diff options
39 files changed, 337 insertions, 67 deletions
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml new file mode 100644 index 00000000..89970419 --- /dev/null +++ b/ci/environments/multinode-containers.yaml @@ -0,0 +1,70 @@ +# NOTE: This is an environment specific for containers upgrade +# CI. Mainly we deploy non-pacemakerized overcloud, as at the time +# being containerization of services managed by pacemaker is not +# complete, so we deploy and upgrade the non-HA services for now. + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml + + # NOTE: This is needed because of upgrades from Ocata to Pike. We + # deploy the initial environment with Ocata templates, and + # overcloud-resource-registry.yaml there doesn't have this Docker + # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can + # remove this. + OS::TripleO::Services::Docker: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + # Required for Centos 7.3 and Qemu 2.6.0 + nova::compute::libvirt::libvirt_cpu_mode: 'none' + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + SwiftCeilometerPipelineEnabled: False + Debug: True diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 437d7c37..ad4fa10f 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -101,6 +101,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 NovaEnableRbdBackend: true CinderEnableRbdBackend: true CinderBackupBackend: ceph diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index e3ecf745..ed0f7e25 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -8,6 +8,7 @@ resource_registry: OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index a5c6fa31..e473d0bb 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -90,6 +90,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 SwiftCeilometerPipelineEnabled: false NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin' BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index e24afcf9..86811b86 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -102,13 +102,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}ArtifactsConfig} - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {{role.name}}HostPrepConfig: type: OS::Heat::SoftwareConfig properties: @@ -277,6 +270,7 @@ resources: {%- endfor %} - {{role.name}}PreConfig - {{role.name}}HostPrepDeployment + - {{role.name}}GenerateConfigDeployment {% else %} depends_on: {% for dep in roles %} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 8a02d8fd..f802e4e6 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -100,13 +100,14 @@ outputs: net: host privileged: false detach: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh - command: /usr/bin/aodh-dbsync + command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: image: *aodh_image diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index a4ebe549..a9912a1f 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -9,6 +9,8 @@ outputs: value: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + # required for bootstrap_host_exec + - /etc/puppet:/etc/puppet:ro # OpenSSL trusted CAs - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index ef1e00ed..df8186da 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -100,6 +100,7 @@ outputs: net: host privileged: false detach: false + user: root volumes: &glance_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -110,6 +111,7 @@ outputs: environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'" step_4: map_merge: - glance_api: @@ -149,3 +151,5 @@ outputs: - name: Stop and disable glance_api service tags: step2 service: name=openstack-glance-api state=stopped enabled=no + metadata_settings: + get_attr: [GlanceApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 9b474731..e59d6095 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -100,13 +100,14 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"] + command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" step_4: gnocchi_api: image: *gnocchi_image diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 2631928f..37fa4c81 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -132,3 +132,5 @@ outputs: - name: Stop and disable heat_api_cfn service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index b2f4eb64..5043aed8 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -132,3 +132,5 @@ outputs: - name: Stop and disable heat_api service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 8c554a50..0adad538 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -94,13 +94,14 @@ outputs: net: host privileged: false detach: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /var/log/containers/heat:/var/log/heat - command: ['heat-manage', 'db_sync'] + command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'" step_4: heat_engine: image: *heat_engine_image diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 300aa0bd..c8978aa2 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -100,13 +100,14 @@ outputs: net: host privileged: false detach: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/ironic/etc/:/etc/:ro - /var/log/containers/ironic:/var/log/ironic - command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf'] + command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: ironic_api: start_order: 10 diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index ca643749..772859ee 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -131,8 +131,9 @@ outputs: environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start'] keystone: - start_order: 1 + start_order: 2 image: *keystone_image net: host privileged: false @@ -141,10 +142,10 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS keystone_bootstrap: - start_order: 2 + start_order: 3 action: exec command: - [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 3b256fdd..5586d41b 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -100,19 +100,21 @@ outputs: net: host privileged: false detach: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/mistral/etc/:/etc/:ro - /var/log/containers/mistral:/var/log/mistral - command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head'] + command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: start_order: 2 image: *mistral_image net: host privileged: false detach: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -121,7 +123,7 @@ outputs: - /var/log/containers/mistral:/var/log/mistral # NOTE: dprince this requires that we install openstack-tripleo-common into # the Mistral API image so that we get tripleo* actions - command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate'] + command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'" step_4: mistral_api: start_order: 15 diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 748371d5..7ce47a14 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -110,8 +110,6 @@ outputs: net: host privileged: false detach: false - # FIXME: we should make config file permissions right - # and run as neutron user user: root volumes: list_concat: @@ -120,7 +118,10 @@ outputs: - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro - /var/log/containers/neutron:/var/log/neutron - command: ['neutron-db-manage', 'upgrade', 'heads'] + command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads'] + # FIXME: we should make config file permissions right + # and run as neutron user + #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'" step_4: map_merge: - neutron_api: @@ -164,3 +165,5 @@ outputs: - name: Stop and disable neutron_api service tags: step2 service: name=neutron-server state=stopped enabled=no + metadata_settings: + get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index d571b21b..2375dada 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -103,6 +103,7 @@ outputs: image: *nova_api_image net: host detach: false + user: root volumes: &nova_api_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -110,7 +111,7 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova - command: ['/usr/bin/nova-manage', 'api_db', 'sync'] + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" # FIXME: we probably want to wait on the 'cell_v2 update' in order for this # to be capable of upgrading a baremetal setup. This is to ensure the name # of the cell is 'default' @@ -119,11 +120,9 @@ outputs: image: *nova_api_image net: host detach: false + user: root volumes: *nova_api_volumes - command: - - '/usr/bin/nova-manage' - - 'cell_v2' - - 'map_cell0' + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: start_order: 3 image: *nova_api_image @@ -134,18 +133,16 @@ outputs: # this idempotent (if the resource already exists a conflict # is raised) exit_codes: [0,2] - command: - - '/usr/bin/nova-manage' - - 'cell_v2' - - 'create_cell' - - '--name="default"' + user: root + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'" nova_db_sync: start_order: 4 image: *nova_api_image net: host detach: false volumes: *nova_api_volumes - command: ['/usr/bin/nova-manage', 'db', 'sync'] + user: root + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'" step_4: nova_api: start_order: 2 @@ -164,10 +161,8 @@ outputs: net: host detach: false volumes: *nova_api_volumes - command: - - '/usr/bin/nova-manage' - - 'cell_v2' - - 'discover_hosts' + user: root + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index ebf0da7d..9779d676 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -18,6 +18,10 @@ parameters: description: image default: 'centos-binary-nova-compute:latest' type: string + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation + type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -112,6 +116,7 @@ outputs: - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - /etc/libvirt/qemu:/etc/libvirt/qemu + - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -124,6 +129,22 @@ outputs: - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova + - name: set enable_package_install fact + set_fact: + enable_package_install: {get_param: EnablePackageInstall} + # We use virtlogd on host, so when using Deployed Server + # feature, we need to ensure libvirt is installed. + - name: install libvirt-daemon + package: + name: libvirt-daemon + state: present + when: enable_package_install + - name: start virtlogd socket + service: + name: virtlogd.socket + state: started + enabled: yes + when: enable_package_install upgrade_tasks: - name: Stop and disable libvirtd service tags: step2 diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 46cfa5ab..b9e6e93a 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -101,13 +101,14 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - /var/log/containers/panko:/var/log/panko - command: /usr/bin/panko-dbsync + command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'" step_4: panko_api: start_order: 2 diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 60972f91..04c4ba1e 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -135,3 +135,5 @@ outputs: - name: Stop and disable swift_proxy service tags: step2 service: name=openstack-swift-proxy state=stopped enabled=no + metadata_settings: + get_attr: [SwiftProxyBase, role_data, metadata_settings] diff --git a/environments/disable-telemetry.yaml b/environments/disable-telemetry.yaml new file mode 100644 index 00000000..6249c286 --- /dev/null +++ b/environments/disable-telemetry.yaml @@ -0,0 +1,20 @@ +# This heat environment can be used to disable all of the telemetry services. +# It is most useful in a resource constrained environment or one in which +# telemetry is not needed. + +resource_registry: + OS::TripleO::Services::CeilometerApi: OS::Heat::None + OS::TripleO::Services::CeilometerCollector: OS::Heat::None + OS::TripleO::Services::CeilometerExpirer: OS::Heat::None + OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None + OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None + OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None + OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None + OS::TripleO::Services::GnocchiApi: OS::Heat::None + OS::TripleO::Services::GnocchiMetricd: OS::Heat::None + OS::TripleO::Services::GnocchiStatsd: OS::Heat::None + OS::TripleO::Services::AodhApi: OS::Heat::None + OS::TripleO::Services::AodhEvaluator: OS::Heat::None + OS::TripleO::Services::AodhNotifier: OS::Heat::None + OS::TripleO::Services::AodhListener: OS::Heat::None + OS::TripleO::Services::PankoApi: OS::Heat::None diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml index 3a606336..547dc31d 100644 --- a/environments/low-memory-usage.yaml +++ b/environments/low-memory-usage.yaml @@ -16,3 +16,5 @@ parameter_defaults: ControllerExtraConfig: 'nova::network::neutron::neutron_url_timeout': '60' + + DatabaseSyncTimeout: 900 diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml index 9c8abbb4..8fc4bf29 100644 --- a/environments/puppet-ceph-devel.yaml +++ b/environments/puppet-ceph-devel.yaml @@ -20,3 +20,5 @@ parameter_defaults: GlanceBackend: rbd GnocchiBackend: rbd CinderEnableIscsiBackend: false + CephPoolDefaultSite: 1 + diff --git a/environments/services-docker/zaqar.yaml b/environments/services-docker/zaqar.yaml index ca0b3b15..08033d91 100644 --- a/environments/services-docker/zaqar.yaml +++ b/environments/services-docker/zaqar.yaml @@ -1,2 +1,3 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml index 8359f4a7..b1317382 100644 --- a/environments/services/ironic.yaml +++ b/environments/services/ironic.yaml @@ -1,4 +1,5 @@ resource_registry: OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml + OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index e1c70dc7..cd9369f0 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -293,6 +293,14 @@ resources: RoleName: {{role.name}} RoleParameters: {get_param: {{role.name}}Parameters} + # Lookup of role_data via heat outputs is slow, so workaround this by caching + # the value in an OS::Heat::Value resource + {{role.name}}ServiceChainRoleData: + type: OS::Heat::Value + properties: + type: json + value: {get_attr: [{{role.name}}ServiceChain, role_data]} + # Filter any null/None service_names which may be present due to mapping # of services to OS::Heat::None {{role.name}}ServiceNames: @@ -303,7 +311,7 @@ resources: value: yaql: expression: coalesce($.data, []).where($ != null) - data: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + data: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_names]} {{role.name}}HostsDeployment: type: OS::Heat::StructuredDeployments @@ -365,7 +373,13 @@ resources: EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} - NetworkHostnameMap: + NetworkHostnameMap: {get_attr: [{{role.name}}NetworkHostnameMap, value]} + + {{role.name}}NetworkHostnameMap: + type: OS::Heat::Value + properties: + type: json + value: # Note (shardy) this somewhat complex yaql may be replaced # with a map_deep_merge function in ocata. It merges the # list of maps, but appends to colliding lists so we can @@ -403,7 +417,7 @@ resources: {% endif %} ServiceConfigSettings: map_merge: - - get_attr: [{{role.name}}ServiceChain, role_data, config_settings] + - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings] {% for r in roles %} - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] {% endfor %} @@ -423,8 +437,8 @@ resources: {% endfor %} services: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]} - MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} - ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]} + MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]} + ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]} {% endfor %} hostsConfig: @@ -465,7 +479,7 @@ resources: data: groups: {% for role in roles %} - - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} + - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]} {% endfor %} logging_sources: yaql: @@ -474,7 +488,7 @@ resources: data: sources: {% for role in roles %} - - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} + - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]} {% endfor %} controller_ips: {get_attr: [{{primary_role_name}}, ip_address]} controller_names: {get_attr: [{{primary_role_name}}, hostname]} @@ -686,7 +700,7 @@ resources: EndpointMap: {get_attr: [EndpointMap, endpoint_map]} role_data: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} + {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]} {% endfor %} outputs: @@ -725,7 +739,7 @@ outputs: description: The configuration data associated with each role value: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} + {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]} {% endfor %} RoleNetIpMap: description: Mapping of each network to a list of IPs for each role @@ -733,3 +747,9 @@ outputs: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}IpListMap, net_ip_map]} {% endfor %} + RoleNetHostnameMap: + description: Mapping of each network to a list of hostnames for each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}NetworkHostnameMap, value]} +{% endfor %} diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 5f19af68..e12c55eb 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -99,7 +99,6 @@ outputs: service_name: ceph_base config_settings: tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index c36f0537..28552301 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -78,6 +78,10 @@ parameters: MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string + CephPoolDefaultSize: + description: default minimum replication for RBD copies + type: number + default: 3 resources: CephBase: @@ -102,7 +106,7 @@ outputs: ceph::profile::params::mon_key: {get_param: CephMonKey} ceph::profile::params::osd_pool_default_pg_num: 32 ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 + ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize} # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: map_merge: diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index e6d8ee6e..9b7b47ef 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,12 +27,24 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the disabled Ceilometer Expirer role. + description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - upgrade_tasks: - - name: Stop and disable ceilometer_expirer service on upgrade - tags: step1 - service: name=openstack-ceilometer-expirer state=stopped enabled=no + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::expirer::enable_cron: false + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 3f9b0b7e..c142b475 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -77,6 +77,8 @@ outputs: value: 0 net.ipv4.conf.all.send_redirects: value: 0 + net.ipv4.conf.all.arp_accept: + value: 1 net.ipv4.conf.default.accept_redirects: value: 0 net.ipv4.conf.default.secure_redirects: diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 00406736..b865ec1f 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -36,8 +36,21 @@ parameters: e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} MistralBase: type: ./mistral-base.yaml properties: @@ -57,12 +70,25 @@ outputs: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: '133 mistral': dport: - 8989 - 13989 + mistral::api::service_name: 'httpd' + mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + - if: + - mistral_workers_zero + - {} + - mistral::wsgi::apache::workers: {get_param: MistralWorkers} service_config_settings: get_attr: [MistralBase, role_data, service_config_settings] step_config: | @@ -79,10 +105,16 @@ outputs: grep '\bactive\b' when: mistral_api_enabled.rc == 0 tags: step0,validation - - name: Stop mistral_api service + - name: check for mistral_api running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi" + register: mistral_api_apache + ignore_errors: true + - name: Stop mistral_api service (running under httpd) tags: step1 - service: name=openstack-mistral-api state=stopped - - name: Install openstack-mistral-api package if it was disabled - tags: step3 - yum: name=openstack-mistral-api state=latest - when: mistral_api_enabled.rc != 0 + service: name=httpd state=stopped + when: mistral_api_apache.rc == 0 + - name: Stop and disable mistral_api service (pre-upgrade not under httpd) + tags: step1 + when: mistral_api_enabled.rc == 0 + service: name=openstack-mistral-api state=stopped enabled=no diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 8f3f7b27..fec9e2a1 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -27,20 +27,23 @@ parameters: via parameter_defaults in the resource registry. type: json HostCpusList: + default: "'0'" description: List of cores to be used for host process type: string constraints: - allowed_pattern: "'[0-9,-]+'" NeutronDpdkCoreList: + default: "''" description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - - allowed_pattern: "'[0-9,-]+'" + - allowed_pattern: "'[0-9,-]*'" NeutronDpdkMemoryChannels: + default: "" description: Number of memory channels to be used for DPDK type: string constraints: - - allowed_pattern: "[0-9]+" + - allowed_pattern: "[0-9]*" NeutronDpdkSocketMemory: default: "" description: Memory allocated for each socket @@ -75,6 +78,32 @@ resources: OpenVswitchUpgrade: type: ./openvswitch-upgrade.yaml + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType + neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir + vswitch::dpdk::driver_type: NeutronDpdkDriverType + vswitch::dpdk::host_core_list: HostCpusList + vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList + vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels + vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + NeutronDatapathType: {get_param: NeutronDatapathType} + NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} + NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} + HostCpusList: {get_param: HostCpusList} + NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} + NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} + NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + outputs: role_data: description: Role data for the Neutron OVS DPDK Agent service. @@ -87,13 +116,7 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true - neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} - neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} - vswitch::dpdk::host_core_list: {get_param: HostCpusList} - vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList} - vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} - vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} - vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} + - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 16ccb9e0..e39e997a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -72,7 +72,7 @@ parameters: description: > Reserved RAM for host processes. type: number - default: 2048 + default: 4096 constraints: - range: { min: 512 } MonitoringSubscriptionNovaCompute: diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index f3b7ee4a..9a304edb 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -61,6 +61,10 @@ parameters: description: Set to False to disable the swift proxy ceilometer pipeline. default: True type: boolean + SwiftCeilometerIgnoreProjects: + default: ['services'] + description: Comma-seperated list of project names to ignore. + type: comma_delimited_list RabbitClientPort: default: 5672 description: Set rabbit subscriber port, change this if using SSL @@ -116,6 +120,10 @@ outputs: swift::proxy::workers: {get_param: SwiftWorkers} swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} diff --git a/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml b/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml new file mode 100644 index 00000000..46f3b855 --- /dev/null +++ b/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + During a deployment on lower spec systems, the "db sync" can take longer + than five minutes. value of DatabaseSyncTimeout has change from 300 + to 900 at the environment file "low-memory-usage.yaml". diff --git a/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml new file mode 100644 index 00000000..4025477b --- /dev/null +++ b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml @@ -0,0 +1,9 @@ +--- +other: + - | + All nodes now enable ``arp_accept`` sysctl setting to help with honoring + gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP + packets are diverse, this comes especially useful for Neutron floating IP + addresses that roam between devices, and for which Neutron L3 agent sends + gratuitous ARP packets to update all network nodes about IP address new + locations. diff --git a/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml b/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml new file mode 100644 index 00000000..88f67a03 --- /dev/null +++ b/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml @@ -0,0 +1,4 @@ +--- +other: + - Increased the default of NovaReservedHostMemory for + Compute nodes to 4096 MB. diff --git a/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml b/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml new file mode 100644 index 00000000..ae6401fb --- /dev/null +++ b/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml @@ -0,0 +1,7 @@ +--- +features: + - Move Mistral API to use mod_wsgi under Apache. +upgrade: + - Mistral API systemd service will be stopped and + disabled. + diff --git a/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml b/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml new file mode 100644 index 00000000..fc2cb48a --- /dev/null +++ b/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml @@ -0,0 +1,12 @@ +--- +fixes: + - | + Removed the hard coding of osd_pool_default_min_size. Setting this value + to 1 can result in data loss in operating production deployments. Not + setting this value (or setting it to 0) will allow ceph to calculate the + value based on the current setting of osd_pool_default_size. If the + replication count is 3, then the calculated min_size is 2. If the + replication count is 1, then the calcualted min_size is 1. For a POC + deployments using a single OSD, set osd_pool_default_size = 1. See + description at http://docs.ceph.com/docs/master/rados/configuration/pool-pg-config-ref/ + Added CephPoolDefaultSize to set default replication size. Default value is 3. |