diff options
113 files changed, 1758 insertions, 531 deletions
diff --git a/ci/environments/README.rst b/ci/environments/README.rst new file mode 100644 index 00000000..4a3cb9d9 --- /dev/null +++ b/ci/environments/README.rst @@ -0,0 +1,4 @@ +This directory contains environments that are used in tripleo-ci. They may change from +release to release or within a release, and should not be relied upon in a production +environment. The top-level ``environments`` directory in tripleo-heat-templates +contains the production-ready environment files. diff --git a/ci/environments/ceph-min-osds.yaml b/ci/environments/ceph-min-osds.yaml new file mode 100644 index 00000000..4e72d313 --- /dev/null +++ b/ci/environments/ceph-min-osds.yaml @@ -0,0 +1,2 @@ +parameter_defaults: + CephPoolDefaultSize: 1 diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index c142922a..7c323811 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -6,15 +6,17 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml - OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml - OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml - OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml - OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml + OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml + OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml + OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml + # TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/ OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml - OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml + OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index b3cb500f..87587a4b 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -17,6 +17,7 @@ shell: python /var/lib/docker-puppet/docker-puppet.py environment: NET_HOST: 'true' + DEBUG: '{{docker_puppet_debug}}' when: step == "1" changed_when: false check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 13211676..4c193e49 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -29,9 +29,13 @@ import tempfile import multiprocessing log = logging.getLogger() -log.setLevel(logging.DEBUG) ch = logging.StreamHandler(sys.stdout) -ch.setLevel(logging.DEBUG) +if os.environ.get('DEBUG', False): + log.setLevel(logging.DEBUG) + ch.setLevel(logging.DEBUG) +else: + log.setLevel(logging.INFO) + ch.setLevel(logging.INFO) formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') ch.setFormatter(formatter) log.addHandler(ch) @@ -145,11 +149,11 @@ for service in (json_data or []): if not manifest or not config_image: continue - log.debug('config_volume %s' % config_volume) - log.debug('puppet_tags %s' % puppet_tags) - log.debug('manifest %s' % manifest) - log.debug('config_image %s' % config_image) - log.debug('volumes %s' % volumes) + log.info('config_volume %s' % config_volume) + log.info('puppet_tags %s' % puppet_tags) + log.info('manifest %s' % manifest) + log.info('config_image %s' % config_image) + log.info('volumes %s' % volumes) # We key off of config volume for all configs. if config_volume in configs: # Append puppet tags and manifest. @@ -217,7 +221,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Write a checksum of the config-data dir, this is used as a # salt to trigger container restart when the config changes - tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum + tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum fi """) @@ -272,13 +276,17 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env) cmd_stdout, cmd_stderr = subproc.communicate() - if cmd_stdout: - log.debug(cmd_stdout) - if cmd_stderr: - log.debug(cmd_stderr) if subproc.returncode != 0: log.error('Failed running docker-puppet.py for %s' % config_volume) + if cmd_stdout: + log.error(cmd_stdout) + if cmd_stderr: + log.error(cmd_stderr) else: + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) # only delete successful runs, for debugging rm_container('docker-puppet-%s' % config_volume) return subproc.returncode diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 83772028..73a3cb78 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -38,6 +38,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerPuppetDebug: + type: string + default: '' + description: Set to True to enable debug logging with docker-puppet.py ctlplane_service_ips: type: json @@ -84,6 +88,7 @@ resources: - name: role_name - name: update_identifier - name: bootstrap_server_id + - name: docker_puppet_debug config: {get_file: deploy-steps-playbook.yaml} {%- for step in range(1, deploy_steps_max) %} @@ -286,6 +291,7 @@ resources: role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + docker_puppet_debug: {get_param: DockerPuppetDebug} {% endfor %} # END CONFIG STEPS diff --git a/docker/docker-toool b/docker/docker-toool index 0b87ea92..a1ffe34c 100755 --- a/docker/docker-toool +++ b/docker/docker-toool @@ -69,10 +69,15 @@ def parse_opts(argv): action='store_true', help="""Start docker container interactively (-ti).""", default=False) + parser.add_argument('-d', '--detach', + action='store_true', + help="""Start container detached.""", + default=False) opts = parser.parse_args(argv[1:]) return opts + def docker_arg_map(key, value): value = str(value).encode('ascii', 'ignore') if len(value) == 0: @@ -84,12 +89,12 @@ def docker_arg_map(key, value): 'net': "--net=%s" % value, 'pid': "--pid=%s" % value, 'privileged': "--privileged=%s" % value.lower(), - #'restart': "--restart=%s" % "false", 'user': "--user=%s" % value, 'volumes': "--volume=%s" % value, 'volumes_from': "--volumes-from=%s" % value, }.get(key, None) + def run_docker_container(opts, container_name): container_found = False @@ -142,13 +147,15 @@ def run_docker_container(opts, container_name): if opts.user: continue arg = docker_arg_map(container_data, - json_data[step][container][container_data]) + json_data[step][container][container_data]) if arg: cmd.append(arg) if opts.user: cmd.append('--user') cmd.append(opts.user) + if opts.detach: + cmd.append('--detach') if opts.interactive: cmd.append('-ti') # May as well remove it when we're done too @@ -167,19 +174,17 @@ def run_docker_container(opts, container_name): if not container_found: print("Container '%s' not found!" % container_name) + def list_docker_containers(opts): - print opts with open(opts.config) as f: json_data = json.load(f) for step in (json_data or []): if step is None: continue - print step for container in (json_data[step] or []): print('\tcontainer: %s' % container) for container_data in (json_data[step][container] or []): - #print('\t\tcontainer_data: %s' % container_data) if container_data == "start_order": print('\t\tstart_order: %s' % json_data[step][container][container_data]) @@ -189,4 +194,3 @@ if opts.container: run_docker_container(opts, opts.container) else: list_docker_containers(opts) - diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 4b061e1c..41b036da 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -4,6 +4,7 @@ parameters: DockerNamespace: type: string default: tripleoupstream + description: namespace DockerNamespaceIsRegistry: type: boolean default: false diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index bda5469a..3be0f182 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-api:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,10 +77,10 @@ outputs: config_volume: aodh puppet_tags: aodh_api_paste_ini,aodh_config step_config: *step_config - config_image: &aodh_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND @@ -88,14 +92,17 @@ outputs: # db sync runs before permissions set by kolla_config step_2: aodh_init_log: - image: *aodh_image + image: &aodh_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] step_3: aodh_db_sync: - image: *aodh_image + image: *aodh_api_image net: host privileged: false detach: false @@ -109,7 +116,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: - image: *aodh_image + image: *aodh_api_image net: host privileged: false restart: always diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 74ac635f..108a5527 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-evaluator:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,10 +69,10 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_evaluator_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_evaluator: - image: *aodh_evaluator_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] net: host privileged: false restart: always diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 0930f42e..d78af5b2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-listener:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,10 +69,10 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_listener_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_listener: - image: *aodh_listener_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] net: host privileged: false restart: always diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index 607d9997..abfb3745 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-notifier:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,10 +69,10 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_notifier_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_notifier: - image: *aodh_notifier_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] net: host privileged: false restart: always diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 9cec4a61..af1f47ad 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-central:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_central_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central @@ -74,7 +78,10 @@ outputs: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_central_image + image: &ceilometer_agent_central_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 8d06d094..3cc440be 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-compute:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,17 +67,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute docker_config: step_4: ceilometer_agent_compute: - image: *ceilometer_agent_compute_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] net: host privileged: false restart: always diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml index 02793e48..7d02939d 100644 --- a/docker/services/ceilometer-agent-ipmi.yaml +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-ipmi:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_ipmi_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: command: /usr/bin/ceilometer-polling --polling-namespaces ipmi @@ -74,7 +78,10 @@ outputs: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_ipmi_image + image: &ceilometer_agent_ipmi_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -93,20 +100,6 @@ outputs: - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_ipmi_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent ipmi service tags: step2 diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 36424e91..b2e85bb6 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-notification:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_notification_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification @@ -74,7 +78,10 @@ outputs: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_notification_image + image: &ceilometer_agent_notification_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -93,20 +100,6 @@ outputs: - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_notification_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] upgrade_tasks: - name: Stop and disable ceilometer agent notification service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 94bd66d8..6a5d74bd 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-api:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 0958a7e8..2cde6f1d 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 8199c34b..bcf32b2a 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-scheduler:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 26eb10e7..55173847 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 6c58a589..e6741156 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-collectd:latest' type: string + DockerCollectdConfigImage: + description: The container image to use for the collectd config_volume + default: 'centos-binary-collectd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -68,10 +72,10 @@ outputs: config_volume: collectd puppet_tags: collectd_client_config step_config: *step_config - config_image: &collectd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdConfigImage} ] kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f @@ -82,7 +86,10 @@ outputs: docker_config: step_3: collectd: - image: *collectd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] net: host privileged: true restart: always diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml index 92b0eeb9..52395d5e 100644 --- a/docker/services/congress-api.yaml +++ b/docker/services/congress-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-congress-api:latest' type: string DockerCongressConfigImage: - description: image + description: The container image to use for the congress config_volume default: 'centos-binary-congress-api:latest' type: string EndpointMap: @@ -84,7 +84,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: congress_init_logs: - image: &congress_image + image: &congress_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] @@ -95,7 +95,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] step_3: congress_db_sync: - image: *congress_image + image: *congress_api_image net: host privileged: false detach: false @@ -110,7 +110,7 @@ outputs: step_4: congress_api: start_order: 15 - image: *congress_image + image: *congress_api_image net: host privileged: false restart: always diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5d0eb79d..7b620c56 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mongodb:latest' type: string + DockerMongodbConfigImage: + description: The container image to use for the mongodb config_volume + default: 'centos-binary-mongodb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,10 +69,10 @@ outputs: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mongodb_image + config_image: &mongodb_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbConfigImage} ] kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run @@ -82,7 +86,10 @@ outputs: docker_config: step_2: mongodb: - image: *mongodb_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] net: host privileged: false volumes: &mongodb_volumes @@ -100,7 +107,7 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: *mongodb_image + config_image: *mongodb_config_image volumes: - /var/lib/mongodb:/var/lib/mongodb - /var/log/containers/mongodb:/var/log/mongodb diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml index b0ad3760..38a31e24 100644 --- a/docker/services/database/mysql-client.yaml +++ b/docker/services/database/mysql-client.yaml @@ -8,8 +8,8 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerMysqlImage: - description: image + DockerMysqlClientConfigImage: + description: The container image to use for the mysql_client config_volume default: 'centos-binary-mariadb:latest' type: string ServiceNetMap: @@ -61,6 +61,6 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlClientConfigImage} ] # no need for a docker config, this service only generates configuration files docker_config: {} diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 9eabb719..725b2b4b 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,10 +78,10 @@ outputs: config_volume: mysql puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mysql_image + config_image: &mysql_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe @@ -89,7 +93,10 @@ outputs: # Kolla_bootstrap runs before permissions set by kolla_config step_1: mysql_init_logs: - image: *mysql_image + image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] privileged: false user: root volumes: @@ -139,7 +146,7 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: *mysql_image + config_image: *mysql_config_image volumes: - /var/lib/mysql:/var/lib/mysql/:ro - /var/log/containers/mysql:/var/log/mariadb diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 9d0d30c8..0a490cd3 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-redis:latest' type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,10 +68,10 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: &redis_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf @@ -80,7 +84,10 @@ outputs: redis_init_logs: start_order: 0 detach: false - image: *redis_image + image: &redis_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] privileged: false user: root volumes: diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index bc3654b0..d4cfe49a 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ec2-api:latest' type: string + DockerEc2ApiConfigImage: + description: The container image to use for the ec2_api config_volume + default: 'centos-binary-ec2-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -60,13 +64,13 @@ outputs: service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ec2api + config_volume: ec2_api puppet_tags: ec2api_api_paste_ini,ec2api_config step_config: *step_config - config_image: &ec2_api_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/ec2_api.json: command: /usr/bin/ec2-api @@ -84,7 +88,10 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ec2_api_init_logs: - image: *ec2_api_image + image: &ec2_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] privileged: false user: root volumes: diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index 818bddd4..3c7c81b0 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-etcd:latest' type: string + DockerEtcdConfigImage: + description: The container image to use for the etcd config_volume + default: 'centos-binary-etcd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,10 +71,10 @@ outputs: puppet_config: config_volume: etcd step_config: *step_config - config_image: &etcd_image + config_image: &etcd_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdConfigImage} ] kolla_config: /var/lib/kolla/config_files/etcd.json: command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml @@ -81,7 +85,10 @@ outputs: docker_config: step_2: etcd: - image: *etcd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] net: host privileged: false restart: always @@ -98,7 +105,7 @@ outputs: config_volume: 'etcd_init_tasks' puppet_tags: 'etcd_key' step_config: 'include ::tripleo::profile::base::etcd' - config_image: *etcd_image + config_image: *etcd_config_image volumes: - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro - /var/lib/etcd:/var/lib/etcd:ro diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 5c244012..4fadef95 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-glance-api:latest' type: string + DockerGlanceApiConfigImage: + description: The container image to use for the glance_api config_volume + default: 'centos-binary-glance-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,10 +78,10 @@ outputs: config_volume: glance_api puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config step_config: *step_config - config_image: &glance_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf @@ -87,7 +91,10 @@ outputs: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_2: glance_init_logs: - image: *glance_image + image: &glance_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] privileged: false user: root volumes: @@ -95,7 +102,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] step_3: glance_api_db_sync: - image: *glance_image + image: *glance_api_image net: host privileged: false detach: false @@ -115,7 +122,7 @@ outputs: map_merge: - glance_api: start_order: 2 - image: *glance_image + image: *glance_api_image net: host privileged: false restart: always @@ -126,7 +133,7 @@ outputs: - internal_tls_enabled - glance_api_tls_proxy: start_order: 2 - image: *glance_image + image: *glance_api_image net: host user: root restart: always diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index bd1c3168..cf31d256 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-api:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,10 +77,10 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_api_paste_ini,gnocchi_config step_config: *step_config - config_image: &gnocchi_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND @@ -88,14 +92,17 @@ outputs: # db sync runs before permissions set by kolla_config step_2: gnocchi_init_log: - image: *gnocchi_image + image: &gnocchi_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] step_3: gnocchi_db_sync: - image: *gnocchi_image + image: *gnocchi_api_image net: host detach: false privileged: false @@ -109,7 +116,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" step_4: gnocchi_api: - image: *gnocchi_image + image: *gnocchi_api_image net: host privileged: false restart: always diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index ea26d838..3a05d577 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-metricd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_metricd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd @@ -77,7 +81,10 @@ outputs: docker_config: step_4: gnocchi_metricd: - image: *gnocchi_metricd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] net: host privileged: false restart: always diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index a8ae857d..c3523b57 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-statsd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_statsd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd @@ -77,7 +81,10 @@ outputs: docker_config: step_4: gnocchi_statsd: - image: *gnocchi_statsd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] net: host privileged: false restart: always diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 1f8bcfad..242f0751 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -85,17 +89,20 @@ outputs: config_volume: haproxy puppet_tags: haproxy_config step_config: *step_config - config_image: &haproxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg docker_config: step_1: haproxy: - image: *haproxy_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] net: host privileged: false restart: always diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 89ba8cbd..1905281d 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api-cfn:latest' type: string # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn - DockerHeatConfigImage: - description: image + DockerHeatApiCfnConfigImage: + description: The container image to use for the heat_api_cfn config_volume default: 'centos-binary-heat-api-cfn:latest' type: string EndpointMap: @@ -81,7 +81,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/sbin/httpd -DFOREGROUND diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 834f2a0b..c0cec937 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api:latest' type: string # puppet needs the heat-wsgi-api binary from centos-binary-heat-api - DockerHeatConfigImage: - description: image + DockerHeatApiConfigImage: + description: The container image to use for the heat_api config_volume default: 'centos-binary-heat-api:latest' type: string EndpointMap: @@ -81,7 +81,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/sbin/httpd -DFOREGROUND diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 7a3312dd..676dbb1f 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-heat-engine:latest' type: string + DockerHeatConfigImage: + description: The container image to use for the heat config_volume + default: 'centos-binary-heat-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,10 +71,10 @@ outputs: config_volume: heat puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: &heat_engine_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_engine.json: command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf @@ -82,7 +86,10 @@ outputs: # db sync runs before permissions set by kolla_config step_2: heat_init_log: - image: *heat_engine_image + image: &heat_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] user: root volumes: - /var/log/containers/heat:/var/log/heat diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 13bd091c..5797b207 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-horizon:latest' type: string + DockerHorizonConfigImage: + description: The container image to use for the horizon config_volume + default: 'centos-binary-horizon:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -70,10 +74,10 @@ outputs: config_volume: horizon puppet_tags: horizon_config step_config: {get_attr: [HorizonBase, role_data, step_config]} - config_image: &horizon_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonConfigImage} ] kolla_config: /var/lib/kolla/config_files/horizon.json: command: /usr/sbin/httpd -DFOREGROUND @@ -88,7 +92,10 @@ outputs: docker_config: step_2: horizon_fix_perms: - image: *horizon_image + image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] user: root # NOTE Set ownership for /var/log/horizon/horizon.log file here, # otherwise it's created by root when generating django cache. diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 1c8aa5bd..183ed5ce 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-api:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -85,7 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ironic_init_logs: - image: &ironic_image + image: &ironic_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] @@ -97,7 +97,7 @@ outputs: step_3: ironic_db_sync: start_order: 1 - image: *ironic_image + image: *ironic_api_image net: host privileged: false detach: false @@ -112,7 +112,7 @@ outputs: step_4: ironic_api: start_order: 10 - image: *ironic_image + image: *ironic_api_image net: host user: root restart: always diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 360eb669..f47a3e4c 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-conductor:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 75c70828..f518b9d5 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-pxe:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index 53f5aff2..86f2d3b4 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-iscsid:latest' type: string + DockerIscsidConfigImage: + description: The container image to use for the iscsid config_volume + default: 'centos-binary-iscsid:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,10 +57,10 @@ outputs: config_volume: iscsid #puppet_tags: file step_config: '' - config_image: &iscsid_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidConfigImage} ] kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f @@ -64,7 +68,10 @@ outputs: step_3: iscsid: start_order: 2 - image: *iscsid_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] net: host privileged: true restart: always diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 4cd44f21..b6cfa21e 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-keystone:latest' type: string + DockerKeystoneConfigImage: + description: The container image to use for the keystone config_volume + default: 'centos-binary-keystone:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -86,10 +90,10 @@ outputs: config_volume: keystone puppet_tags: keystone_config step_config: *step_config - config_image: &keystone_image + config_image: &keystone_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneConfigImage} ] kolla_config: /var/lib/kolla/config_files/keystone.json: command: /usr/sbin/httpd -DFOREGROUND @@ -97,7 +101,10 @@ outputs: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: keystone_init_log: - image: *keystone_image + image: &keystone_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: @@ -106,6 +113,7 @@ outputs: keystone_db_sync: image: *keystone_image net: host + user: root privileged: false detach: false volumes: &keystone_volumes @@ -145,6 +153,7 @@ outputs: keystone_bootstrap: start_order: 3 action: exec + user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] docker_puppet_tasks: @@ -153,7 +162,7 @@ outputs: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: *keystone_image + config_image: *keystone_config_image host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 62fdaaf0..66dc6c3c 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-manila-api:latest' type: string DockerManilaConfigImage: - description: image + description: The container image to use for the manila config_volume default: 'centos-binary-manila-api:latest' type: string EndpointMap: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index fbc80fc5..d4170e42 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-manila-scheduler:latest' type: string DockerManilaConfigImage: - description: image + description: The container image to use for the manila config_volume default: 'centos-binary-manila-api:latest' type: string EndpointMap: diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d4539649..3d41c176 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-memcached:latest' type: string + DockerMemcachedConfigImage: + description: The container image to use for the memcached config_volume + default: 'centos-binary-memcached:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,17 +67,20 @@ outputs: config_volume: 'memcached' puppet_tags: 'file' step_config: *step_config - config_image: &memcached_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedConfigImage} ] kolla_config: {} docker_config: step_1: memcached_init_logs: start_order: 0 detach: false - image: *memcached_image + image: &memcached_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] privileged: false user: root volumes: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 30c3cde1..f1284280 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-api:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: @@ -84,7 +84,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: mistral_init_logs: - image: &mistral_image + image: &mistral_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] @@ -96,7 +96,7 @@ outputs: step_3: mistral_db_sync: start_order: 0 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -110,7 +110,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: start_order: 1 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -127,7 +127,7 @@ outputs: step_4: mistral_api: start_order: 15 - image: *mistral_image + image: *mistral_api_image net: host privileged: false restart: always diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index d60d847b..712f4ba6 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-engine:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 76ae052b..5a35ba98 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-executor:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index d8927d4b..61b05571 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-multipathd:latest' type: string + DockerMultipathdConfigImage: + description: The container image to use for the multipathd config_volume + default: 'centos-binary-multipathd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,10 +57,10 @@ outputs: config_volume: multipathd #puppet_tags: file step_config: '' - config_image: &multipathd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdConfigImage} ] kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d @@ -64,7 +68,10 @@ outputs: step_3: multipathd: start_order: 1 - image: *multipathd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] net: host privileged: true restart: always diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 6c2d4cae..ad8e87f7 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-server:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index d14f5251..a2bd07ff 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-dhcp-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index f3a284fe..f7d0d034 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-l3-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 69bf0c4e..493b97b2 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-metadata-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 65ad21ed..80de2cc6 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-neutron-openvswitch-agent:latest' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -79,7 +79,7 @@ outputs: docker_config: step_4: neutron_ovs_agent: - image: &neutron_ovs_agent_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index 1739a5b9..7211014e 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -20,7 +20,7 @@ parameters: default: 'tripleoupstream' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string DefaultPasswords: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index c97f45de..5d410fb6 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-api:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -62,6 +62,9 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false + nova_wsgi_enabled: false + nova::api::service_name: '%{::nova::params::api_service_name}' + nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 9f647eba..1277a8fb 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-compute:latest' type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + default: 'centos-binary-nova-compute:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -69,10 +73,10 @@ outputs: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: &nova_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf @@ -87,7 +91,10 @@ outputs: # FIXME: run discover hosts here step_4: nova_compute: - image: *nova_compute_image + image: &nova_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] net: host privileged: true user: nova diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 131355d7..266180c5 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-conductor:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -82,7 +82,7 @@ outputs: docker_config: step_4: nova_conductor: - image: &nova_conductor_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 19f25d8e..d836797f 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-consoleauth:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 63780fe6..8f988399 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -8,12 +8,12 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerNovaComputeImage: + DockerNovaComputeIronicImage: description: image default: 'centos-binary-nova-compute-ironic:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string ServiceNetMap: @@ -85,7 +85,7 @@ outputs: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeIronicImage} ] net: host privileged: true user: root diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 6c871f14..f1a48cf1 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -8,14 +8,14 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerLibvirtImage: + DockerNovaLibvirtImage: description: image default: 'centos-binary-nova-libvirt:latest' type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaConfigImage: - description: image + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume default: 'centos-binary-nova-compute:latest' type: string EnablePackageInstall: @@ -101,8 +101,8 @@ outputs: step_config: *step_config config_image: list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_libvirt.json: command: @@ -120,7 +120,7 @@ outputs: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtImage} ] net: host pid: host privileged: true diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 8f06f731..251bbaad 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-placement-api:latest' type: string + DockerNovaPlacementConfigImage: + description: The container image to use for the nova_placement config_volume + default: 'centos-binary-nova-placement-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -66,10 +70,10 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: &nova_placement_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_placement.json: command: /usr/sbin/httpd -DFOREGROUND @@ -82,7 +86,10 @@ outputs: step_3: nova_placement: start_order: 1 - image: *nova_placement_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] net: host user: root restart: always diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 6285e98e..fbb3abc7 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-scheduler:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 97d2d154..c2b9c3b1 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-novncproxy:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml new file mode 100644 index 00000000..728162fe --- /dev/null +++ b/docker/services/octavia-api.yaml @@ -0,0 +1,155 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaApiImage: + description: image + default: 'centos-binary-octavia-api:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaApiPuppetBase: + type: ../../puppet/services/octavia-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia API role. + value: + service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_api.json: + command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api + /var/lib/kolla/config_files/octavia_api_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND + docker_config: + # Kolla_bootstrap/db_sync runs before permissions set by kolla_config + step_2: + octavia_api_init_dirs: + start_order: 0 + image: &octavia_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaApiImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + - /var/log/containers/octavia:/var/log/octavia + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] + step_3: + octavia_db_sync: + start_order: 0 + image: *octavia_api_image + net: host + privileged: false + detach: false + user: root + volumes: &octavia_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" + step_4: + map_merge: + - octavia_api: + start_order: 2 + image: *octavia_api_image + net: host + privileged: false + restart: always + volumes: *octavia_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - octavia_api_tls_proxy: + start_order: 2 + image: *octavia_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_api service + tags: step2 + service: name=openstack-octavia-api state=stopped enabled=no diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml new file mode 100644 index 00000000..2228e369 --- /dev/null +++ b/docker/services/octavia-health-manager.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia health-manager service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHealthManagerImage: + description: image + default: 'centos-binary-octavia-health-manager:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHealthManagerPuppetBase: + type: ../../puppet/services/octavia-health-manager.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia health-manager role. + value: + service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_health_manager.json: + command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager + docker_config: + step_2: + octavia_health_manager_init_dirs: + start_order: 0 + image: &octavia_health_manager_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHealthManagerImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager'] + step_4: + octavia_health_manager: + start_order: 2 + image: *octavia_health_manager_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_health_manager service + tags: step2 + service: name=openstack-octavia-health-manager state=stopped enabled=no diff --git a/docker/services/octavia-housekeeping.yaml b/docker/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..c2986c63 --- /dev/null +++ b/docker/services/octavia-housekeeping.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHousekeepingImage: + description: image + default: 'centos-binary-octavia-housekeeping:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHousekeepingPuppetBase: + type: ../../puppet/services/octavia-housekeeping.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia housekeeping role. + value: + service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_housekeeping.json: + command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping + docker_config: + step_2: + octavia_housekeeping_init_dirs: + start_order: 0 + image: &octavia_housekeeping_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHousekeepingImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping'] + step_4: + octavia_housekeeping: + start_order: 2 + image: *octavia_housekeeping_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_housekeeping service + tags: step2 + service: name=openstack-octavia-housekeeping state=stopped enabled=no diff --git a/docker/services/octavia-worker.yaml b/docker/services/octavia-worker.yaml new file mode 100644 index 00000000..41295125 --- /dev/null +++ b/docker/services/octavia-worker.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia worker service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaWorkerImage: + description: image + default: 'centos-binary-octavia-worker:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaWorkerPuppetBase: + type: ../../puppet/services/octavia-worker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia worker role. + value: + service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaWorkerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_worker.json: + command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker + docker_config: + step_2: + octavia_worker_init_dirs: + start_order: 0 + image: &octavia_worker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaWorkerImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker'] + step_4: + octavia_worker: + start_order: 2 + image: *octavia_worker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_worker service + tags: step2 + service: name=openstack-octavia-worker state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 7cac9d48..d15c920e 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string CinderBackupBackend: diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 987ebaf0..07e5fc2e 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index bad2acf6..9fd9402f 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -14,6 +14,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerClustercheckConfigImage: + description: The container image to use for the clustercheck config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: clustercheck puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::pacemaker::clustercheck" - config_image: &clustercheck_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckConfigImage} ] kolla_config: /var/lib/kolla/config_files/clustercheck.json: command: /usr/sbin/xinetd -dontfork @@ -87,7 +91,10 @@ outputs: step_2: clustercheck: start_order: 1 - image: *clustercheck_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] restart: always net: host volumes: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index d64845f2..fb1400f6 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -77,7 +81,10 @@ outputs: - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" - "exec {'wait-for-settle': command => '/bin/true' }" - "include ::tripleo::profile::pacemaker::database::mysql_bundle" - config_image: *mysql_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/sbin/pacemaker_remoted diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index ef27f7e9..2ff15fe9 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-redis:latest' type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,7 +78,10 @@ outputs: puppet_tags: 'exec' step_config: get_attr: [RedisBase, role_data, step_config] - config_image: *redis_image + config_image: &redis_config_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/sbin/pacemaker_remoted @@ -113,7 +120,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' - image: *redis_image + image: *redis_config_image volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 7557afd6..704ffab5 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,7 +77,10 @@ outputs: - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - config_image: *haproxy_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 7f6ac701..ab1a612f 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-rabbitmq:latest' type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -72,7 +76,10 @@ outputs: config_volume: rabbitmq puppet_tags: file step_config: *step_config - config_image: *rabbitmq_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/sbin/pacemaker_remoted diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 585148e5..0f556063 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -14,6 +14,10 @@ parameters: description: image default: 'centos-binary-panko-api:latest' type: string + DockerPankoConfigImage: + description: The container image to use for the panko config_volume + default: 'centos-binary-panko-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -75,10 +79,10 @@ outputs: config_volume: panko puppet_tags: panko_api_paste_ini,panko_config step_config: *step_config - config_image: &panko_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerPankoConfigImage} ] kolla_config: /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND @@ -89,14 +93,17 @@ outputs: docker_config: step_2: panko_init_log: - image: *panko_image + image: &panko_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] step_3: panko_db_sync: - image: *panko_image + image: *panko_api_image net: host detach: false privileged: false @@ -111,7 +118,7 @@ outputs: step_4: panko_api: start_order: 2 - image: *panko_image + image: *panko_api_image net: host privileged: false restart: always diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 06d663c9..f42f2ed2 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-rabbitmq:latest' type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,10 +77,10 @@ outputs: puppet_config: config_volume: rabbitmq step_config: *step_config - config_image: &rabbitmq_image + config_image: &rabbitmq_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server @@ -90,7 +94,10 @@ outputs: rabbitmq_init_logs: start_order: 0 detach: false - image: *rabbitmq_image + image: &rabbitmq_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] privileged: false user: root volumes: @@ -146,7 +153,7 @@ outputs: config_volume: 'rabbit_init_tasks' puppet_tags: 'rabbitmq_policy,rabbitmq_user' step_config: 'include ::tripleo::profile::base::rabbitmq' - config_image: *rabbitmq_image + config_image: *rabbitmq_config_image volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index 10670796..32d64583 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sahara-api:latest' type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,10 +68,10 @@ outputs: config_volume: sahara puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] kolla_config: /var/lib/kolla/config_files/sahara-api.json: command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf @@ -81,10 +85,14 @@ outputs: docker_config: step_3: sahara_db_sync: - image: *sahara_image + image: &sahara_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] net: host privileged: false detach: false + user: root volumes: &sahara_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -97,7 +105,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" step_4: sahara_api: - image: *sahara_image + image: *sahara_api_image net: host privileged: false restart: always diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 41b5790b..99a51c9a 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sahara-engine:latest' type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,10 +68,10 @@ outputs: config_volume: sahara puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] kolla_config: /var/lib/kolla/config_files/sahara-engine.json: command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf @@ -81,7 +85,10 @@ outputs: docker_config: step_4: sahara_engine: - image: *sahara_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] net: host privileged: false restart: always diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml index db6daf99..42b0c57a 100644 --- a/docker/services/sensu-client.yaml +++ b/docker/services/sensu-client.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sensu-client:latest' type: string + DockerSensuConfigImage: + description: The container image to use for the sensu config_volume + default: 'centos-binary-sensu-client:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -98,10 +102,10 @@ outputs: config_volume: sensu puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check step_config: *step_config - config_image: &sensu_client_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSensuConfigImage} ] kolla_config: /var/lib/kolla/config_files/sensu-client.json: command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log @@ -112,7 +116,10 @@ outputs: docker_config: step_3: sensu_client: - image: *sensu_client_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] net: host privileged: true # NOTE(mmagr) kolla image changes the user to 'sensu', we need it diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index f1d0da77..d7a7fe41 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-swift-proxy-server:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -70,10 +74,10 @@ outputs: config_volume: swift puppet_tags: swift_proxy_config step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_proxy.json: command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf @@ -87,7 +91,10 @@ outputs: step_4: map_merge: - swift_proxy: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index 075d8d7c..00a772d6 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -8,8 +8,8 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerSwiftProxyImage: - description: image + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume default: 'centos-binary-swift-proxy-server:latest' type: string ServiceNetMap: @@ -98,6 +98,6 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: {} docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 55aea208..f2b8c474 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -24,6 +24,10 @@ parameters: description: image default: 'centos-binary-swift-object:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -82,12 +86,12 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: swift - puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config + puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_account_auditor.json: command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf @@ -119,6 +123,8 @@ outputs: - path: /var/log/swift owner: swift:swift recurse: true + /var/lib/kolla/config_files/swift_xinetd_rsync.json: + command: /usr/sbin/xinetd -dontfork docker_config: step_3: # The puppet config sets this up but we don't have a way to mount the named @@ -286,7 +292,10 @@ outputs: - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_expirer: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always @@ -349,6 +358,24 @@ outputs: - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env + swift_xinetd_rsync: + image: *swift_object_image + net: host + user: root + restart: always + privileged: true + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_xinetd_rsync.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc:/etc + - /run:/run + - /srv/node:/srv/node + - /dev:/dev + - /var/log/containers/swift:/var/log/swift + environment: *kolla_env + host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index df9750c9..84175c57 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-tacker:latest' type: string DockerTackerConfigImage: - description: image + description: The container image to use for the tacker config_volume default: 'centos-binary-tacker:latest' type: string EndpointMap: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 5ce324b9..17524e5e 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-zaqar:latest' type: string + DockerZaqarConfigImage: + description: The container image to use for the zaqar config_volume + default: 'centos-binary-zaqar:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: zaqar puppet_tags: zaqar_config step_config: *step_config - config_image: &zaqar_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarConfigImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND @@ -79,7 +83,10 @@ outputs: docker_config: step_4: zaqar: - image: *zaqar_image + image: &zaqar_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] net: host privileged: false restart: always diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml new file mode 100644 index 00000000..442262b3 --- /dev/null +++ b/environments/docker-ha.yaml @@ -0,0 +1,22 @@ +# Environment file to deploy the HA services via docker +# Add it *after* -e docker.yaml: +# ...deploy..-e docker.yaml -e docker-ha.yaml +resource_registry: + # Pacemaker runs on the host + OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml + OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + + # Services that are disabled for HA deployments with pacemaker + OS::TripleO::Services::Keepalived: OS::Heat::None + + # HA Containers managed by pacemaker + OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml + OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml + OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml + OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml + OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Redis: ../docker/services/pacemaker/database/redis.yaml diff --git a/environments/neutron-ml2-cisco-nexus-ucsm.yaml b/environments/neutron-ml2-cisco-nexus-ucsm.yaml index f5a0a399..2c87470b 100644 --- a/environments/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/environments/neutron-ml2-cisco-nexus-ucsm.yaml @@ -2,7 +2,6 @@ # a Cisco Neutron plugin. resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml new file mode 100644 index 00000000..9ee4eb7e --- /dev/null +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -0,0 +1,37 @@ +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR and DPDK +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' + NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + ## This can be done using ComputeKernelArgs as shown below. + ComputeParameters: + #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments + ## due to CPU contention of DPDK PMD threads. + OvsEnableDpdk: True + ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. + # It is recommended to use the socket closest to the PCIe slot used for the + # desired DPDK NIC. Format should be comma separated per socket string such as: + # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". + #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver. + #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC + # location to cores on socket, number of hyper-threaded logical cores, and + # desired number of PMD threads can all play a role in configuring this setting. + # These cores should be on the same socket where OvsDpdkSocketMemory is assigned. + # If using hyperthreading then specify both logical cores that would equal the + # physical core. Also, specifying more than one core will trigger multiple PMD + # threads to be spawned, which may improve dataplane performance. + #NovaVcpuPinSet: "" # Cores to pin Nova instances to. For maximum performance, select cores + # on the same NUMA node(s) selected for previous settings. diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index 6706bccc..ecfd0fea 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -1,18 +1,31 @@ -## A Heat environment that can be used to deploy DPDK with OVS +# A Heat environment that can be used to deploy DPDK with OVS +# Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml parameter_defaults: - ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings. - ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments. - #NeutronDpdkCoreList: "" - #NeutronDpdkMemoryChannels: "" - NeutronDatapathType: "netdev" NeutronVhostuserSocketDir: "/var/lib/vhost_sockets" - - #NeutronDpdkSocketMemory: "" - #NeutronDpdkDriverType: "vfio-pci" - #NovaReservedHostMemory: 4096 - #NovaVcpuPinSet: "" - + NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + ## This can be done using ComputeKernelArgs as shown below. + #ComputeParameters: + #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments + ## due to CPU contention of DPDK PMD threads. + ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. + # It is recommended to use the socket closest to the PCIe slot used for the + # desired DPDK NIC. Format should be comma separated per socket string such as: + # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". + #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver. + #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC + # location to cores on socket, number of hyper-threaded logical cores, and + # desired number of PMD threads can all play a role in configuring this setting. + # These cores should be on the same socket where OvsDpdkSocketMemory is assigned. + # If using hyperthreading then specify both logical cores that would equal the + # physical core. Also, specifying more than one core will trigger multiple PMD + # threads to be spawned, which may improve dataplane performance. + #NovaVcpuPinSet: "" # Cores to pin Nova instances to. For maximum performance, select cores + # on the same NUMA node(s) selected for previous settings. diff --git a/environments/nonha-arch.yaml b/environments/nonha-arch.yaml new file mode 100644 index 00000000..7fdcc100 --- /dev/null +++ b/environments/nonha-arch.yaml @@ -0,0 +1,16 @@ +# An environment which creates an Overcloud without the use of pacemaker +# (i.e. only with keepalived and systemd for all resources) +resource_registry: + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None + + OS::TripleO::Services::CinderVolume: ../puppet/services/cinder-volume.yaml + OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml + OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml + OS::TripleO::Services::MySQL: ../puppet/services/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Pacemaker: OS::Heat::None + OS::TripleO::Services::PacemakerRemote: OS::Heat::None + diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml new file mode 100644 index 00000000..b677a4f6 --- /dev/null +++ b/environments/services-docker/octavia.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml + OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml diff --git a/extraconfig/pre_network/ansible_host_config.yaml b/extraconfig/pre_network/ansible_host_config.yaml index f4f1a14a..2d862613 100644 --- a/extraconfig/pre_network/ansible_host_config.yaml +++ b/extraconfig/pre_network/ansible_host_config.yaml @@ -31,7 +31,7 @@ line: 'isolated_cores={{ _TUNED_CORES_ }}' when: _TUNED_CORES_|default("") != "" - - name: Tune-d provile activation + - name: Tune-d profile activation shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }} become: true when: _TUNED_PROFILE_NAME_|default("") != "" diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index e4898a6e..009a0879 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -14,26 +14,81 @@ parameters: ServiceNames: type: comma_delimited_list default: [] - HostCpusList: + IsolCpusList: default: "0" + description: List of cores to be isolated by tuned + type: string + constraints: + - allowed_pattern: "[0-9,-]+" + OvsEnableDpdk: + default: false + description: Whether or not to configure enable DPDK in OVS + type: boolean + OvsDpdkCoreList: + description: > + List of cores to be used for DPDK lcore threads. Note, these threads + are used by the OVS control path for validator and handling functions. + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: "" + OvsDpdkMemoryChannels: + description: Number of memory channels per socket to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: "" + OvsDpdkSocketMemory: + default: "" + description: > + Sets the amount of hugepage memory to assign per NUMA node. It is + recommended to use the socket closest to the PCIe slot used for the + desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 + mem>, <socket n mem>", where the value is specified in MB. For example: + "1024,0". + type: string + OvsDpdkDriverType: + default: "vfio-pci" + description: > + DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports + this UIO/PMD driver. + type: string + OvsPmdCoreList: + description: > + A list or range of CPU cores for PMD threads to be pinned to. Note, NIC + location to cores on socket, number of hyper-threaded logical cores, and + desired number of PMD threads can all play a role in configuring this + setting. These cores should be on the same socket where + OvsDpdkSocketMemory is assigned. If using hyperthreading then specify + both logical cores that would equal the physical core. Also, specifying + more than one core will trigger multiple PMD threads to be spawned which + may improve dataplane performance. + constraints: + - allowed_pattern: "[0-9,-]*" + type: string + default: "" + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Queens cycle. + HostCpusList: description: List of cores to be used for host process type: string constraints: - allowed_pattern: "[0-9,-]+" + default: '0' NeutronDpdkCoreList: - default: "" description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - allowed_pattern: "[0-9,-]*" + default: '' NeutronDpdkMemoryChannels: - default: "" description: Number of memory channels to be used for DPDK type: string constraints: - allowed_pattern: "[0-9]*" + default: '' NeutronDpdkSocketMemory: - default: "" + default: '' description: Memory allocated for each socket type: string NeutronDpdkDriverType: @@ -45,14 +100,23 @@ conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} # YAQL is enabled in conditions with https://review.openstack.org/#/c/467506/ is_dpdk_config_required: - yaql: - expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') - data: - service_names: {get_param: ServiceNames} + or: + - yaql: + expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') + data: + service_names: {get_param: ServiceNames} + - {get_param: OvsEnableDpdk} + - {get_param: [RoleParameters, OvsEnableDpdk]} is_reboot_config_required: or: - is_host_config_required - is_dpdk_config_required + l_cores_empty: {equals: [{get_param: OvsDpdkCoreList}, '']} + pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} + mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} + socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} + driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} + isol_cpus_empty: {equals: [{get_param: IsolCpusList}, '0']} resources: RoleParametersValue: @@ -62,16 +126,20 @@ resources: value: map_replace: - map_replace: - - HostCpusList: HostCpusList - NeutronDpdkCoreList: NeutronDpdkCoreList - NeutronDpdkMemoryChannels: NeutronDpdkMemoryChannels - NeutronDpdkSocketMemory: NeutronDpdkSocketMemory + - IsolCpusList: IsolCpusList + OvsDpdkCoreList: OvsDpdkCoreList + OvsDpdkMemoryChannels: OvsDpdkMemoryChannels + OvsDpdkSocketMemory: OvsDpdkSocketMemory + OvsDpdkDriverType: OvsDpdkDriverType + OvsPmdCoreList: OvsDpdkCoreList - values: {get_param: [RoleParameters]} - values: - HostCpusList: {get_param: HostCpusList} - NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} - NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} - NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + IsolCpusList: {if: [isol_cpus_empty, {get_param: HostCpusList}, {get_param: IsolCpusList}]} + OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} + OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} + OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} + OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} + OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} HostParametersConfig: type: OS::Heat::SoftwareConfig @@ -98,7 +166,7 @@ resources: input_values: _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} - _TUNED_CORES_: {get_param: [RoleParameters, HostIsolatedCoreList]} + _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} EnableDpdkConfig: type: OS::Heat::SoftwareConfig @@ -122,10 +190,10 @@ resources: } ' params: - $HOST_CORES: {get_attr: [RoleParametersValue, value, HostCpusList]} - $PMD_CORES: {get_attr: [RoleParametersValue, value, NeutronDpdkCoreList]} - $MEMORY_CHANNELS: {get_attr: [RoleParametersValue, value, NeutronDpdkMemoryChannels]} - $SOCKET_MEMORY: {get_attr: [RoleParametersValue, value, NeutronDpdkSocketMemory]} + $HOST_CORES: {get_attr: [RoleParametersValue, value, OvsDpdkCoreList]} + $PMD_CORES: {get_attr: [RoleParametersValue, value, OvsPmdCoreList]} + $MEMORY_CHANNELS: {get_attr: [RoleParametersValue, value, OvsDpdkMemoryChannels]} + $SOCKET_MEMORY: {get_attr: [RoleParametersValue, value, OvsDpdkSocketMemory]} EnableDpdkDeployment: type: OS::Heat::SoftwareDeployment diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index b1a35293..51cc85d8 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -268,6 +268,7 @@ resource_registry: OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Iscsid: OS::Heat::None + OS::TripleO::Services::Clustercheck: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b44095bd..574c41b0 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -8,11 +8,14 @@ description: 'Upgrade steps for all roles' parameters: servers: type: json - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - + ctlplane_service_ips: + type: json UpdateIdentifier: type: string description: > @@ -206,7 +209,9 @@ resources: {%- endfor %} properties: servers: {get_param: servers} + stack_name: {get_param: stack_name} role_data: {get_param: role_data} + ctlplane_service_ips: {get_param: ctlplane_service_ips} outputs: # Output the config for each role, just use Step1 as the config should be diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml index c51b6e1b..bdd1e613 100644 --- a/puppet/post-upgrade.j2.yaml +++ b/puppet/post-upgrade.j2.yaml @@ -8,17 +8,20 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + ctlplane_service_ips: + type: json resources: # Note the include here is the same as post.j2.yaml but the data used at diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 76d5c269..4493721c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -92,8 +92,12 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -138,7 +142,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] neutron_ovs_upgrade: - name: Check if neutron_ovs_agent is deployed command: systemctl is-enabled neutron-openvswitch-agent diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 29c10469..da7a4d68 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -26,32 +26,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - HostCpusList: - default: "0" - description: List of cores to be used for host process - type: string - constraints: - - allowed_pattern: "[0-9,-]+" - NeutronDpdkCoreList: - default: "" - description: List of cores to be used for DPDK Poll Mode Driver - type: string - constraints: - - allowed_pattern: "[0-9,-]*" - NeutronDpdkMemoryChannels: - default: "" - description: Number of memory channels to be used for DPDK - type: string - constraints: - - allowed_pattern: "[0-9]*" - NeutronDpdkSocketMemory: - default: "" - description: Memory allocated for each socket - type: string - NeutronDpdkDriverType: - default: "vfio-pci" - description: DPDK Driver type - type: string # below parameters has to be set in neutron agent only for compute nodes. # as of now there is no other usecase for these parameters except dpdk. # should be moved to compute only ovs agent in case of any other usecases. @@ -75,9 +49,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -89,20 +60,19 @@ resources: - map_replace: - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir - vswitch::dpdk::driver_type: NeutronDpdkDriverType - vswitch::dpdk::host_core_list: HostCpusList - vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList - vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels - vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory - values: {get_param: [RoleParameters]} - values: NeutronDatapathType: {get_param: NeutronDatapathType} NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} - HostCpusList: {get_param: HostCpusList} - NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} - NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} - NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -116,7 +86,8 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true + - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index fe2f2946..4ce5316d 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number NovaPassword: description: The password for the nova service and db account, used by nova-api. @@ -81,17 +81,15 @@ conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # ApacheServiceBase: - # type: ./apache.yaml - # properties: - # ServiceNetMap: {get_param: ServiceNetMap} - # DefaultPasswords: {get_param: DefaultPasswords} - # EndpointMap: {get_param: EndpointMap} - # RoleName: {get_param: RoleName} - # RoleParameters: {get_param: RoleParameters} - # EnableInternalTLS: {get_param: EnableInternalTLS} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -114,9 +112,7 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: @@ -143,23 +139,21 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - nova_wsgi_enabled: false - # nova::api::service_name: 'httpd' - # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + nova_wsgi_enabled: true + nova::api::service_name: 'httpd' + nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - # nova::wsgi::apache_api::servername: - # str_replace: - # template: - # "%{hiera('fqdn_$NETWORK')}" - # params: - # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -169,9 +163,7 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # nova::wsgi::apache_api::workers: {get_param: NovaWorkers} + nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -199,87 +191,91 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # metadata_settings: - # get_attr: [ApacheServiceBase, role_data, metadata_settings] + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: get bootstrap nodeid - tags: common - command: hiera bootstrap_nodeid - register: bootstrap_node - - name: set is_bootstrap_node fact - tags: common - set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} - - name: Extra migration for nova tripleo/+bug/1656791 - tags: step0,pre-upgrade - when: is_bootstrap_node - command: nova-manage db online_data_migrations - - name: Stop and disable nova_api service (pre-upgrade not under httpd) - tags: step2 - service: name=openstack-nova-api state=stopped enabled=no - - name: Create puppet manifest to set transport_url in nova.conf - tags: step5 - when: is_bootstrap_node - copy: - dest: /root/nova-api_upgrade_manifest.pp - mode: 0600 - content: > - $transport_url = os_transport_url({ - 'transport' => hiera('messaging_service_name', 'rabbit'), - 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), - 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), - 'username' => hiera('nova::rabbit_userid', 'guest'), - 'password' => hiera('nova::rabbit_password'), - 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) - }) - oslo::messaging::default { 'nova_config': - transport_url => $transport_url - } - - name: Run puppet apply to set tranport_url in nova.conf - tags: step5 - when: is_bootstrap_node - command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp - register: puppet_apply_nova_api_upgrade - failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] - changed_when: puppet_apply_nova_api_upgrade.rc == 2 - - name: Setup cell_v2 (map cell0) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) - - name: Setup cell_v2 (create default cell) - tags: step5 - when: is_bootstrap_node - # (owalsh) puppet-nova expects the cell name 'default' - # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 - shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) - register: nova_api_create_cell - failed_when: nova_api_create_cell.rc not in [0,2] - changed_when: nova_api_create_cell.rc == 0 - - name: Setup cell_v2 (sync nova/cell DB) - tags: step5 - when: is_bootstrap_node - command: nova-manage db sync - async: {get_param: NovaDbSyncTimeout} - poll: 10 - - name: Setup cell_v2 (get cell uuid) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' - register: nova_api_cell_uuid - - name: Setup cell_v2 (migrate hosts) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose - - name: Setup cell_v2 (migrate instances) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} - - name: Sync nova_api DB - tags: step5 - command: nova-manage api_db sync - when: is_bootstrap_node - - name: Online data migration for nova - tags: step5 - when: is_bootstrap_node - command: nova-manage db online_data_migrations + yaql: + expression: $.data.apache_upgrade + $.data.nova_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + nova_api_upgrade: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 30eb1277..b83b9852 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Conductor service. + description: Number of workers for Nova services. type: number MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 335b2c28..bc7dc1b0 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number conditions: diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 86aa079e..aaa7ef5b 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Placement API service. + description: Number of workers for Nova services. type: number NovaPassword: description: The password for the nova service and db account, used by nova-placement. diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 0d859be1..1a8754a5 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -57,8 +57,14 @@ parameters: type: json resources: - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -66,19 +72,21 @@ outputs: value: service_name: opendaylight_ovs config_settings: - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} - opendaylight::username: {get_param: OpenDaylightUsername} - opendaylight::password: {get_param: OpenDaylightPassword} - opendaylight_check_url: {get_param: OpenDaylightCheckURL} - opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} - neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} - tripleo.opendaylight_ovs.firewall_rules: - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '136 neutron gre networks': - proto: 'gre' + map_merge: + - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} + opendaylight_check_url: {get_param: OpenDaylightCheckURL} + opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} + tripleo.opendaylight_ovs.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' + - get_attr: [Ovs, role_data, config_settings] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: @@ -86,7 +94,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] opendaylight_upgrade: - name: Check if openvswitch is deployed command: systemctl is-enabled openvswitch diff --git a/puppet/services/openvswitch-upgrade.yaml b/puppet/services/openvswitch-upgrade.yaml deleted file mode 100644 index f6e78462..00000000 --- a/puppet/services/openvswitch-upgrade.yaml +++ /dev/null @@ -1,50 +0,0 @@ -heat_template_version: pike - -description: > - Openvswitch package special handling for upgrade. - -outputs: - role_data: - description: Upgrade task for special handling of Openvswitch (OVS) upgrade. - value: - service_name: openvswitch_upgrade - upgrade_tasks: - - name: Check openvswitch version. - tags: step2 - register: ovs_version - ignore_errors: true - shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' - - name: Check openvswitch packaging. - tags: step2 - shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" - register: ovs_packaging_issue - ignore_errors: true - - block: - - name: "Ensure empty directory: emptying." - file: - state: absent - path: /root/OVS_UPGRADE - - name: "Ensure empty directory: creating." - file: - state: directory - path: /root/OVS_UPGRADE - owner: root - group: root - mode: 0750 - - name: Download OVS packages. - command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch - - name: Get rpm list for manual upgrade of OVS. - shell: ls -1 /root/OVS_UPGRADE/*.rpm - register: ovs_list_of_rpms - - name: Manual upgrade of OVS - shell: | - rpm -U --test {{item}} 2>&1 | grep "already installed" || \ - rpm -U --replacepkgs --notriggerun --nopostun {{item}}; - args: - chdir: /root/OVS_UPGRADE - with_items: - - "{{ovs_list_of_rpms.stdout_lines}}" - tags: step2 - when: "'2.5.0-14' in '{{ovs_version.stdout}}' - or - ovs_packaging_issue|succeeded" diff --git a/puppet/services/openvswitch.yaml b/puppet/services/openvswitch.yaml new file mode 100644 index 00000000..36aa5db7 --- /dev/null +++ b/puppet/services/openvswitch.yaml @@ -0,0 +1,178 @@ +heat_template_version: pike + +description: > + Open vSwitch Configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OvsDpdkCoreList: + description: > + List of cores to be used for DPDK lcore threads. Note, these threads + are used by the OVS control path for validator and handling functions. + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: "" + OvsDpdkMemoryChannels: + description: Number of memory channels per socket to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: "" + OvsDpdkSocketMemory: + default: "" + description: > + Sets the amount of hugepage memory to assign per NUMA node. It is + recommended to use the socket closest to the PCIe slot used for the + desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 + mem>, <socket n mem>", where the value is specified in MB. For example: + "1024,0". + type: string + OvsDpdkDriverType: + default: "vfio-pci" + description: > + DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports + this UIO/PMD driver. + type: string + OvsPmdCoreList: + description: > + A list or range of CPU cores for PMD threads to be pinned to. Note, NIC + location to cores on socket, number of hyper-threaded logical cores, and + desired number of PMD threads can all play a role in configuring this + setting. These cores should be on the same socket where + OvsDpdkSocketMemory is assigned. If using hyperthreading then specify + both logical cores that would equal the physical core. Also, specifying + more than one core will trigger multiple PMD threads to be spawned which + may improve dataplane performance. + constraints: + - allowed_pattern: "[0-9,-]*" + type: string + default: "" + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Queens cycle. + HostCpusList: + description: List of cores to be used for host process + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkCoreList: + description: List of cores to be used for DPDK Poll Mode Driver + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkMemoryChannels: + description: Number of memory channels to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: '' + NeutronDpdkSocketMemory: + default: '' + description: Memory allocated for each socket + type: string + NeutronDpdkDriverType: + default: "vfio-pci" + description: DPDK Driver type + type: string + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - HostCpusList + - NeutronDpdkCoreList + - NeutronDpdkMemoryChannels + - NeutronDpdkSocketMemory + - NeutronDpdkDriverType + +conditions: + l_cores_empty: {equals: [{get_param: OvsDpdkCoreList}, '']} + pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} + mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} + socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} + driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} + +outputs: + role_data: + description: Role data for the Open vSwitch service. + value: + service_name: openvswitch + config_settings: + map_replace: + - map_replace: + - vswitch::dpdk::driver_type: OvsDpdkDriverType + vswitch::dpdk::host_core_list: OvsDpdkCoreList + vswitch::dpdk::pmd_core_list: OvsPmdCoreList + vswitch::dpdk::memory_channels: OvsDpdkMemoryChannels + vswitch::dpdk::socket_mem: OvsDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} + OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} + OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} + OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} + OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} + + upgrade_tasks: + - name: Check openvswitch version. + tags: step2 + register: ovs_version + ignore_errors: true + shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' + - name: Check openvswitch packaging. + tags: step2 + shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" + register: ovs_packaging_issue + ignore_errors: true + - block: + - name: "Ensure empty directory: emptying." + file: + state: absent + path: /root/OVS_UPGRADE + - name: "Ensure empty directory: creating." + file: + state: directory + path: /root/OVS_UPGRADE + owner: root + group: root + mode: 0750 + - name: Download OVS packages. + command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch + - name: Get rpm list for manual upgrade of OVS. + shell: ls -1 /root/OVS_UPGRADE/*.rpm + register: ovs_list_of_rpms + - name: Manual upgrade of OVS + shell: | + rpm -U --test {{item}} 2>&1 | grep "already installed" || \ + rpm -U --replacepkgs --notriggerun --nopostun {{item}}; + args: + chdir: /root/OVS_UPGRADE + with_items: + - "{{ovs_list_of_rpms.stdout_lines}}" + tags: step2 + when: "'2.5.0-14' in '{{ovs_version.stdout}}' + or + ovs_packaging_issue|succeeded" diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 9a304edb..c707efb1 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -59,10 +59,10 @@ parameters: type: string SwiftCeilometerPipelineEnabled: description: Set to False to disable the swift proxy ceilometer pipeline. - default: True + default: false type: boolean SwiftCeilometerIgnoreProjects: - default: ['services'] + default: ['service'] description: Comma-seperated list of project names to ignore. type: comma_delimited_list RabbitClientPort: @@ -81,7 +81,7 @@ parameters: conditions: - ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]} use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: @@ -118,14 +118,20 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} - swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} - swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - swift::proxy::ceilometer::password: {get_param: SwiftPassword} - swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} - swift::proxy::ceilometer::nonblocking_notify: true + - + if: + - ceilometer_pipeline_enabled + - + swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} + swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} + swift::proxy::ceilometer::nonblocking_notify: true + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + - {} + - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} @@ -168,7 +174,6 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' - swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml b/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml new file mode 100644 index 00000000..28dac8b0 --- /dev/null +++ b/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Disable ceilometer in the swift proxy middleware pipeline out of the box. + This generates a lot of events with gnocchi and swift backend and causes + heavy load. It should be easy to enable if needed. diff --git a/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml b/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml new file mode 100644 index 00000000..0721334c --- /dev/null +++ b/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + There is now a tool in tripleo-heat-templates, similar to the + oslo-config-generator, that can be used to programmatically generate + sample environment files based directly on the contents of the templates + themselves. This ensures consistency in the sample environments, as well + as making it easier to update environments to reflect changes to the + templates. +upgrade: + - | + Some sample environment files will be moving as part of the work to + generate them programmatically. The old versions will be left in place for + one cycle to allow a smooth upgrade process. When upgrading, if any of the + environment files in use for the deployment have been deprecated they + should be replaced with the new generated verions. +deprecations: + - | + Where a generated sample environment replaces an existing one, the existing + environment is deprecated. This will be noted in a comment at the top of + the file. diff --git a/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml b/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml new file mode 100644 index 00000000..1e44d926 --- /dev/null +++ b/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml @@ -0,0 +1,23 @@ +--- +features: + - Adds common openvswitch service template to be + inherited by other services. + - Adds environment file to be used for deploying + OpenDaylight + OVS DPDK. + - Adds first boot and ovs configuration scripts +deprecations: + - The ``HostCpusList`` parameter is deprecated in + favor of ``OvsDpdkCoreList`` and will be removed + in a future release. + - The ``NeutronDpdkCoreList`` parameter is deprecated in + favor of ``OvsPmdCoreList`` and will be removed + in a future release. + - The ``NeutronDpdkMemoryChannels`` parameter is deprecated in + favor of ``OvsDpdkMemoryChannels`` and will be removed + in a future release. + - The ``NeutronDpdkSocketMemory`` parameter is deprecated in + favor of ``OvsDpdkSocketMemory`` and will be removed + in a future release. + - The ``NeutronDpdkDriverType`` parameter is deprecated in + favor of ``OvsDpdkDriverType`` and will be removed + in a future release. diff --git a/roles/Controller.yaml b/roles/Controller.yaml index b0a13138..e156396d 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -46,6 +46,7 @@ - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 6cf2120e..4ad405aa 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -40,6 +40,7 @@ - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/roles_data.yaml b/roles_data.yaml index f96e5625..d84b6378 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -47,6 +47,7 @@ - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - OS::TripleO::Services::Docker diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index ff215fba..674449f5 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -39,6 +39,24 @@ OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config', 'config_image'] OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags' ] +# Mapping of parameter names to a list of the fields we should _not_ enforce +# consistency across files on. This should only contain parameters whose +# definition we cannot change for backwards compatibility reasons. New +# parameters to the templates should not be added to this list. +PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], + 'ManagementAllocationPools': ['default'], + 'ExternalNetCidr': ['default'], + 'ExternalAllocationPools': ['default'], + 'StorageNetCidr': ['default'], + 'StorageAllocationPools': ['default'], + 'StorageMgmtNetCidr': ['default'], + 'StorageMgmtAllocationPools': ['default'], + } + +PREFERRED_CAMEL_CASE = { + 'ec2api': 'Ec2Api', + 'haproxy': 'HAProxy', +} def exit_usage(): @@ -46,6 +64,11 @@ def exit_usage(): sys.exit(1) +def to_camel_case(string): + return PREFERRED_CAMEL_CASE.get(string, ''.join(s.capitalize() or '_' for + s in string.split('_'))) + + def get_base_endpoint_map(filename): try: tpl = yaml.load(open(filename).read()) @@ -170,6 +193,30 @@ def validate_docker_service(filename, tpl): % (key, filename)) return 1 + config_volume = puppet_config.get('config_volume') + expected_config_image_parameter = "Docker%sConfigImage" % to_camel_case(config_volume) + if config_volume and not expected_config_image_parameter in tpl.get('parameters', []): + print('ERROR: Missing %s heat parameter for %s config_volume.' + % (expected_config_image_parameter, config_volume)) + return 1 + + if 'docker_config' in role_data: + docker_config = role_data['docker_config'] + for _, step in docker_config.items(): + for _, container in step.items(): + if not isinstance(container, dict): + # NOTE(mandre) this skips everything that is not a dict + # so we may ignore some containers definitions if they + # are in a map_merge for example + continue + command = container.get('command', '') + if isinstance(command, list): + command = ' '.join(map(str, command)) + if 'bootstrap_host_exec' in command \ + and container.get('user') != 'root': + print('ERROR: bootstrap_host_exec needs to run as the root user.') + return 1 + if 'parameters' in tpl: for param in required_params: if param not in tpl['parameters']: @@ -211,7 +258,30 @@ def validate_service(filename, tpl): return 0 -def validate(filename): +def validate(filename, param_map): + """Validate a Heat template + + :param filename: The path to the file to validate + :param param_map: A dict which will be populated with the details of the + parameters in the template. The dict will have the + following structure: + + {'ParameterName': [ + {'filename': ./file1.yaml, + 'data': {'description': '', + 'type': string, + 'default': '', + ...} + }, + {'filename': ./file2.yaml, + 'data': {'description': '', + 'type': string, + 'default': '', + ...} + }, + ... + ]} + """ print('Validating %s' % filename) retval = 0 try: @@ -240,7 +310,9 @@ def validate(filename): return 1 # yaml is OK, now walk the parameters and output a warning for unused ones if 'heat_template_version' in tpl: - for p in tpl.get('parameters', {}): + for p, data in tpl.get('parameters', {}).items(): + definition = {'data': data, 'filename': filename} + param_map.setdefault(p, []).append(definition) if p in required_params: continue str_p = '\'%s\'' % p @@ -260,6 +332,7 @@ exit_val = 0 failed_files = [] base_endpoint_map = None env_endpoint_maps = list() +param_map = {} for base_path in path_args: if os.path.isdir(base_path): @@ -267,7 +340,7 @@ for base_path in path_args: for f in files: if f.endswith('.yaml') and not f.endswith('.j2.yaml'): file_path = os.path.join(subdir, f) - failed = validate(file_path) + failed = validate(file_path, param_map) if failed: failed_files.append(file_path) exit_val |= failed @@ -278,7 +351,7 @@ for base_path in path_args: if env_endpoint_map: env_endpoint_maps.append(env_endpoint_map) elif os.path.isfile(base_path) and base_path.endswith('.yaml'): - failed = validate(base_path) + failed = validate(base_path, param_map) if failed: failed_files.append(base_path) exit_val |= failed @@ -310,6 +383,34 @@ else: failed_files.extend(set(envs_containing_endpoint_map) - matched_files) exit_val |= 1 +# Validate that duplicate parameters defined in multiple files all have the +# same definition. +mismatch_count = 0 +for p, defs in param_map.items(): + # Nothing to validate if the parameter is only defined once + if len(defs) == 1: + continue + check_data = [d['data'] for d in defs] + # Override excluded fields so they don't affect the result + exclusions = PARAMETER_DEFINITION_EXCLUSIONS.get(p, []) + ex_dict = {} + for field in exclusions: + ex_dict[field] = 'IGNORED' + for d in check_data: + d.update(ex_dict) + # If all items in the list are not == the first, then the check fails + if check_data.count(check_data[0]) != len(check_data): + mismatch_count += 1 + # TODO(bnemec): Make this a hard failure once all the templates have + # been fixed. + #exit_val |= 1 + #failed_files.extend([d['filename'] for d in defs]) + print('Mismatched parameter definitions found for "%s"' % p) + print('Definitions found:') + for d in defs: + print(' %s:\n %s' % (d['filename'], d['data'])) +print('Mismatched parameter definitions: %d' % mismatch_count) + if failed_files: print('Validation failed on:') for f in failed_files: |