diff options
| -rw-r--r-- | docker/services/ceph-ansible/ceph-base.yaml | 51 | ||||
| -rw-r--r-- | docker/services/database/mongodb.yaml | 54 | ||||
| -rw-r--r-- | docker/services/nova-api.yaml | 26 | ||||
| -rw-r--r-- | docker/services/nova-placement.yaml | 17 | ||||
| -rw-r--r-- | docker/services/pacemaker/database/mysql.yaml | 41 | ||||
| -rw-r--r-- | environments/docker-centos-tripleoupstream.yaml | 11 | ||||
| -rw-r--r-- | environments/network-isolation-v6.j2.yaml | 58 | ||||
| -rw-r--r-- | environments/network-isolation-v6.yaml | 57 | ||||
| -rw-r--r-- | environments/network-management-v6.yaml | 4 | ||||
| -rw-r--r-- | environments/network-management.yaml | 4 | ||||
| -rw-r--r-- | extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml | 7 | ||||
| -rw-r--r-- | j2_excludes.yaml | 4 | ||||
| -rw-r--r-- | puppet/cephstorage-role.yaml | 718 | ||||
| -rw-r--r-- | puppet/services/pacemaker_remote.yaml | 13 | ||||
| -rw-r--r-- | releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml | 5 | ||||
| -rw-r--r-- | releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml | 9 |
16 files changed, 262 insertions, 817 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 85fe0608..52c4a65c 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -102,6 +102,33 @@ conditions: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') +resources: + DockerImageUrlParts: + type: OS::Heat::Value + properties: + type: json + value: + host: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1] + data: {get_param: DockerCephDaemonImage} + - docker.io + image: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2] + data: {get_param: DockerCephDaemonImage} + - yaql: + expression: $.data.rightSplit(':', 1)[0] + data: {get_param: DockerCephDaemonImage} + image_tag: + yaql: + expression: $.data.rightSplit(':', 1)[1] + data: {get_param: DockerCephDaemonImage} + outputs: role_data: description: Role data for the Ceph base service. @@ -125,21 +152,9 @@ outputs: ceph_common_ansible_vars: fsid: { get_param: CephClusterFSID } docker: true - ceph_docker_registry: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[1] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - docker.io - ceph_docker_image: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[2] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} + ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]} + ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} @@ -186,11 +201,7 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - acls: - - "u:glance:r--" - - "u:nova:r--" - - "u:cinder:r--" - - "u:gnocchi:r--" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5ba79b31..9b5c5b8f 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -36,6 +36,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -77,6 +89,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -84,6 +100,8 @@ outputs: - path: /var/log/mongodb owner: mongodb:mongodb recurse: true + - path: /etc/pki/tls/certs/mongodb.pem + owner: mongodb:mongodb docker_config: step_2: mongodb: @@ -91,11 +109,21 @@ outputs: net: host privileged: false volumes: &mongodb_volumes - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/mongodb:/var/log/mongodb - - /var/lib/mongodb:/var/lib/mongodb + list_concat: + - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/mongodb:/var/log/mongodb + - /var/lib/mongodb:/var/lib/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -106,8 +134,18 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_config_image volumes: - - /var/lib/mongodb:/var/lib/mongodb - - /var/log/containers/mongodb:/var/log/mongodb + list_concat: + - - /var/lib/mongodb:/var/lib/mongodb + - /var/log/containers/mongodb:/var/log/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null host_prep_tasks: - name: create persistent directories file: @@ -116,6 +154,8 @@ outputs: with_items: - /var/log/containers/mongodb - /var/lib/mongodb + metadata_settings: + get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index da461049..45de265e 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -64,9 +71,6 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false - nova_wsgi_enabled: false - nova::api::service_name: '%{::nova::params::api_service_name}' - nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -82,7 +86,7 @@ outputs: config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api + command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -112,7 +116,7 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -163,7 +167,7 @@ outputs: start_order: 2 image: *nova_api_image net: host - user: nova + user: root privileged: true restart: always volumes: @@ -173,6 +177,16 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_api_cron: diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index d784ace3..26d17560 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,6 +111,16 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 3fb38349..8ba7d723 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -43,6 +43,14 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -59,6 +67,10 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: role_data: description: Containerized service MySQL using composable services. @@ -79,6 +91,13 @@ outputs: - 4567 - 4568 - 9200 + - + if: + - internal_tls_enabled + - + tripleo::profile::pacemaker::database::mysql_bundle::ca_file: + get_param: InternalTLSCAFile + - {} step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -103,6 +122,20 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + perm: '0600' + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + perm: '0600' + optional: true docker_config: step_1: mysql_data_ownership: @@ -195,6 +228,8 @@ outputs: file: path: /var/lib/mysql state: directory + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common @@ -220,3 +255,9 @@ outputs: - name: Disable mysql service tags: step2 service: name=mariadb enabled=no + - name: Remove clustercheck service from xinetd + tags: step2 + file: state=absent path=/etc/xinetd.d/galera-monitor + - name: Restart xinetd service after clustercheck removal + tags: step2 + service: name=xinetd state=restarted diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml index 47f8e528..01a118e4 100644 --- a/environments/docker-centos-tripleoupstream.yaml +++ b/environments/docker-centos-tripleoupstream.yaml @@ -1,6 +1,6 @@ -# Generated with the following on 2017-07-12T11:40:50.219622 +# Generated with the following on 2017-08-11T04:58:59.567629 # -# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml +# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml # parameter_defaults: @@ -9,6 +9,7 @@ parameter_defaults: DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest + DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest @@ -45,8 +46,8 @@ parameter_defaults: DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest - DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest + DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest @@ -82,7 +83,7 @@ parameter_defaults: DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest - DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest + DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest @@ -100,8 +101,6 @@ parameter_defaults: DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest - DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest - DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml new file mode 100644 index 00000000..bb27ee43 --- /dev/null +++ b/environments/network-isolation-v6.j2.yaml @@ -0,0 +1,58 @@ +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + {%- if network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- else %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endif %} + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.enabled|default(true) %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- else %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{%- endfor %} + + +parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. + MongoDbIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml deleted file mode 100644 index 11ca5b31..00000000 --- a/environments/network-isolation-v6.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Enable the creation of IPv6 Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. -resource_registry: - OS::TripleO::Network::External: ../network/external_v6.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml - OS::TripleO::Network::Storage: ../network/storage_v6.yaml - # IPv4 until OVS and Neutron support IPv6 tunnel endpoints - OS::TripleO::Network::Tenant: ../network/tenant.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - -parameter_defaults: - # Enable IPv6 for Ceph. - CephIPv6: True - # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. - CorosyncIPv6: True - # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. - MongoDbIPv6: True - # Enable various IPv6 features in Nova. - NovaIPv6: True - # Enable IPv6 environment for RabbitMQ. - RabbitIPv6: true - # Enable IPv6 environment for Memcached. - MemcachedIPv6: true diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml index 812e84f3..59056217 100644 --- a/environments/network-management-v6.yaml +++ b/environments/network-management-v6.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml +# and define the needed networks in your custom role file. +# ****************************************************************************** # Enable the creation of an IPv6 system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 041617be..5f50bb15 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -1,3 +1,7 @@ +# *************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml +# and define the needed networks in your custom role file. +# *************************************************************************** # Enable the creation of a system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..8b2b2308 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -72,6 +72,10 @@ conditions: equals: - {get_param: deployment_actions} - [] + update_requested: + equals: + - {get_param: UpdateOnRHELRegistration} + - true resources: @@ -180,8 +184,7 @@ resources: UpdateDeploymentAfterRHELRegistration: type: OS::Heat::SoftwareDeployment depends_on: RHELRegistrationDeployment - conditions: - update_requested: {get_param: UpdateOnRHELRegistration} + condition: update_requested properties: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 504cc153..4afbeb01 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -1,8 +1,10 @@ # This template specifies which j2 rendered templates # should be excluded in the render process from # tripleo-common/tripleo_common/actions/templates.py +# E.g: +# name: +# - puppet/cephstorage-role.yaml name: - - puppet/cephstorage-role.yaml - network/internal_api.yaml - network/external.yaml - network/storage.yaml diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml deleted file mode 100644 index ce44fd68..00000000 --- a/puppet/cephstorage-role.yaml +++ /dev/null @@ -1,718 +0,0 @@ -heat_template_version: pike -description: 'OpenStack ceph storage node configured by Puppet' -parameters: - OvercloudCephStorageFlavor: - description: Flavor for the Ceph Storage node. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - CephStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - CephStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - CephStorage: - type: OS::TripleO::CephStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: CephStorageImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudCephStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: CephStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: CephStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::CephStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::CephStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::CephStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::CephStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::CephStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::CephStorage::PreNetworkConfig - properties: - server: {get_resource: CephStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - CephStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - CephStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: CephStorageUpgradeInitDeployment - server: {get_resource: CephStorage} - config: {get_resource: CephStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: CephStorageUpgradeInitDeployment - properties: - name: CephStorageDeployment - config: {get_resource: CephStorageConfig} - server: {get_resource: CephStorage} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: {get_param: CephStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - ceph: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: CephStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - CephStorageExtraConfigPre: - depends_on: CephStorageDeployment - type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: CephStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: CephStorageDeployment - properties: - server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [CephStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [CephStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the ceph storage server - value: - {get_resource: CephStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 76511784..47ca6142 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -35,6 +35,11 @@ parameters: description: The authkey for the pacemaker remote service. hidden: true default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string @@ -103,5 +108,13 @@ outputs: tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + pacemaker::corosync::manage_fw: false + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml new file mode 100644 index 00000000..764686f4 --- /dev/null +++ b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + Both environments/network-management.yaml and environments/network-management-v6.yaml + are now deprecated in favor of specifying the needed networks on each role. diff --git a/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml new file mode 100644 index 00000000..e417f5f2 --- /dev/null +++ b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fix Heat condition for RHEL registration yum update + There were 2 problems with this condition making the + rhel-registration.yaml template broken: "conditions" should be "condition" + and the condition should refer to just a condition name defined in the + "conditions:" section of the template. See + https://bugs.launchpad.net/tripleo/+bug/1709916 |