summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/deploy-steps.j217
-rwxr-xr-xdocker/firstboot/setup_docker_host.sh11
-rw-r--r--docker/firstboot/setup_docker_host.yaml19
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml18
-rw-r--r--docker/services/ceph-ansible/ceph-mds.yaml83
-rw-r--r--docker/services/glance-api.yaml11
-rw-r--r--docker/services/nova-libvirt.yaml13
-rw-r--r--docker/services/nova-metadata.yaml66
-rw-r--r--docker/services/pacemaker/manila-share.yaml142
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml15
-rw-r--r--environments/ceph-ansible/ceph-mds.yaml2
-rw-r--r--environments/composable-roles/monolithic-ha.yaml59
-rw-r--r--environments/composable-roles/monolithic-nonha.yaml59
-rw-r--r--environments/composable-roles/standalone.yaml84
-rw-r--r--environments/docker-services-tls-everywhere.yaml13
-rw-r--r--environments/docker.yaml7
-rw-r--r--puppet/services/horizon.yaml16
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml20
-rw-r--r--sample-env-generator/composable-roles.yaml174
19 files changed, 775 insertions, 54 deletions
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index b36bb97a..8d17c223 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -11,6 +11,7 @@
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
{% set update_steps_max = 6 -%}
+{% set upgrade_steps_max = 6 -%}
heat_template_version: pike
@@ -337,4 +338,20 @@ outputs:
with_sequence: count={{deploy_steps_max-1}}
loop_control:
loop_var: step
+ upgrade_steps_tasks: |
+{%- for role in roles %}
+ - include: {{role.name}}/upgrade_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ upgrade_steps_playbook: |
+ - hosts: overcloud
+ tasks:
+ - include: upgrade_steps_tasks.yaml
+ with_sequence: count={{upgrade_steps_max-1}}
+ loop_control:
+ loop_var: step
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh
deleted file mode 100755
index af213bbd..00000000
--- a/docker/firstboot/setup_docker_host.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -eux
-# This file contains setup steps that can't be or have not yet been moved to
-# puppet
-
-# Disable libvirtd since it conflicts with nova_libvirt container
-/usr/bin/systemctl disable libvirtd.service
-/usr/bin/systemctl stop libvirtd.service
-# Disable virtlogd since it conflicts with nova_virtlogd container
-/usr/bin/systemctl disable virtlogd.service
-/usr/bin/systemctl stop virtlogd.service
diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml
deleted file mode 100644
index ddfa8802..00000000
--- a/docker/firstboot/setup_docker_host.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-heat_template_version: pike
-
-resources:
-
- userdata:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: setup_docker_host}
-
- setup_docker_host:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: ./setup_docker_host.sh}
-
-outputs:
- OS::stack_id:
- value: {get_resource: userdata}
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 52c4a65c..e65c503b 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -88,6 +88,14 @@ parameters:
description: default minimum replication for RBD copies
type: number
default: 3
+ ManilaCephFSNativeCephFSAuthId:
+ default: manila
+ type: string
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
CephIPv6:
default: False
type: boolean
@@ -202,6 +210,16 @@ outputs:
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
mode: "0644"
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: ManilaCephFSNativeCephFSAuthId}
+ key: {get_param: CephManilaClientKey}
+ mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+ mds_cap: "allow *"
+ osd_cap: "allow rw"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml
new file mode 100644
index 00000000..4ef3a669
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-mds.yaml
@@ -0,0 +1,83 @@
+heat_template_version: pike
+
+description: >
+ Ceph Metadata service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephMdsKey:
+ description: The cephx key for the MDS service. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
+ ManilaCephFSNativeShareBackendName:
+ default: cephfs
+ type: string
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph Metadata service.
+ value:
+ service_name: ceph_mds
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_mds.firewall_rules:
+ '112 ceph_mds':
+ dport:
+ - '6800-7300'
+ - ceph_mds_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - cephfs_data: {get_param: ManilaCephFSDataPoolName}
+ cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName}
+ cephfs: {get_param: ManilaCephFSNativeShareBackendName}
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index 044eb283..df226b15 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -39,10 +39,16 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ GlanceNfsEnabled:
+ default: false
+ description: >
+ When using GlanceBackend 'file', mount NFS share for image storage.
+ type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+ nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
resources:
@@ -128,6 +134,11 @@ outputs:
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
+ -
+ if:
+ - nfs_backend_enabled
+ - /var/lib/glance:/var/lib/glance
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 7637e6e9..62c25bb2 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -243,6 +243,19 @@ outputs:
file:
path: /etc/ceph
state: directory
+ - name: check if libvirt is installed
+ command: /usr/bin/rpm -q libvirt-daemon
+ failed_when: false
+ register: libvirt_installed
+ - name: make sure libvirt services are disabled
+ service:
+ name: "{{ item }}"
+ state: stopped
+ enabled: no
+ with_items:
+ - libvirtd.service
+ - virtlogd.socket
+ when: libvirt_installed.rc == 0
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2
diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml
index 0a8a74cd..53ae7910 100644
--- a/docker/services/nova-metadata.yaml
+++ b/docker/services/nova-metadata.yaml
@@ -4,6 +4,12 @@ description: >
OpenStack containerized Nova Metadata service
parameters:
+ DockerNovaMetadataImage:
+ description: image
+ type: string
+ DockerNovaConfigImage:
+ description: The container image to use for the nova config_volume
+ type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -33,6 +39,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaMetadataBase:
type: ../../puppet/services/nova-metadata.yaml
properties:
@@ -56,9 +65,56 @@ outputs:
service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: ''
- puppet_tags: ''
+ config_volume: nova
+ puppet_tags: nova_config
step_config: *step_config
- config_image: ''
- kolla_config: {}
- docker_config: {}
+ config_image: {get_param: DockerNovaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/nova_metadata.json:
+ command: /usr/bin/nova-api-metadata
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_2:
+ nova_init_logs:
+ image: &nova_metadata_image {get_param: DockerNovaMetadataImage}
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/nova:/var/log/nova
+ command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ step_4:
+ nova_metadata:
+ start_order: 2
+ image: *nova_metadata_image
+ net: host
+ user: nova
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [NovaMetadataBase, role_data, metadata_settings]
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_api service
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..7103ba8b
--- /dev/null
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -0,0 +1,142 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila Share service
+
+parameters:
+ DockerManilaShareImage:
+ description: image
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ MySQLClient:
+ type: ../../../puppet/services/database/mysql-client.yaml
+
+ ManilaBase:
+ type: ../../../puppet/services/pacemaker/manila-share.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Manila Share role.
+ value:
+ service_name: {get_attr: [ManilaBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image {get_param: DockerManilaShareImage}
+ manila::share::manage_service: false
+ manila::share::enabled: false
+ manila::host: hostgroup
+ step_config: ""
+ service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,file,concat,file_line
+ step_config:
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaBase, role_data, step_config]}
+ - - {get_attr: [MySQLClient, role_data, step_config]}
+ config_image: {get_param: DockerManilaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/manila_share.json:
+ command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ # NOTE(gfidente): ceph ansible generated
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_3:
+ manila_share_init_logs:
+ start_order: 0
+ image: *manila_share_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/manila:/var/log/manila
+ command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
+ step_5:
+ manila_share_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
+ image: *manila_share_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/manila
+ - /var/lib/manila
+ upgrade_tasks:
+ - name: Stop and disable manila_share service
+ tags: step2
+ service: name=openstack-manila-share state=stopped enabled=no
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index de53ceee..d8e50afd 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -92,6 +92,11 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
@@ -99,6 +104,14 @@ outputs:
- path: /var/log/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
# When using pacemaker we don't launch the container, instead that is done by pacemaker
# itself.
docker_config:
@@ -164,6 +177,8 @@ outputs:
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
diff --git a/environments/ceph-ansible/ceph-mds.yaml b/environments/ceph-ansible/ceph-mds.yaml
new file mode 100644
index 00000000..0834269c
--- /dev/null
+++ b/environments/ceph-ansible/ceph-mds.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml
diff --git a/environments/composable-roles/monolithic-ha.yaml b/environments/composable-roles/monolithic-ha.yaml
new file mode 100644
index 00000000..a1dcd7bf
--- /dev/null
+++ b/environments/composable-roles/monolithic-ha.yaml
@@ -0,0 +1,59 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Monolithic Controller HA deployment
+# description: |
+# A Heat environment that can be used to deploy controller and compute
+# services in an HA configuration with SSL everywhere and network
+# isolation.
+# This should be used with a roles_data.yaml containing the Controller,
+# Compute and CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 3
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 3
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
diff --git a/environments/composable-roles/monolithic-nonha.yaml b/environments/composable-roles/monolithic-nonha.yaml
new file mode 100644
index 00000000..f49ddf2a
--- /dev/null
+++ b/environments/composable-roles/monolithic-nonha.yaml
@@ -0,0 +1,59 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Monolithic Controller Non-HA deployment
+# description: |
+# A Heat environment that can be used to deploy controller and compute
+# services in an Non-HA configuration with SSL undercloud only and a
+# flat network.
+# This should be used with a roles_data.yaml containing the Controller,
+# Compute and CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 1
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 1
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml
new file mode 100644
index 00000000..3305c9ed
--- /dev/null
+++ b/environments/composable-roles/standalone.yaml
@@ -0,0 +1,84 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Controller HA deployment with standalone Database, Messaging and Networker nodes.
+# description: |
+# A Heat environment that can be used to deploy controller, database,
+# messaging, networker and compute services in an HA configuration with SSL
+# everywhere and network isolation.
+# This should be used with a roles_data.yaml containing the
+# ControllerOpenstack, Database, Messaging, Networker, Compute and
+# CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 1
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 3
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # Number of Database nodes
+ # Type: number
+ DatabaseCount: 3
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # Number of Messaging nodes
+ # Type: number
+ MessagingCount: 3
+
+ # Number of Networker nodes
+ # Type: number
+ NetworkerCount: 2
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
+ # Name of the flavor for Database nodes
+ # Type: string
+ OvercloudDatabaseFlavor: db
+
+ # Name of the flavor for Messaging nodes
+ # Type: string
+ OvercloudMessagingFlavor: messaging
+
+ # Name of the flavor for Networker nodes
+ # Type: string
+ OvercloudNetworkerFlavor: networker
+
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 2c93b210..e977dff2 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -1,11 +1,6 @@
# This environment contains the services that can work with TLS-everywhere.
resource_registry:
- # This can be used when you don't want to run puppet on the host,
- # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
- # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
- # The compute node still needs extra initialization steps
- OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
# Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
@@ -26,7 +21,6 @@ resource_registry:
OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
- OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
@@ -36,6 +30,13 @@ resource_registry:
OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
+ OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
+ OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
+ OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 9b977f6e..a47e0d4d 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -1,10 +1,4 @@
resource_registry:
- # This can be used when you don't want to run puppet on the host,
- # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
- # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
- # The compute node still needs extra initialization steps
- OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
-
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
@@ -22,6 +16,7 @@ resource_registry:
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml
OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 63ab92eb..642a0f09 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -67,6 +67,14 @@ parameters:
MonitoringSubscriptionHorizon:
default: 'overcloud-horizon'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -109,6 +117,14 @@ outputs:
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
+ horizon::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::listen_ssl: {get_param: EnableInternalTLS}
+ horizon::horizon_ca: {get_param: InternalTLSCAFile}
-
if:
- debug_unset
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index a1134f3e..f4675875 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -66,11 +66,17 @@ outputs:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
- - name: Sync cinder DB
+ - name: get bootstrap nodeid
tags: step5
- command: cinder-manage db sync
- - name: Start cinder_volume service (pacemaker)
- tags: step5
- pacemaker_resource:
- resource: openstack-cinder-volume
- state: enable
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - block:
+ - name: Sync cinder DB
+ tags: step5
+ command: cinder-manage db sync
+ - name: Start cinder_volume service (pacemaker)
+ tags: step5
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
+ when: bootstrap_node.stdout == ansible_hostname
diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml
new file mode 100644
index 00000000..91d6060f
--- /dev/null
+++ b/sample-env-generator/composable-roles.yaml
@@ -0,0 +1,174 @@
+#
+# This environment generator is used to generate some sample composable role
+# environment files.
+#
+environments:
+ -
+ name: composable-roles/monolithic-nonha
+ title: Monolithic Controller Non-HA deployment
+ description: |
+ A Heat environment that can be used to deploy controller and compute
+ services in an Non-HA configuration with SSL undercloud only and a
+ flat network.
+ This should be used with a roles_data.yaml containing the Controller,
+ Compute and CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ sample_values:
+ ControllerCount: 1
+ OvercloudControllerFlavor: control
+ ComputeCount: 1
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+
+ -
+ name: composable-roles/monolithic-ha
+ title: Monolithic Controller HA deployment
+ description: |
+ A Heat environment that can be used to deploy controller and compute
+ services in an HA configuration with SSL everywhere and network
+ isolation.
+ This should be used with a roles_data.yaml containing the Controller,
+ Compute and CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ sample_values:
+ ControllerCount: 3
+ OvercloudControllerFlavor: control
+ ComputeCount: 3
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+
+ -
+ name: composable-roles/standalone
+ title: Controller HA deployment with standalone Database, Messaging and Networker nodes.
+ description: |
+ A Heat environment that can be used to deploy controller, database,
+ messaging, networker and compute services in an HA configuration with SSL
+ everywhere and network isolation.
+ This should be used with a roles_data.yaml containing the
+ ControllerOpenstack, Database, Messaging, Networker, Compute and
+ CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - DatabaseCount
+ - MessagingCount
+ - NetworkerCount
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ - OvercloudDatabaseFlavor
+ - OvercloudMessagingFlavor
+ - OvercloudNetworkerFlavor
+ sample_values:
+ ControllerCount: 3
+ OvercloudControllerFlavor: control
+ ComputeCount: 1
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+ DatabaseCount: 3
+ OvercloudDatabaseFlavor: db
+ MessagingCount: 3
+ OvercloudMessagingFlavor: messaging
+ NetworkerCount: 2
+ OvercloudNetworkerFlavor: networker
+
+
+# NOTE(aschultz): So because these are dynamic based on the roles used, we
+# do not currently define these in any heat files. So we're defining them here
+# so that the sample env generator can still provide these configuration items
+# in the generated config files.
+parameters:
+ DnsServers:
+ default: ['8.8.8.8', '8,8.4.4']
+ description: DNS servers to use for the Overcloud
+ type: comma_delimited_list
+ # Dynamic vars based on roles
+ DatabaseCount:
+ default: 0
+ description: Number of Database nodes
+ type: number
+ MessagingCount:
+ default: 0
+ description: Number of Messaging nodes
+ type: number
+ NetworkerCount:
+ default: 0
+ description: Number of Networker nodes
+ type: number
+ OvercloudControllerFlavor:
+ default: control
+ description: Name of the flavor for Controller nodes
+ type: string
+ OvercloudComputeFlavor:
+ default: compute
+ description: Name of the flavor for Compute nodes
+ type: string
+ OvercloudCephStorageFlavor:
+ default: compute
+ description: Name of the flavor for Ceph nodes
+ type: string
+ OvercloudDatabaseFlavor:
+ default: database
+ description: Name of the flavor for Database nodes
+ type: string
+ OvercloudMessagingFlavor:
+ default: messaging
+ description: Name of the flavor for Messaging nodes
+ type: string
+ OvercloudNetworkerFlavor:
+ default: networker
+ description: Name of the flavor for Networker nodes
+ type: string
+