(declare -f log_debug)
$(declare -f manage_systemd_service)
$(declare -f systemctl_swift)
+$(declare -f special_case_ovs_upgrade_if_needed)
# pin nova messaging +-1 for the nova-compute service
if [[ -n \$NOVA_COMPUTE ]]; then
crudini --set /etc/nova/nova.conf upgrade_levels compute auto
fi
+special_case_ovs_upgrade_if_needed
+
if [[ -n \$SWIFT_STORAGE ]]; then
systemctl_swift stop
fi
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index d3d38114..ad368278 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -70,6 +70,9 @@ if [[ "$pacemaker_status" == "active" && \
fi
fi
+# special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714
+special_case_ovs_upgrade_if_needed
+
if [[ "$pacemaker_status" == "active" ]] ; then
echo "Pacemaker running, stopping cluster node and doing full package update"
node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*")
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index 277bd676..c92ce377 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -225,7 +225,6 @@ Keystone:
net_param: KeystonePublicApi
uri_suffixes:
'': /v2.0
- EC2: /v2.0/ec2tokens
V3: /v3
names:
EC2: KeystoneEC2
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index fecac0af..b4fcbb17 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -6012,88 +6012,6 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneAdmin, port]
- KeystoneEC2:
- host:
- str_replace:
- template:
- get_param: [EndpointMap, KeystoneInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- template: NETWORK_uri
- host_nobrackets:
- str_replace:
- template:
- get_param: [EndpointMap, KeystoneInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- port:
- get_param: [EndpointMap, KeystoneInternal, port]
- protocol:
- get_param: [EndpointMap, KeystoneInternal, protocol]
- uri:
- list_join:
- - ''
- - - get_param: [EndpointMap, KeystoneInternal, protocol]
- - ://
- - str_replace:
- template:
- get_param: [EndpointMap, KeystoneInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- template: NETWORK_uri
- - ':'
- - get_param: [EndpointMap, KeystoneInternal, port]
- - /v2.0/ec2tokens
- uri_no_suffix:
- list_join:
- - ''
- - - get_param: [EndpointMap, KeystoneInternal, protocol]
- - ://
- - str_replace:
- template:
- get_param: [EndpointMap, KeystoneInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, KeystonePublicApiNetwork]
- template: NETWORK_uri
- - ':'
- - get_param: [EndpointMap, KeystoneInternal, port]
KeystoneInternal:
host:
str_replace:
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index a1042ebb..7fb9420c 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -67,6 +67,7 @@ parameters:
HorizonNetwork: internal_api
MemcachedNetwork: internal_api
RabbitmqNetwork: internal_api
+ QdrNetwork: internal_api
RedisNetwork: internal_api
MysqlNetwork: internal_api
CephClusterNetwork: storage_mgmt
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index b294d7cb..689d6396 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -143,8 +143,9 @@ resource_registry:
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
- OS::TripleO::Services::NeutronBgpvpnApi: OS::Heat::None
+ OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
+ OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
@@ -168,6 +169,7 @@ resource_registry:
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
+ OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
@@ -176,6 +178,7 @@ resource_registry:
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
OS::TripleO::Services::Sshd: OS::Heat::None
+ OS::TripleO::Services::Securetty: OS::Heat::None
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
@@ -200,6 +203,7 @@ resource_registry:
OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
+ OS::TripleO::Services::CeilometerAgentIpmi: puppet/services/ceilometer-agent-ipmi.yaml
OS::TripleO::Services::Horizon: puppet/services/horizon.yaml
#Gnocchi services
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index cb240022..a322a445 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -406,7 +406,7 @@ resources:
-
{% for role in roles %}
- list_join:
- - "\n"
+ - ""
- {get_attr: [{{role.name}}, hosts_entry]}
{% endfor %}
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index 5aba90e8..c0a0778c 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -32,20 +32,6 @@ parameters:
type: string
hidden: true
-conditions:
- # Conditions to disable any steps where the task list is empty
-{%- for role in roles %}
- {{role.name}}UpgradeBatchConfigEnabled:
- not:
- equals:
- - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
- - []
- {{role.name}}UpgradeConfigEnabled:
- not:
- equals:
- - {get_param: [role_data, {{role.name}}, upgrade_tasks]}
- - []
-{%- endfor %}
resources:
@@ -103,12 +89,11 @@ resources:
{{role.name}}UpgradeBatchConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
{%- if step > 0 %}
- condition: {{role.name}}UpgradeBatchConfigEnabled
- {% if role.name in enabled_roles %}
+ {%- if role in enabled_roles %}
depends_on:
- {{role.name}}UpgradeBatch_Step{{step -1}}
{%- endif %}
- {% else %}
+ {%- else %}
{% for role in roles if role.disable_upgrade_deployment|default(false) %}
{% if deliver_script.update({'deliver': True}) %} {% endif %}
{% endfor %}
@@ -128,13 +113,11 @@ resources:
{%- for role in enabled_roles %}
{{role.name}}UpgradeBatch_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
- condition: {{role.name}}UpgradeBatchConfigEnabled
{%- if step > 0 %}
depends_on:
- - {{role.name}}UpgradeBatch_Step{{step -1}}
- {% else %}
- depends_on:
- - {{role.name}}UpgradeBatchConfig_Step{{step}}
+ {%- for role_inside in enabled_roles %}
+ - {{role_inside.name}}UpgradeBatch_Step{{step -1}}
+ {%- endfor %}
{%- endif %}
update_policy:
batch_create:
@@ -188,11 +171,10 @@ resources:
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
{%- if step > 0 %}
- condition: {{role.name}}UpgradeConfigEnabled
- {% if role.name in enabled_roles %}
+ {%- if role in enabled_roles %}
depends_on:
- {{role.name}}Upgrade_Step{{step -1}}
- {% endif %}
+ {%- endif %}
{%- endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
@@ -204,9 +186,18 @@ resources:
{{role.name}}Upgrade_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
{%- if step > 0 %}
- condition: {{role.name}}UpgradeConfigEnabled
+ # Make sure we wait that all roles have finished their own
+ # previous step before going to the next, so we can guarantee
+ # state for each steps.
depends_on:
- - {{role.name}}Upgrade_Step{{step -1}}
+ {%- for role_inside in enabled_roles %}
+ - {{role_inside.name}}Upgrade_Step{{step -1}}
+ {%- endfor %}
+ {%- else %}
+ depends_on:
+ {%- for role_inside in enabled_roles %}
+ - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
+ {%- endfor %}
{%- endif %}
properties:
name: {{role.name}}Upgrade_Step{{step}}
diff --git a/puppet/services/ceilometer-agent-ipmi.yaml b/puppet/services/ceilometer-agent-ipmi.yaml
new file mode 100644
index 00000000..26647dfd
--- /dev/null
+++ b/puppet/services/ceilometer-agent-ipmi.yaml
@@ -0,0 +1,77 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Ceilometer Ipmi Agent service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
+ MonitoringSubscriptionCeilometerIpmi:
+ default: 'overcloud-ceilometer-agent-ipmi'
+ type: string
+ CeilometerAgentIpmiLoggingSource:
+ type: json
+ default:
+ tag: openstack.ceilometer.agent.ipmi
+ path: /var/log/ceilometer/ipmi.log
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Agent Ipmi role.
+ value:
+ service_name: ceilometer_agent_ipmi
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerIpmi}
+ logging_source: {get_param: CeilometerAgentIpmiLoggingSource}
+ logging_groups:
+ - ceilometer
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer_redis_password: {get_param: RedisPassword}
+ ipmi_namespace: true
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::agent::polling
+ upgrade_tasks:
+ - name: Check if ceilometer-agent-ipmi is deployed
+ command: systemctl is-enabled openstack-ceilometer-ipmi
+ tags: common
+ ignore_errors: True
+ register: ceilometer_ipmi_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-ceilometer-ipmi is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-ceilometer-ipmi' --property ActiveState |
+ grep '\bactive\b'
+ when: ceilometer_ipmi_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop openstack-ceilometer-ipmi service
+ tags: step1
+ when: ceilometer_ipmi_enabled.rc == 0
+ service: name=openstack-ceilometer-ipmi state=stopped
+ - name: Install openstack-ceilometer-ipmi package if it was disabled
+ tags: step3
+ yum: name=openstack-ceilometer-ipmi state=latest
+ when: ceilometer_ipmi_enabled.rc != 0
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index a6fd304c..e1613720 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -76,6 +76,11 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ CeilometerApiEndpoint:
+ default: false
+ description: Whether to create or skip API endpoint. Set this to
+ false, if you choose to disable Ceilometer API service.
+ type: boolean
outputs:
role_data:
@@ -83,6 +88,7 @@ outputs:
value:
service_name: ceilometer_base
config_settings:
+ ceilometer_auth_enabled: true
ceilometer::debug: {get_param: Debug}
ceilometer::db::database_connection:
list_join:
@@ -133,6 +139,7 @@ outputs:
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
ceilometer::keystone::auth::tenant: 'service'
+ ceilometer::keystone::auth::configure_endpoint: {get_param: CeilometerApiEndpoint}
mysql:
ceilometer::db::mysql::password: {get_param: CeilometerPassword}
ceilometer::db::mysql::user: ceilometer
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index 1d9eecb1..5f6b5657 100644
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -79,6 +79,7 @@ outputs:
congress::rabbit_port: {get_param: RabbitClientPort}
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
+ congress::keystone::authtoken::password: {get_param: CongressPassword}
congress::keystone::authtoken::project_name: 'service'
congress::keystone::authtoken::user_domain_name: 'Default'
congress::keystone::authtoken::project_domain_name: 'Default'
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 63ec4446..50597216 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -19,6 +19,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MongodbMemoryLimit:
+ default: '20G'
+ description: Limit the amount of memory mongodb uses with systemd.
+ type: string
MongoDbLoggingSource:
type: json
description: Fluentd logging configuration for mongodb.
@@ -49,6 +53,7 @@ outputs:
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
+ tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit}
mongodb::server::service_manage: True
tripleo.mongodb.firewall_rules:
'101 mongodb_config':
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
index eef2a76f..d1adefe5 100644
--- a/puppet/services/ec2-api.yaml
+++ b/puppet/services/ec2-api.yaml
@@ -98,6 +98,11 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ec2_api'
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+ ec2api::api::keystone_ec2_tokens_url:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
+ - '/ec2tokens'
-
if:
- nova_workers_zero
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index a166f3a7..98dac4c9 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -112,7 +112,11 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
- heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
+ heat::keystone_ec2_uri:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
+ - '/ec2tokens'
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::engine::auth_encryption_key:
yaql:
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 7ae518b5..8fb13c16 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -40,6 +40,10 @@ parameters:
type: string
hidden: true
default: ''
+ HorizonSecureCookies:
+ description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
+ type: boolean
+ default: true
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
@@ -88,6 +92,7 @@ outputs:
passwords:
- {get_param: HorizonSecret}
- {get_param: [DefaultPasswords, horizon_secret]}
+ horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
-
if:
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 56e1a90b..be910d10 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -32,6 +32,15 @@ parameters:
created yet) and should be changed to an actual UUID in
a post-deployment stack update.
type: string
+ IronicDefaultNetworkInterface:
+ default: 'flat'
+ description: Network interface implementation to use by default.
+ Set to "flat" (the default) to use one flat provider network.
+ Set to "neutron" to make Ironic interact with the Neutron
+ ML2 driver to enable other network types and certain
+ advances networking features. Requires
+ IronicProvisioningNetwork to be correctly set.
+ type: string
IronicEnabledDrivers:
default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
description: Enabled Ironic drivers
@@ -48,6 +57,15 @@ parameters:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
+ IronicProvisioningNetwork:
+ default: 'provisioning'
+ description: Name or UUID of the *overcloud* network used for provisioning
+ of bare metal nodes, if IronicDefaultNetworkInterface is
+ set to "neutron". The default value of "provisioning" can be
+ left during the initial deployment (when no networks are
+ created yet) and should be changed to an actual UUID in
+ a post-deployment stack update.
+ type: string
MonitoringSubscriptionIronicConductor:
default: 'overcloud-ironic-conductor'
type: string
@@ -72,6 +90,7 @@ outputs:
- ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
+ ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
@@ -93,6 +112,8 @@ outputs:
# NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
+ ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
+ ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
tripleo.ironic_conductor.firewall_rules:
'134 ironic conductor TFTP':
dport: 69
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index ee4c771f..94b15d4b 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -31,7 +31,7 @@ outputs:
config_settings:
kernel_modules:
nf_conntrack: {}
- ip_conntrack_proto_sctp: {}
+ nf_conntrack_proto_sctp: {}
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
@@ -39,6 +39,20 @@ outputs:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
+ net.ipv4.conf.default.send_redirects:
+ value: 0
+ net.ipv4.conf.all.send_redirects:
+ value: 0
+ net.ipv4.conf.default.accept_redirects:
+ value: 0
+ net.ipv4.conf.default.secure_redirects:
+ value: 0
+ net.ipv4.conf.all.secure_redirects:
+ value: 0
+ net.ipv4.conf.default.log_martians:
+ value: 1
+ net.ipv4.conf.all.log_martians:
+ value: 1
net.nf_conntrack_max:
value: 500000
net.netfilter.nf_conntrack_max:
@@ -52,11 +66,17 @@ outputs:
value: 0
net.ipv6.conf.default.autoconf:
value: 0
+ net.ipv6.conf.default.accept_redirects:
+ value: 0
+ net.ipv6.conf.all.accept_redirects:
+ value: 0
net.core.netdev_max_backlog:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
+ fs.suid_dumpable:
+ value: 0
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 0976b97c..632d9b0b 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -164,6 +164,16 @@ parameters:
e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ KeystoneLDAPDomainEnable:
+ description: Trigger to call ldap_backend puppet keystone define.
+ type: boolean
+ default: False
+ KeystoneLDAPBackendConfigs:
+ description: Hash containing the configurations for the LDAP backends
+ configured in keystone.
+ type: json
+ default: {}
+ hidden: true
resources:
@@ -177,6 +187,7 @@ resources:
conditions:
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+ keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
outputs:
role_data:
@@ -300,6 +311,15 @@ outputs:
keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
+ -
+ if:
+ - keystone_ldap_domain_enabled
+ -
+ tripleo::profile::base::keystone::ldap_backend_enable: True
+ keystone::using_domain_config: True
+ tripleo::profile::base::keystone::ldap_backends_config:
+ get_param: KeystoneLDAPBackendConfigs
+ - {}
step_config: |
include ::tripleo::profile::base::keystone
@@ -312,6 +332,13 @@ outputs:
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ horizon:
+ if:
+ - keystone_ldap_domain_enabled
+ -
+ horizon::keystone_multidomain_support: true
+ horizon::keystone_default_domain: 'Default'
+ - {}
# Ansible tasks to handle upgrade
upgrade_tasks:
- name: Stop keystone service (running under httpd)
diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
index e1030346..d5c21694 100644
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@@ -74,7 +74,11 @@ outputs:
mistral::keystone_password: {get_param: MistralPassword}
mistral::keystone_tenant: 'service'
mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
+ mistral::keystone_ec2_uri:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
+ - '/ec2tokens'
mistral::identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
service_config_settings:
keystone:
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 5ed54f31..9f605062 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -22,6 +22,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ DatabaseSyncTimeout:
+ default: 300
+ description: DB Sync Timeout default
+ type: number
NeutronDhcpAgentsPerNetwork:
type: number
default: 0
@@ -95,6 +99,7 @@ outputs:
neutron::host: '%{::fqdn}'
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
+ neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
- if:
- dhcp_agents_zero
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 04431e28..ea717690 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -22,6 +22,10 @@ parameters:
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
+ NuageMetadataPort:
+ description: TCP Port to listen for metadata server requests
+ type: string
+ default: '9697'
outputs:
role_data:
@@ -32,5 +36,11 @@ outputs:
tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+ tripleo.neutron_compute_plugin_nuage.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '100 metadata agent':
+ dport: {get_param: NuageMetadataPort}
step_config: |
include ::tripleo::profile::base::neutron::agents::nuage
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml
index e3a4da99..0dca29ab 100644
--- a/puppet/services/neutron-compute-plugin-ovn.yaml
+++ b/puppet/services/neutron-compute-plugin-ovn.yaml
@@ -48,6 +48,7 @@ outputs:
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
+ nova::compute::force_config_drive: true
tripleo.neutron_compute_plugin_ovn.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
diff --git a/puppet/services/neutron-l2gw-api.yaml b/puppet/services/neutron-l2gw-api.yaml
new file mode 100644
index 00000000..b6f0d281
--- /dev/null
+++ b/puppet/services/neutron-l2gw-api.yaml
@@ -0,0 +1,54 @@
+heat_template_version: ocata
+
+description: >
+ L2 Gateway service plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ L2gwServiceDefaultInterfaceName:
+ default: 'FortyGigE1/0/1'
+ description: default interface name of the L2 gateway
+ type: string
+ L2gwServiceDefaultDeviceName:
+ default: 'Switch1'
+ description: default device name of the L2 gateway
+ type: string
+ L2gwServiceQuotaL2Gateway:
+ default: 5
+ description: quota of the L2 gateway
+ type: number
+ L2gwServicePeriodicMonitoringInterval:
+ default: 5
+ description: The periodic interval at which the plugin
+ type: number
+ L2gwServiceProvider:
+ default: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+ description: Backend to use as a service provider for L2 Gateway
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Role data for the L2 Gateway role.
+ value:
+ service_name: neutron_l2gw_api
+ config_settings:
+ neutron::services::l2gw::default_interface_name: {get_param: L2gwServiceDefaultInterfaceName}
+ neutron::services::l2gw::default_device_name: {get_param: L2gwServiceDefaultDeviceName}
+ neutron::services::l2gw::quota_l2_gateway: {get_param: L2gwServiceQuotaL2Gateway}
+ neutron::services::l2gw::periodic_monitoring_interval: {get_param: L2gwServicePeriodicMonitoringInterval}
+ neutron::services::l2gw::service_providers: {get_param: L2gwServiceProvider}
+ step_config: |
+ include tripleo::profile::base::neutron::l2gw
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 01471ba2..ef2485d4 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -82,6 +82,9 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ OpenVswitchUpgrade:
+ type: ./openvswitch-upgrade.yaml
+
outputs:
role_data:
description: Role data for the Neutron OVS agent service.
@@ -121,16 +124,22 @@ outputs:
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
- - name: Check if neutron_ovs_agent is deployed
- command: systemctl is-enabled neutron-openvswitch-agent
- tags: common
- ignore_errors: True
- register: neutron_ovs_agent_enabled
- - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
- shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
- when: neutron_ovs_agent_enabled.rc == 0
- tags: step0,validation
- - name: Stop neutron_ovs_agent service
- tags: step1
- when: neutron_ovs_agent_enabled.rc == 0
- service: name=neutron-openvswitch-agent state=stopped
+ yaql:
+ expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade
+ data:
+ ovs_upgrade:
+ get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
+ neutron_ovs_upgrade:
+ - name: Check if neutron_ovs_agent is deployed
+ command: systemctl is-enabled neutron-openvswitch-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_ovs_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_ovs_agent_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop neutron_ovs_agent service
+ tags: step1
+ when: neutron_ovs_agent_enabled.rc == 0
+ service: name=neutron-openvswitch-agent state=stopped
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
index 2c7ab57c..80516fe6 100644
--- a/puppet/services/neutron-ovs-dpdk-agent.yaml
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -62,6 +62,9 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ OpenVswitchUpgrade:
+ type: ./openvswitch-upgrade.yaml
+
outputs:
role_data:
description: Role data for the Neutron OVS DPDK Agent service.
@@ -82,3 +85,5 @@ outputs:
vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
+ upgrade_tasks:
+ get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml
new file mode 100644
index 00000000..acacadfa
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-odl.yaml
@@ -0,0 +1,45 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OpenDaylightPortBindingController:
+ description: OpenDaylight port binding controller
+ type: string
+ default: 'network-topology'
+
+resources:
+
+ NeutronMl2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/ODL plugin.
+ value:
+ service_name: neutron_plugin_ml2_odl
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMl2Base, role_data, config_settings]
+ - neutron::plugins::ml2::opendaylight::port_binding_controller: {get_param: OpenDaylightPortBindingController}
+ step_config: |
+ include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index e09cd704..6229a3f1 100644
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -19,10 +19,6 @@ parameters:
via parameter_defaults in the resource registry.
type: json
# Config specific parameters, to be provided via parameter_defaults
- NeutronNuageOSControllerIp:
- description: IP address of the OpenStack Controller
- type: string
-
NeutronNuageNetPartitionName:
description: Specifies the title that you will see on the VSD
type: string
@@ -76,8 +72,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
- neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ - neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 7b568e9e..9e7f0145 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -52,6 +52,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ DatabaseSyncTimeout:
+ default: 300
+ description: DB Sync Timeout default
+ type: number
Debug:
type: string
default: ''
@@ -198,6 +202,8 @@ outputs:
nova::network::neutron::neutron_auth_type: 'v3password'
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
+ nova::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
+ nova::db::sync_api::db_sync_timeout: {get_param: DatabaseSyncTimeout}
nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
nova::use_ipv6: {get_param: NovaIPv6}
nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 5cf416f3..ed572b4d 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -48,6 +48,10 @@ parameters:
default: {}
type: json
+resources:
+ OpenVswitchUpgrade:
+ type: ./openvswitch-upgrade.yaml
+
outputs:
role_data:
description: Role data for the OpenDaylight service.
@@ -70,16 +74,22 @@ outputs:
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
- - name: Check if openvswitch is deployed
- command: systemctl is-enabled openvswitch
- tags: common
- ignore_errors: True
- register: openvswitch_enabled
- - name: "PreUpgrade step0,validation: Check service openvswitch is running"
- shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
- when: openvswitch_enabled.rc == 0
- tags: step0,validation
- - name: Stop openvswitch service
- tags: step1
- when: openvswitch_enabled.rc == 0
- service: name=openvswitch state=stopped
+ yaql:
+ expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade
+ data:
+ ovs_upgrade:
+ get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
+ opendaylight_upgrade:
+ - name: Check if openvswitch is deployed
+ command: systemctl is-enabled openvswitch
+ tags: common
+ ignore_errors: True
+ register: openvswitch_enabled
+ - name: "PreUpgrade step0,validation: Check service openvswitch is running"
+ shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
+ when: openvswitch_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop openvswitch service
+ tags: step1
+ when: openvswitch_enabled.rc == 0
+ service: name=openvswitch state=stopped
diff --git a/puppet/services/openvswitch-upgrade.yaml b/puppet/services/openvswitch-upgrade.yaml
new file mode 100644
index 00000000..fea1ba96
--- /dev/null
+++ b/puppet/services/openvswitch-upgrade.yaml
@@ -0,0 +1,50 @@
+heat_template_version: ocata
+
+description: >
+ Openvswitch package special handling for upgrade.
+
+outputs:
+ role_data:
+ description: Upgrade task for special handling of Openvswitch (OVS) upgrade.
+ value:
+ service_name: openvswitch_upgrade
+ upgrade_tasks:
+ - name: Check openvswitch version.
+ tags: step2
+ register: ovs_version
+ ignore_errors: true
+ shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}'
+ - name: Check openvswitch packaging.
+ tags: step2
+ shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart"
+ register: ovs_packaging_issue
+ ignore_errors: true
+ - block:
+ - name: "Ensure empty directory: emptying."
+ file:
+ state: absent
+ path: /root/OVS_UPGRADE
+ - name: "Ensure empty directory: creating."
+ file:
+ state: directory
+ path: /root/OVS_UPGRADE
+ owner: root
+ group: root
+ mode: 0750
+ - name: Download OVS packages.
+ command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch
+ - name: Get rpm list for manual upgrade of OVS.
+ shell: ls -1 /root/OVS_UPGRADE/*.rpm
+ register: ovs_list_of_rpms
+ - name: Manual upgrade of OVS
+ shell: |
+ rpm -U --test {{item}} 2>&1 | grep "already installed" || \
+ rpm -U --replacepkgs --notriggerun --nopostun {{item}};
+ args:
+ chdir: /root/OVS_UPGRADE
+ with_items:
+ - "{{ovs_list_of_rpms.stdout_lines}}"
+ tags: step2
+ when: "'2.5.0-14' in '{{ovs_version.stdout}}'
+ or
+ ovs_packaging_issue|succeeded"
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
index 7f81afde..6b8be77c 100644
--- a/puppet/services/ovn-dbs.yaml
+++ b/puppet/services/ovn-dbs.yaml
@@ -36,5 +36,11 @@ outputs:
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
+ tripleo.ovn_dbs.firewall_rules:
+ '121 OVN DB server ports':
+ proto: 'tcp'
+ dport:
+ - {get_param: OVNNorthboundServerPort}
+ - {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 762d0092..28fcbd6f 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -87,10 +87,16 @@ parameters:
\[(?<pid>[^ ]*)\]
(?<host>[^ ]*)
(?<message>.*)$/
+
+ EnableLoadBalancer:
+ default: true
+ description: Whether to deploy a LoadBalancer on the Controller
+ type: boolean
+
PacemakerResources:
type: comma_delimited_list
description: List of resources managed by pacemaker
- default: ['rabbitmq','haproxy','galera']
+ default: ['rabbitmq', 'galera']
outputs:
role_data:
@@ -147,3 +153,9 @@ outputs:
resource: "{{ item }}"
max_wait: 500
with_items: {get_param: PacemakerResources}
+ - name: Check pacemaker haproxy resource
+ tags: step4
+ pacemaker_is_active:
+ resource: haproxy
+ max_wait: 500
+ when: {get_param: EnableLoadBalancer}
diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml
new file mode 100644
index 00000000..f8746cec
--- /dev/null
+++ b/puppet/services/qdr.yaml
@@ -0,0 +1,60 @@
+heat_template_version: ocata
+
+description: >
+ Qpid dispatch router service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RabbitUserName:
+ default: guest
+ description: The username for Qdr
+ type: string
+ RabbitPassword:
+ description: The password for Qdr
+ type: string
+ hidden: true
+ RabbitClientPort:
+ description: Listening port for Qdr
+ default: 5672
+ type: number
+ MonitoringSubscriptionQdr:
+ default: 'overcloud-qdr'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Qdr role.
+ value:
+ service_name: rabbitmq
+ monitoring_subscription: {get_param: MonitoringSubscriptionQdr}
+ global_config_settings:
+ messaging_notify_service_name: 'amqp'
+ messaging_rpc_service_name: 'amqp'
+ keystone::messaging::amqp::amqp_pre_settled: 'notify'
+ config_settings:
+ tripleo.rabbitmq.firewall_rules:
+ '109 qdr':
+ dport:
+ - {get_param: RabbitClientPort}
+ qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
+ # cannot pass qdr::listener_port directly because it needs to be a string
+ # we do the conversion in the puppet layer
+ tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}
+ tripleo::profile::base::qdr::qdr_username: {get_param: RabbitUserName}
+ tripleo::profile::base::qdr::qdr_password: {get_param: RabbitPassword}
+
+ step_config: |
+ include ::tripleo::profile::base::qdr
diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml
new file mode 100644
index 00000000..6d32fe82
--- /dev/null
+++ b/puppet/services/securetty.yaml
@@ -0,0 +1,36 @@
+heat_template_version: ocata
+
+description: >
+ Configure securetty values
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ TtyValues:
+ default: {}
+ description: Configures console values in securetty
+ type: json
+ constraints:
+ - length: { min: 1}
+
+outputs:
+ role_data:
+ description: Console data for the securetty
+ value:
+ service_name: securetty
+ config_settings:
+ tripleo::profile::base::securetty::tty_list: {get_param: TtyValues}
+ step_config: |
+ include ::tripleo::profile::base::securetty
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 0c3cc1ec..0ecc942c 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -63,10 +63,14 @@ parameters:
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
SwiftBase:
@@ -76,6 +80,14 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
outputs:
role_data:
description: Role data for the Swift proxy service.
@@ -85,7 +97,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
-
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
@@ -146,7 +158,22 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
+ tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
+ tripleo::profile::base::swift::proxy::tls_proxy_port:
+ get_param: [EndpointMap, SwiftInternal, port]
+ swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
+ swift::proxy::proxy_local_net_ip:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:
@@ -169,3 +196,5 @@ outputs:
- name: Stop swift_proxy service
tags: step1
service: name=openstack-swift-proxy state=stopped
+ metadata_settings:
+ get_attr: [TLSProxyBase, role_data, metadata_settings]
diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index d6c0ef9a..c14e061b 100644
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -98,6 +98,7 @@ outputs:
service_config_settings:
keystone:
tacker::keystone::auth::tenant: 'service'
+ tacker::keystone::auth::region: {get_param: KeystoneRegion}
tacker::keystone::auth::password: {get_param: TackerPassword}
tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]}
tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]}
diff --git a/releasenotes/notes/add-ceilometer-agent-ipmi-2c86726d0373d354.yaml b/releasenotes/notes/add-ceilometer-agent-ipmi-2c86726d0373d354.yaml
new file mode 100644
index 00000000..d1f73407
--- /dev/null
+++ b/releasenotes/notes/add-ceilometer-agent-ipmi-2c86726d0373d354.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add support to configure Ceilometer Agent Ipmi profiles.
diff --git a/releasenotes/notes/add-l2gw-api-support-2206d3d14f409088.yaml b/releasenotes/notes/add-l2gw-api-support-2206d3d14f409088.yaml
new file mode 100644
index 00000000..81835323
--- /dev/null
+++ b/releasenotes/notes/add-l2gw-api-support-2206d3d14f409088.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add support for L2 Gateway Neutron service plugin
diff --git a/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml b/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml
new file mode 100644
index 00000000..19452f27
--- /dev/null
+++ b/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add capabilities to configure LDAP backends as for keystone domains.
+ This can be done by using the KeystoneLDAPDomainEnable and
+ KeystoneLDAPBackendConfigs parameters.
diff --git a/releasenotes/notes/add-qdr-99a27dffef42c13e.yaml b/releasenotes/notes/add-qdr-99a27dffef42c13e.yaml
new file mode 100644
index 00000000..163536dd
--- /dev/null
+++ b/releasenotes/notes/add-qdr-99a27dffef42c13e.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - Introduce the ability to deploy the qpid-dispatch-router (Qdr) for
+ the oslo.messaging AMQP 1.0 driver backend. The Qdr provides
+ direct messaging (e.g. brokerless) communications for
+ oslo.messaging services. To facilitate simple use for evaluation
+ in an overcloud deployment, the Qdr aliases the RabbitMQ service
+ to provide the messaging backend.
diff --git a/releasenotes/notes/add_db_sync_timeout-c9b2f401cca0b37d.yaml b/releasenotes/notes/add_db_sync_timeout-c9b2f401cca0b37d.yaml
new file mode 100644
index 00000000..ecf35933
--- /dev/null
+++ b/releasenotes/notes/add_db_sync_timeout-c9b2f401cca0b37d.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Adds DatabaseSyncTimeout parameter to Nova and Neutron templates.
diff --git a/releasenotes/notes/deployed-server-firewall-purge-9d9fe73faf925056.yaml b/releasenotes/notes/deployed-server-firewall-purge-9d9fe73faf925056.yaml
new file mode 100644
index 00000000..298a8ece
--- /dev/null
+++ b/releasenotes/notes/deployed-server-firewall-purge-9d9fe73faf925056.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - The initial firewall will now be purged by the deployed-server bootstrap
+ scripts. This is needed to prevent possible issues with bootstrapping the
+ initial Pacemaker cluster. See
+ https://bugs.launchpad.net/tripleo/+bug/1679234
diff --git a/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml b/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml
new file mode 100644
index 00000000..2661f7c9
--- /dev/null
+++ b/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml
@@ -0,0 +1,4 @@
+---
+deprecations:
+ - Deprecate and disable ceilometer Api by default. This can be enabled
+ by passing in an env file to deploy command.
diff --git a/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
new file mode 100644
index 00000000..3168a549
--- /dev/null
+++ b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
+ exposing sensitive data through core dumps of processes with elevated
+ permissions. Deployments that set or depend on non-zero values for
+ fs.suid_dumpable may be affected by upgrading.
+security:
+ - |
+ Explicitly disable core dump for setuid programs by setting
+ fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
+ of core dump file generated by setuid program.
diff --git a/releasenotes/notes/disable-kernel-parameter-for-icmp-redirects-f325f91d71b58b5f.yaml b/releasenotes/notes/disable-kernel-parameter-for-icmp-redirects-f325f91d71b58b5f.yaml
new file mode 100644
index 00000000..0f226a84
--- /dev/null
+++ b/releasenotes/notes/disable-kernel-parameter-for-icmp-redirects-f325f91d71b58b5f.yaml
@@ -0,0 +1,19 @@
+---
+upgrade:
+ - The net.ipv4.conf.default.send_redirects & net.ipv4.conf.all.send_redirects
+ are now set to 0 to prevent a compromised host from sending invalid ICMP
+ redirects to other router devices.
+ - The net.ipv4.conf.default.accept_redirects,
+ net.ipv6.conf.default.accept_redirects & net.ipv6.conf.all.accept_redirects
+ are now set to 0 to prevent forged ICMP packet from altering host's routing
+ tables.
+ - The net.ipv4.conf.default.secure_redirects &
+ net.ipv4.conf.all.secure_redirects are now set to 0 to disable acceptance
+ of secure ICMP redirected packets.
+security:
+ - Invalide ICMP redirects may corrupt routing and have users access a system
+ set up by the attacker as opposed to a valid system.
+ - Routing tables may be altered by bogus ICMP redirect messages and send
+ packets to incorrect networks.
+ - Secure ICMP redirects are the same as ICMP redirects, except they come from
+ gateways listed on the default gateway list.
diff --git a/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml
new file mode 100644
index 00000000..734db08a
--- /dev/null
+++ b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ When deploying with environments/docker.yaml, the docker service
+ is now deployed on all predefined roles.
diff --git a/releasenotes/notes/enable-logging-suspicious-packets-d5545586f917d2ca.yaml b/releasenotes/notes/enable-logging-suspicious-packets-d5545586f917d2ca.yaml
new file mode 100644
index 00000000..bb2543f2
--- /dev/null
+++ b/releasenotes/notes/enable-logging-suspicious-packets-d5545586f917d2ca.yaml
@@ -0,0 +1,9 @@
+---
+upgrade:
+ - |
+ The net.ipv4.conf.default.log_martians & net.ipv4.conf.all.log_martians are
+ now set to 1 to enable logging of suspicious packets.
+security:
+ - |
+ Logging of suspicious packets allows an administrator to investigate the
+ spoofed packets sent to their system.
diff --git a/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml b/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml
new file mode 100644
index 00000000..ef8877ae
--- /dev/null
+++ b/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+ - The deployed-server Heat agent configuration script,
+ get-occ-config.sh, is now updated to configure the
+ local data source for os-collect-config instead of
+ configuring /etc/os-collect-config.conf directly. Doing
+ so means that the configuration template for os-apply-config
+ no longer has to be deleted as the file will be rendered
+ correctly with the right data. See
+ https://bugs.launchpad.net/tripleo/+bug/1679705
diff --git a/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml
new file mode 100644
index 00000000..dd99acc7
--- /dev/null
+++ b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Allow setting the Ironic provisioning network UUID or name via new
+ ``IronicProvisioningNetwork`` configuration.
+ - |
+ Enable support for "neutron" Ironic networking plugin, enabling advanced
+ integration with Neutron, such as VLAN/VXLAN network support, bonding and
+ security groups.
diff --git a/releasenotes/notes/leave-satellite-repo-enabled-8b60528bd5450c7b.yaml b/releasenotes/notes/leave-satellite-repo-enabled-8b60528bd5450c7b.yaml
new file mode 100644
index 00000000..c327265a
--- /dev/null
+++ b/releasenotes/notes/leave-satellite-repo-enabled-8b60528bd5450c7b.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ Previously the RHEL registration script disabled the satellite repo after
+ installing the necessary packages from it. This makes it awkward to
+ update those packages later, so the repo will no longer be disabled.
diff --git a/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml
new file mode 100644
index 00000000..f5ccec06
--- /dev/null
+++ b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - Support configuring NeutronBridgeMappings
+ - Set force_config_drive to true as OVN doesn't support metadata service
+ - Add necessary iptables rules to allow Geneve traffic and ovsdb-server
+ traffic for Northbound and Southbound databases.
diff --git a/releasenotes/notes/ovs-2.5-2.6-composable-upgrades-workaround-73f4e56127c910b4.yaml b/releasenotes/notes/ovs-2.5-2.6-composable-upgrades-workaround-73f4e56127c910b4.yaml
new file mode 100644
index 00000000..8c210823
--- /dev/null
+++ b/releasenotes/notes/ovs-2.5-2.6-composable-upgrades-workaround-73f4e56127c910b4.yaml
@@ -0,0 +1,12 @@
+---
+issues:
+ - During the ovs upgrade for 2.5 to 2.6 we need to workaround the classic
+ yum update command by handling the upgrade of the package separately to not
+ loose the IPs and the connectivity on the nodes. The workaround is
+ discussed here https://bugs.launchpad.net/tripleo/+bug/1669714
+upgrade:
+ - The upgrade from openvswitch 2.5 to 2.6 is handled gracefully and there should
+ be no user impact in particular no restart of the openvswitch service. For more
+ information please see the related bug above which also links the relevant code reviews.
+ The workaround (transparent to the user/doesn't require any input) is to download the OVS
+ package and install with --nopostun and --notriggerun options provided by the rpm binary.
diff --git a/releasenotes/notes/restrict-mongodb-memory-de7bf6754d7234d9.yaml b/releasenotes/notes/restrict-mongodb-memory-de7bf6754d7234d9.yaml
new file mode 100644
index 00000000..86622bc1
--- /dev/null
+++ b/releasenotes/notes/restrict-mongodb-memory-de7bf6754d7234d9.yaml
@@ -0,0 +1,3 @@
+---
+fixes:
+ - Add knobs to limit memory comsumed by mongodb with systemd
diff --git a/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml b/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml
new file mode 100644
index 00000000..07407f20
--- /dev/null
+++ b/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - We need ceilometer user in cases where ceilometer API is disabled.
+ This is to ensure other ceilometer services can still authenticate
+ with keystone.
diff --git a/roles_data.yaml b/roles_data.yaml
index 130451ff..48859473 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -53,8 +53,9 @@
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::NeutronBgpvpnApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronApi
@@ -81,8 +82,8 @@
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::CeilometerApi
- OS::TripleO::Services::CeilometerCollector
- OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CeilometerAgentCentral
@@ -143,6 +144,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Kernel
@@ -161,6 +163,7 @@
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Docker
- name: BlockStorage
ServicesDefault:
@@ -172,6 +175,7 @@
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
@@ -179,6 +183,7 @@
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Docker
- name: ObjectStorage
disable_upgrade_deployment: True
@@ -191,6 +196,7 @@
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
@@ -199,6 +205,7 @@
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Docker
- name: CephStorage
ServicesDefault:
@@ -209,6 +216,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
@@ -217,3 +225,4 @@
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Docker
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 5ff6f134..5669a8af 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -212,8 +212,10 @@ def validate(filename):
% filename)
return 1
+ # qdr aliases rabbitmq service to provide alternative messaging backend
if (filename.startswith('./puppet/services/') and
- filename != './puppet/services/services.yaml'):
+ filename not in ['./puppet/services/services.yaml',
+ './puppet/services/qdr.yaml']):
retval = validate_service(filename, tpl)
if (filename.startswith('./docker/services/') and