diff options
41 files changed, 463 insertions, 419 deletions
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 6986a0c8..e708688f 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -42,7 +42,7 @@ parameter_defaults: NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml index dfcb9654..f023cb32 100644 --- a/environments/major-upgrade-pacemaker-converge.yaml +++ b/environments/major-upgrade-pacemaker-converge.yaml @@ -1,6 +1,2 @@ parameter_defaults: - UpdateIdentifier: 'true' UpgradeLevelNovaCompute: '' - -resource_registry: - OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index 005310c7..9f2c667b 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -22,7 +22,7 @@ parameter_defaults: TenantNetCidr: 172.16.0.0/24 ExternalNetCidr: 10.0.0.0/24 # CIDR subnet mask length for provisioning network - ControlPlaneSubnetCidr: 24 + ControlPlaneSubnetCidr: '24' # Customize the IP ranges on each network to use for static IPs and VIPs InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}] StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}] diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index e3188090..2e6e5ec9 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -10,3 +10,5 @@ resource_registry: # which use pacemaker. In the future (with upcoming HA light work) this # list will hopefully be much smaller however. OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml + OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index bf2ee330..f5399222 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -12,10 +12,8 @@ fi if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then pcs resource disable httpd check_resource httpd stopped 1800 - if pcs status | grep openstack-keystone; then - pcs resource disable openstack-keystone - check_resource openstack-keystone stopped 1800 - fi + pcs resource disable openstack-core + check_resource openstack-core stopped 1800 pcs resource disable redis check_resource redis stopped 600 pcs resource disable mongod @@ -26,6 +24,12 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) check_resource memcached stopped 600 pcs resource disable galera check_resource galera stopped 600 + # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: + # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do + pcs resource disable $vip + check_resource $vip stopped 60 + done pcs cluster stop --all fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 10bea573..643ae57f 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -24,6 +24,11 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) exit 1 fi + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do + pcs resource enable $vip + check_resource $vip started 60 + done + pcs resource enable galera check_resource galera started 600 pcs resource enable mongod @@ -55,10 +60,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) check_resource rabbitmq started 600 pcs resource enable redis check_resource redis started 600 - if pcs status | grep openstack-keystone; then - pcs resource enable openstack-keystone - check_resource openstack-keystone started 1800 - fi + pcs resource enable openstack-core + check_resource openstack-core started 1800 pcs resource enable httpd check_resource httpd started 1800 fi diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 1f420b32..b63198db 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -13,6 +13,42 @@ # been already applied, it should be possible to call the function # again without damaging the deployment or failing the upgrade. +function add_missing_openstack_core_constraints { + # The CIBs are saved under /root as they might contain sensitive data + CIB="/root/migration.cib" + CIB_BACKUP="/root/backup.cib" + CIB_PUSH_NEEDED=n + + rm -f "$CIB" "$CIB_BACKUP" || /bin/true + pcs cluster cib "$CIB" + cp "$CIB" "$CIB_BACKUP" + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then + pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone + CIB_PUSH_NEEDED=y + fi + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then + pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone + CIB_PUSH_NEEDED=y + fi + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then + pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone + CIB_PUSH_NEEDED=y + fi + + if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then + CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g') + pcs -f "$CIB" constraint remove $CID + CIB_PUSH_NEEDED=y + fi + + if [ "$CIB_PUSH_NEEDED" = 'y' ]; then + pcs cluster cib-push "$CIB" + fi +} + function remove_ceilometer_alarm { if pcs status | grep openstack-ceilometer-alarm; then # Disable pacemaker resources for ceilometer-alarms diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index b2bdc55a..b2e5be16 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -8,7 +8,7 @@ pacemaker_status=$(systemctl is-active pacemaker) # and we're updating the deployment (not creating). if [ "$pacemaker_status" = "active" -a \ "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \ - "$(hiera update_identifier)" != "nil" ]; then + "$(hiera stack_action)" = "UPDATE" ]; then #ensure neutron constraints like #https://review.openstack.org/#/c/245093/ @@ -18,8 +18,8 @@ if [ "$pacemaker_status" = "active" -a \ pcs resource disable httpd check_resource httpd stopped 300 - pcs resource disable openstack-keystone - check_resource openstack-keystone stopped 1800 + pcs resource disable openstack-core + check_resource openstack-core stopped 1800 if pcs status | grep haproxy-clone; then pcs resource restart haproxy-clone @@ -30,8 +30,8 @@ if [ "$pacemaker_status" = "active" -a \ pcs resource restart memcached-clone pcs resource restart galera-master - pcs resource enable openstack-keystone - check_resource openstack-keystone started 1800 + pcs resource enable openstack-core + check_resource openstack-core started 1800 pcs resource enable httpd check_resource httpd started 800 diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 66efc5c5..b045e5ea 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -23,7 +23,7 @@ update_identifier=${update_identifier//[^a-zA-Z0-9-_]/} # seconds to wait for this node to rejoin the cluster after update cluster_start_timeout=600 -galera_sync_timeout=360 +galera_sync_timeout=1800 cluster_settle_timeout=1800 timestamp_file="$timestamp_dir/$update_identifier" @@ -43,104 +43,8 @@ if [[ "$list_updates" == "" ]]; then fi pacemaker_status=$(systemctl is-active pacemaker) -pacemaker_dumpfile=$(mktemp) if [[ "$pacemaker_status" == "active" ]] ; then -SERVICES="memcached -httpd -neutron-dhcp-agent -neutron-l3-agent -neutron-metadata-agent -neutron-openvswitch-agent -neutron-server -openstack-ceilometer-api -openstack-ceilometer-central -openstack-ceilometer-collector -openstack-ceilometer-notification -openstack-aodh-evaluator -openstack-aodh-notifier -openstack-aodh-listener -openstack-cinder-api -openstack-cinder-scheduler -openstack-cinder-volume -openstack-glance-api -openstack-glance-registry -openstack-heat-api -openstack-heat-api-cfn -openstack-heat-api-cloudwatch -openstack-heat-engine -openstack-keystone -openstack-nova-api -openstack-nova-conductor -openstack-nova-consoleauth -openstack-nova-novncproxy -openstack-nova-scheduler" - - echo "Dumping Pacemaker config" - pcs cluster cib $pacemaker_dumpfile - - echo "Checking for missing constraints" - - if ! pcs constraint order show | grep "start openstack-nova-novncproxy-clone then start openstack-nova-api-clone"; then - pcs -f $pacemaker_dumpfile constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone - fi - - if ! pcs constraint order show | grep "start rabbitmq-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start rabbitmq-clone then openstack-keystone-clone - fi - - if ! pcs constraint order show | grep "promote galera-master then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order promote galera-master then openstack-keystone-clone - fi - - if pcs resource | grep "haproxy-clone"; then - SERVICES="$SERVICES haproxy" - if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start haproxy-clone then openstack-keystone-clone - fi - fi - - if ! pcs constraint order show | grep "start memcached-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start memcached-clone then openstack-keystone-clone - fi - - if ! pcs constraint order show | grep "promote redis-master then start openstack-ceilometer-central-clone"; then - pcs -f $pacemaker_dumpfile constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false - fi - - if ! pcs constraint order show | grep "promote redis-master then start openstack-aodh-evaluator-clone"; then - pcs -f $pacemaker_dumpfile constraint order promote redis-master then start openstack-aodh-evaluator-clone require-all=false - fi - # ensure neutron constraints https://review.openstack.org/#/c/229466 - # remove ovs-cleanup after server and add openvswitch-agent instead - if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then - pcs -f $pacemaker_dumpfile constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory - fi - if ! pcs constraint order show | grep "start neutron-server-clone then start neutron-openvswitch-agent-clone"; then - pcs -f $pacemaker_dumpfile constraint order start neutron-server-clone then neutron-openvswitch-agent-clone - fi - - - if ! pcs resource defaults | grep "resource-stickiness: INFINITY"; then - pcs -f $pacemaker_dumpfile resource defaults resource-stickiness=INFINITY - fi - - echo "Setting resource start/stop timeouts" - for service in $SERVICES; do - pcs -f $pacemaker_dumpfile resource update $service op start timeout=200s op stop timeout=200s - done - # mongod start timeout is higher, setting only stop timeout - pcs -f $pacemaker_dumpfile resource update mongod op start timeout=370s op stop timeout=200s - - echo "Making sure rabbitmq has the notify=true meta parameter" - pcs -f $pacemaker_dumpfile resource update rabbitmq meta notify=true - - echo "Applying new Pacemaker config" - if ! pcs cluster cib-push $pacemaker_dumpfile; then - echo "ERROR failed to apply new pacemaker config" - exit 1 - fi - echo "Pacemaker running, stopping cluster node and doing full package update" node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*") if [[ "$node_count" == "1" ]] ; then @@ -149,13 +53,6 @@ openstack-nova-scheduler" else pcs cluster stop fi - - # clean leftover keepalived and radvd instances from neutron - # (can be removed when we remove neutron-netns-cleanup from cluster services) - # see https://review.gerrithub.io/#/c/248931/1/neutron-netns-cleanup.init - killall neutron-keepalived-state-change 2>/dev/null || : - kill $(ps ax | grep -e "keepalived.*\.pid-vrrp" | awk '{print $1}') 2>/dev/null || : - kill $(ps ax | grep -e "radvd.*\.pid\.radvd" | awk '{print $1}') 2>/dev/null || : else echo "Upgrading openstack-puppet-modules" yum -q -y update openstack-puppet-modules diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 375d40be..d9532439 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -5,6 +5,10 @@ description: > with VLANs attached for the controller role. parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string ExternalIpSubnet: default: '' description: IP address/subnet on the external network @@ -62,6 +66,18 @@ parameters: default: '10.0.0.1' description: default route for the external network type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + resources: OsNetConfigImpl: @@ -72,6 +88,21 @@ resources: os_net_config: network_config: - + type: interface + name: nic1 + use_dhcp: false + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - type: ovs_bridge name: {get_input: bridge_name} use_dhcp: true diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index bd4e2281..f88a68f4 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -182,7 +182,7 @@ Sahara: uri_suffixes: '': /v1.1/%(tenant_id)s Public: - vip_param: SaharaApi + vip_param: Public uri_suffixes: '': /v1.1/%(tenant_id)s Admin: diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index f9a8b83c..1bd35a7c 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -1778,7 +1778,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} port: get_param: [EndpointMap, SaharaPublic, port] protocol: @@ -1793,7 +1793,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, SaharaPublic, port] - /v1.1/%(tenant_id)s @@ -1807,7 +1807,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, SaharaPublic, port] SwiftAdmin: diff --git a/network/management.yaml b/network/management.yaml index 1800b57a..6878bac4 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -13,7 +13,7 @@ parameters: ManagementNetValueSpecs: default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} description: Value specs for the management network. - type: string + type: json ManagementNetAdminStateUp: default: false description: The admin state of the network. diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index bf0c036d..baa544e7 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the external network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [ExternalNetCidr, -2]} - - {get_param: [ExternalNetCidr, -1]} + - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 522caaa0..bfe2686f 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the external network. The IP address will be chosen @@ -57,12 +57,10 @@ outputs: - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the external network IP value: list_join: - '' - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [ExternalPort, subnets, 0, cidr, -2]} - - {get_attr: [ExternalPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 34c17ab2..8d0a91b6 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the internal API network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [InternalApiNetCidr, -2]} - - {get_param: [InternalApiNetCidr, -1]} + - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 279e6bd0..14738b33 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the internal_api network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the internal API network IP value: list_join: - '' - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [InternalApiPort, subnets, 0, cidr, -2]} - - {get_attr: [InternalApiPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index 966d96ae..328f8385 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [StorageNetCidr, -2]} - - {get_param: [StorageNetCidr, -1]} + - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 890da75c..50470c92 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage MGMT network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [StorageMgmtNetCidr, -2]} - - {get_param: [StorageMgmtNetCidr, -1]} + - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 61956be2..9db66964 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the storage_mgmt API network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage_mgmt network IP value: list_join: - '' - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [StorageMgmtPort, subnets, 0, cidr, -2]} - - {get_attr: [StorageMgmtPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 13b62276..adf3595a 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the storage network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage network IP value: list_join: - '' - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [StoragePort, subnets, 0, cidr, -2]} - - {get_attr: [StoragePort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index b2bcd426..bbe6f736 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs @@ -42,12 +42,10 @@ outputs: - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the tenant network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [TenantNetCidr, -2]} - - {get_param: [TenantNetCidr, -1]} + - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index 6ca37549..21ba1efa 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the tenant network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the tenant network IP value: list_join: - '' - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [TenantPort, subnets, 0, cidr, -2]} - - {get_attr: [TenantPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index de927094..498e5d69 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port for a VIP on the isolated network NetworkName. @@ -54,12 +54,10 @@ outputs: - {get_attr: [VipPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the network associated with this IP value: list_join: - '' - - {get_attr: [VipPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [VipPort, subnets, 0, cidr, -2]} - - {get_attr: [VipPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [VipPort, subnets, 0, cidr]}, 1]} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 55cefc76..4f79e516 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -124,6 +124,8 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Keystone: puppet/services/keystone.yaml + OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 20c853cd..2c34ad1c 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -393,8 +393,7 @@ parameters: controllerExtraConfig: default: {} description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. type: json controllerImage: type: string @@ -470,25 +469,6 @@ parameters: ] } type: json - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlancePassword: - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiBackend: default: file description: The short name of the Gnocchi backend to use. Should be one @@ -700,6 +680,8 @@ parameters: ControllerServices: default: - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -852,6 +834,12 @@ parameters: List of resources to be removed from CephStorageResourceGroup when doing an update which requires removal of specific resources. +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + resources: @@ -920,7 +908,7 @@ resources: CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} - ControllerExtraConfig: {get_param: controllerExtraConfig} + controllerExtraConfig: {get_param: controllerExtraConfig} CorosyncIPv6: {get_param: CorosyncIPv6} Debug: {get_param: Debug} EnableFencing: {get_param: EnableFencing} @@ -932,10 +920,6 @@ resources: ExtraConfig: {get_param: ExtraConfig} FencingConfig: {get_param: FencingConfig} Flavor: {get_param: OvercloudControlFlavor} - GlancePassword: {get_param: GlancePassword} - GlanceBackend: {get_param: GlanceBackend} - GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy} - GlanceLogFile: {get_param: GlanceLogFile} GnocchiPassword: {get_param: GnocchiPassword} GnocchiBackend: {get_param: GnocchiBackend} GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} @@ -1023,8 +1007,6 @@ resources: CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} HeatApiVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 90eb1b09..b065ddd2 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -67,6 +67,12 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger package update on all nodes + StackAction: + type: string + description: > + Heat action on performed top-level stack. + constraints: + - allowed_values: ['CREATE', 'UPDATE'] resources: @@ -303,6 +309,7 @@ resources: deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index f26d07f7..f0eb71e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -256,6 +256,7 @@ resources: - ceph - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 5b61e0b6..c1a04e24 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -316,6 +316,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 6759d3b9..4c18067a 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -486,6 +486,7 @@ resources: - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 56eb8b96..bf196d24 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-04-08 description: > OpenStack controller node configured by Puppet. @@ -97,6 +97,11 @@ parameters: default: 0 description: Number of workers for Cinder service. type: number + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json ControllerExtraConfig: default: {} description: | @@ -186,49 +191,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: - default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string GnocchiBackend: default: file description: The short name of the Gnocchi backend to use. Should be one @@ -258,10 +220,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string @@ -685,12 +643,6 @@ parameters: HeatApiVirtualIPUri: type: string default: '' - GlanceApiVirtualIP: - type: string - default: '' - GlanceRegistryVirtualIP: - type: string - default: '' MysqlVirtualIP: type: string default: '' @@ -762,6 +714,12 @@ parameters: type: json default: {} +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + resources: Controller: @@ -922,7 +880,6 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - glance_workers: {get_param: GlanceWorkers} heat_workers: {get_param: HeatWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} @@ -980,23 +937,6 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/cinder' - glance_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance_password: {get_param: GlancePassword} - glance_backend: {get_param: GlanceBackend} - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql+pymysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/glance' heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} heat_dsn: @@ -1220,7 +1160,6 @@ resources: glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1234,6 +1173,11 @@ resources: nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + horizon_subnet: + str_replace: + template: "['SUBNET']" + params: + SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_password: {get_param: RedisPassword} @@ -1280,11 +1224,15 @@ resources: - midonet_data #Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper datafiles: service_configs: mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: - mapped_data: {get_param: ControllerExtraConfig} + mapped_data: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: @@ -1350,38 +1298,8 @@ resources: cinder::db::mysql::password: {get_input: cinder_password} # Glance - glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: glance_api_network} - glance::api::auth_uri: {get_input: keystone_auth_uri} - glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_host} - glance::api::keystone_password: {get_input: glance_password} - glance::api::debug: {get_input: debug} - glance::api::workers: {get_input: glance_workers} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: glance_registry_network} - glance::registry::auth_uri: {get_input: keystone_auth_uri} - glance::registry::identity_uri: {get_input: keystone_identity_uri} - glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} - glance::registry::workers: {get_input: glance_workers} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - glance_backend: {get_input: glance_backend} - glance::db::mysql::password: {get_input: glance_password} - glance_file_pcmk_device: {get_input: glance_file_pcmk_device} - glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} - glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} - glance_file_pcmk_options: {get_input: glance_file_pcmk_options} - glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} - glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} - glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} @@ -1402,6 +1320,7 @@ resources: heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::api_cfn::workers: {get_input: heat_workers} + heat::engine::num_engine_workers: {get_input: heat_workers} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} @@ -1582,6 +1501,7 @@ resources: nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon + apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 77b11378..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 79db9418..9316cf17 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -141,6 +141,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' # mysql mysql::server::manage_config_file: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index d7bb025a..ef330e29 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -113,8 +113,6 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - include ::keystone::db::mysql - include ::glance::db::mysql include ::nova::db::mysql include ::nova::db::mysql_api include ::neutron::db::mysql @@ -215,26 +213,6 @@ if hiera('step') >= 2 { if hiera('step') >= 4 { - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: scrubber and other additional optional features - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - } - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) - $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') @@ -619,6 +597,7 @@ if hiera('step') >= 4 { include ::sahara::service::engine # Horizon + include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' } else { diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index f152a141..0652a1c6 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -23,10 +23,8 @@ Service <| tag == 'aodh-service' or tag == 'cinder-service' or tag == 'ceilometer-service' or - tag == 'glance-service' or tag == 'gnocchi-service' or tag == 'heat-service' or - tag == 'keystone-service' or tag == 'neutron-service' or tag == 'nova-service' or tag == 'sahara-service' @@ -379,12 +377,6 @@ MYSQL_HOST=localhost\n", # Create all the database schemas if $sync_db { - class { '::keystone::db::mysql': - require => Exec['galera-ready'], - } - class { '::glance::db::mysql': - require => Exec['galera-ready'], - } class { '::nova::db::mysql': require => Exec['galera-ready'], } @@ -473,33 +465,7 @@ MYSQL_HOST=localhost\n", } #END STEP 2 -if hiera('step') >= 4 { - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - manage_service => false, - enabled => false, - } - class { '::glance::registry' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) +if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { @@ -960,6 +926,7 @@ if hiera('step') >= 4 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } + include ::apache::mod::remoteip include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1168,52 +1135,14 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], Pacemaker::Resource::Ocf['openstack-core']], } - - # Glance - if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { - $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' - pacemaker::resource::filesystem { 'glance-fs': - device => hiera('glance_file_pcmk_device'), - directory => hiera('glance_file_pcmk_directory'), - fstype => hiera('glance_file_pcmk_fstype'), - fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','), - verify_on_create => true, - clone_params => '', - } - } - - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::glance::params::registry_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': + pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': constraint_type => 'order', - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", + first_resource => "${::sahara::params::api_service_name}-clone", + second_resource => "${::sahara::params::engine_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': - source => "${::glance::params::api_service_name}-clone", - target => "${::glance::params::registry_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], + require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], + Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], } if hiera('step') == 5 { @@ -1351,7 +1280,7 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], } } - if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { + if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_l3_agent',true) { pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': constraint_type => 'order', first_resource => "${::neutron::params::dhcp_agent_service}-clone", @@ -1584,6 +1513,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', first_resource => "${::ceilometer::params::agent_central_service_name}-clone", @@ -1667,6 +1605,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], } + pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': + constraint_type => 'order', + first_resource => "${::aodh::params::evaluator_service_name}-clone", + second_resource => "${::aodh::params::listener_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], + } pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': source => "${::aodh::params::listener_service_name}-clone", target => "${::aodh::params::evaluator_service_name}-clone", @@ -1723,15 +1670,6 @@ if hiera('step') >= 5 { pacemaker::resource::service { $::heat::params::engine_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'keystone-then-heat-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', first_resource => "${::heat::params::api_service_name}-clone", diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml new file mode 100644 index 00000000..3e8784b7 --- /dev/null +++ b/puppet/services/glance-api.yaml @@ -0,0 +1,98 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Glance API role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} + glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::registry_host: + str_replace: + template: "'REGISTRY_HOST'" + params: + REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::keystone_password: {get_param: GlancePassword} + glance::api::debug: {get_param: Debug} + glance::api::workers: {get_param: GlanceWorkers} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance::api::database_connection: *glance_dsn + glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance_backend: {get_param: GlanceBackend} + glance::db::mysql::password: {get_param: GlancePassword} + glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + step_config: | + include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml new file mode 100644 index 00000000..1a1a515a --- /dev/null +++ b/puppet/services/glance-registry.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + +outputs: + role_data: + description: Role data for the Glance Registry role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::database_connection: *glance_dsn + glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::debug: {get_param: Debug} + glance::registry::workers: {get_param: GlanceWorkers} + step_config: | + include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml new file mode 100644 index 00000000..815eb5bf --- /dev/null +++ b/puppet/services/pacemaker/glance-api.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + +resources: + + GlanceApiBase: + type: ../glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + map_merge: + - get_attr: [GlanceApiBase, role_data, config_settings] + - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + step_config: | + include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml new file mode 100644 index 00000000..56353459 --- /dev/null +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + GlanceRegistryBase: + type: ../glance-registry.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + get_attr: [GlanceRegistryBase, role_data, config_settings] + # No puppet manifests since glance-registry is included in + # ::tripleo::profile::pacemaker::glance which is maintained alongside of + # pacemaker/glance-api.yaml. + step_config: diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ea226263..296428db 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -256,6 +256,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh index 31b4d6bf..1c834e76 100644 --- a/validation-scripts/all-nodes.sh +++ b/validation-scripts/all-nodes.sh @@ -1,6 +1,25 @@ #!/bin/bash set -e +function ping_retry() { + local IP_ADDR=$1 + local TIMES=${2:-'10'} + local COUNT=0 + local PING_CMD=ping + if [[ $IP_ADDR =~ ":" ]]; then + PING_CMD=ping6 + fi + until [ $COUNT -ge $TIMES ]; do + if $PING_CMD -W 300 -c 1 $IP_ADDR &> /dev/null; then + echo "Ping to $IP_ADDR succeeded." + return 0 + fi + echo "Ping to $IP_ADDR failed. Retrying..." + COUNT=$(($COUNT + 1)) + done + return 1 +} + # For each unique remote IP (specified via Heat) we check to # see if one of the locally configured networks matches and if so we # attempt a ping test the remote network IP. @@ -9,17 +28,15 @@ function ping_controller_ips() { for REMOTE_IP in $(echo $REMOTE_IPS | sed -e "s| |\n|g" | sort -u); do if [[ $REMOTE_IP =~ ":" ]]; then networks=$(ip -6 r | grep -v default | cut -d " " -f 1 | grep -v "unreachable") - ping=ping6 else networks=$(ip r | grep -v default | cut -d " " -f 1) - ping=ping fi for LOCAL_NETWORK in $networks; do in_network=$(python -c "import ipaddr; net=ipaddr.IPNetwork('$LOCAL_NETWORK'); addr=ipaddr.IPAddress('$REMOTE_IP'); print(addr in net)") if [[ $in_network == "True" ]]; then - echo -n "Trying to ping $REMOTE_IP for local network $LOCAL_NETWORK..." + echo "Trying to ping $REMOTE_IP for local network ${LOCAL_NETWORK}." set +e - if ! $ping -W 300 -c 1 $REMOTE_IP &> /dev/null; then + if ! ping_retry $REMOTE_IP; then echo "FAILURE" echo "$REMOTE_IP is not pingable. Local Network: $LOCAL_NETWORK" >&2 exit 1 @@ -40,7 +57,7 @@ function ping_default_gateways() { set +e for GW in $DEFAULT_GW; do echo -n "Trying to ping default gateway ${GW}..." - if ! ping -c 1 $GW &> /dev/null; then + if ! ping_retry $GW; then echo "FAILURE" echo "$GW is not pingable." exit 1 |