diff options
| -rw-r--r-- | capabilities-map.yaml | 10 | ||||
| -rw-r--r-- | ci/scripts/freeipa_setup.sh | 8 | ||||
| -rw-r--r-- | deployed-server/deployed-server-bootstrap-centos.yaml | 2 | ||||
| -rw-r--r-- | environments/deployed-server-noop-ctlplane.yaml | 1 | ||||
| -rw-r--r-- | environments/network-environment.yaml | 2 | ||||
| -rw-r--r-- | environments/services/disable-ceilometer-api.yaml | 2 | ||||
| -rw-r--r-- | extraconfig/pre_network/config_then_reboot.yaml | 2 | ||||
| -rw-r--r-- | extraconfig/pre_network/host_config_and_reboot.role.j2.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/ceilometer-base.yaml | 10 | ||||
| -rw-r--r-- | puppet/services/ceph-mon.yaml | 8 | ||||
| -rw-r--r-- | puppet/services/cinder-hpelefthand-iscsi.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/manila-backend-cephfs.yaml | 18 | ||||
| -rw-r--r-- | puppet/services/neutron-ovs-agent.yaml | 9 | ||||
| -rw-r--r-- | puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/nova-api.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/ovn-dbs.yaml | 2 | ||||
| -rwxr-xr-x | tools/yaml-validate.py | 66 |
17 files changed, 133 insertions, 19 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 4aecd570..59d47ee0 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -160,6 +160,16 @@ topics: description: Deploy Mistral service requires: - overcloud-resource-registry-puppet.yaml + - title: Ceilometer Api + description: + environments: + - file: environments/services/disable-ceilometer-api.yaml + title: Ceilometer Api + description: Disable Ceilometer Api service. This service is + deprecated and will be removed in future releases. Please move + to using gnocchi/aodh/panko apis instead. + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index 6906a2dd..a36493a1 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -8,6 +8,8 @@ # - AdminPassword # - UndercloudFQDN # - HostsSecret +# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning +# interface (which is hardcoded to eth1) # set -eux @@ -17,6 +19,12 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then source /tmp/freeipa-setup.env fi +if [ -n "$ProvisioningCIDR" ]; then + # Add address to provisioning network interface + ip link set dev eth1 up + ip addr add $ProvisioningCIDR dev eth1 +fi + # Set DNS servers echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml index ac537386..c1740d78 100644 --- a/deployed-server/deployed-server-bootstrap-centos.yaml +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Deployed Server Bootstrap Config' diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index 54f5e41d..8835d5b1 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,3 +1,4 @@ resource_registry: + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None OS::TripleO::Server: ../deployed-server/deployed-server.yaml OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index b02fc198..796eb806 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -43,7 +43,7 @@ parameter_defaults: ExternalInterfaceDefaultRoute: 10.0.0.1 # Uncomment if using the Management Network (see network-management.yaml) # ManagementNetCidr: 10.0.1.0/24 - # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}] + # ManagementAllocationPools: [{'start': '10.0.1.10', 'end': '10.0.1.50'}] # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml new file mode 100644 index 00000000..94cd8d5d --- /dev/null +++ b/environments/services/disable-ceilometer-api.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CeilometerApi: OS::Heat::None diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index ec4d2761..bb0b9511 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Do some configuration, then reboot - sometimes needed for early-boot diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index bba16a66..4ad53cb8 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Do some configuration, then reboot - sometimes needed for early-boot diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 0528368e..a86a0cdf 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -46,14 +46,6 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - EnableLegacyCeilometerApi: - default: false - description: Enable legacy ceilometer Api service if needed. - type: boolean EventPipelinePublishers: default: ['notifier://?topic=alarm.all'] description: A list of publishers to put in event_pipeline.yaml. @@ -103,7 +95,6 @@ outputs: - '/ceilometer' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -114,7 +105,6 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f32bdd2b..68ad69b7 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -28,6 +28,12 @@ parameters: CinderRbdPoolName: default: volumes type: string + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string CinderBackupRbdPoolName: default: backups type: string @@ -87,6 +93,8 @@ outputs: for_each: <%pool%>: - {get_param: CinderRbdPoolName} + - {get_param: ManilaCephFSDataPoolName} + - {get_param: ManilaCephFSMetadataPoolName} - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml index f22a3aeb..ca7d2838 100644 --- a/puppet/services/cinder-hpelefthand-iscsi.yaml +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2017-02-24 +heat_template_version: ocata description: > Configure Cinder HPELeftHandISCSIDriver diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 91369a99..36ef1ea9 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -40,6 +40,20 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + # (jprovazn) default value is set to assure this templates works with an + # external ceph too (user/key is created only when ceph is deployed by + # TripleO) + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -54,4 +68,8 @@ outputs: manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 0eb16e6a..e24fae7c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -70,6 +70,9 @@ parameters: tag: openstack.neutron.agent.openvswitch path: /var/log/neutron/openvswitch-agent.log +conditions: + no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} + resources: NeutronBase: @@ -104,13 +107,17 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} tripleo.neutron_ovs_agent.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml index afb8cf44..becd25c9 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2017-02-24 +heat_template_version: ocata description: > Configure hieradata for Fujitsu C-Fabric plugin configuration diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index d2ca841f..36ac3e08 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -54,6 +54,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NovaDefaultFloatingPool: + default: 'public' + description: Default pool for floating IP addresses + type: string conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -102,7 +106,7 @@ outputs: nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::api::enabled: true - nova::api::default_floating_pool: 'public' + nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool} nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true nova::api::api_bind_address: diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 302628d4..7f81afde 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OVN databases configured with puppet diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index fd1f47de..63e3ce51 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -19,11 +19,41 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] +envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', + 'tls-endpoints-public-ip.yaml', + 'tls-everywhere-endpoints-dns.yaml'] +ENDPOINT_MAP_FILE = 'endpoint_map.yaml' + def exit_usage(): print('Usage %s <yaml file or directory>' % sys.argv[0]) sys.exit(1) +def get_base_endpoint_map(filename): + try: + tpl = yaml.load(open(filename).read()) + return tpl['parameters']['EndpointMap']['default'] + except Exception: + print(traceback.format_exc()) + return None + + +def get_endpoint_map_from_env(filename): + try: + tpl = yaml.load(open(filename).read()) + return { + 'file': filename, + 'map': tpl['parameter_defaults']['EndpointMap'] + } + except Exception: + print(traceback.format_exc()) + return None + + +def validate_endpoint_map(base_map, env_map): + return sorted(base_map.keys()) == sorted(env_map.keys()) + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -64,6 +94,10 @@ def validate_mysql_connection(settings): def validate_service(filename, tpl): + if 'heat_template_version' in tpl and not str(tpl['heat_template_version']).isalpha(): + print('ERROR: heat_template_version needs to be the release alias not a date: %s' + % filename) + return 1 if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: print('ERROR: invalid role_data for filename: %s' @@ -128,6 +162,8 @@ if len(sys.argv) < 2: path_args = sys.argv[1:] exit_val = 0 failed_files = [] +base_endpoint_map = None +env_endpoint_maps = list() for base_path in path_args: if os.path.isdir(base_path): @@ -139,6 +175,12 @@ for base_path in path_args: if failed: failed_files.append(file_path) exit_val |= failed + if f == ENDPOINT_MAP_FILE: + base_endpoint_map = get_base_endpoint_map(file_path) + if f in envs_containing_endpoint_map: + env_endpoint_map = get_endpoint_map_from_env(file_path) + if env_endpoint_map: + env_endpoint_maps.append(env_endpoint_map) elif os.path.isfile(base_path) and base_path.endswith('.yaml'): failed = validate(base_path) if failed: @@ -148,6 +190,30 @@ for base_path in path_args: print('Unexpected argument %s' % base_path) exit_usage() +if base_endpoint_map and \ + len(env_endpoint_maps) == len(envs_containing_endpoint_map): + for env_endpoint_map in env_endpoint_maps: + matches = validate_endpoint_map(base_endpoint_map, + env_endpoint_map['map']) + if not matches: + print("ERROR: %s doesn't match base endpoint map" % + env_endpoint_map['file']) + failed_files.append(env_endpoint_map['file']) + exit_val |= 1 + else: + print("%s matches base endpoint map" % env_endpoint_map['file']) +else: + print("ERROR: Can't validate endpoint maps since a file is missing. " + "If you meant to delete one of these files you should update this " + "tool as well.") + if not base_endpoint_map: + failed_files.append(ENDPOINT_MAP_FILE) + if len(env_endpoint_maps) != len(envs_containing_endpoint_map): + matched_files = set(os.path.basename(matched_env_file['file']) + for matched_env_file in env_endpoint_maps) + failed_files.extend(set(envs_containing_endpoint_map) - matched_files) + exit_val |= 1 + if failed_files: print('Validation failed on:') for f in failed_files: |