diff options
55 files changed, 1666 insertions, 329 deletions
@@ -54,6 +54,9 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + * roles: example roles that can be used with the tripleoclient to generate + a roles_data.yaml for a deployment See the + `roles/README.rst <roles/README.rst>`_ for additional details. Service testing matrix ---------------------- diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index a0beaa2c..b3cb500f 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -23,12 +23,15 @@ ################################################## # Per step starting of the containers using paunch ################################################## - - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists + - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists stat: - path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json + path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json register: docker_config_json + # Note docker-puppet.py generates the hashed-*.json file, which is a copy of + # the *step_n.json with a hash of the generated external config added + # This acts as a salt to enable restarting the container if config changes - name: Start containers for step {{step}} - command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} when: docker_config_json.stat.exists changed_when: false check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index d9d0c255..340a9e9f 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -18,9 +18,11 @@ # that can be used to generate config files or run ad-hoc puppet modules # inside of a container. +import glob import json import logging import os +import sys import subprocess import sys import tempfile @@ -55,6 +57,28 @@ def pull_image(name): log.debug(cmd_stderr) +def match_config_volume(prefix, config): + # Match the mounted config volume - we can't just use the + # key as e.g "novacomute" consumes config-data/nova + volumes = config.get('volumes', []) + config_volume=None + for v in volumes: + if v.startswith(prefix): + config_volume = os.path.relpath( + v.split(":")[0], prefix).split("/")[0] + break + return config_volume + + +def get_config_hash(prefix, config_volume): + hashfile = os.path.join(prefix, "%s.md5sum" % config_volume) + hash_data = None + if os.path.isfile(hashfile): + with open(hashfile) as f: + hash_data = f.read().rstrip() + return hash_data + + def rm_container(name): if os.environ.get('SHOW_DIFF', None): log.info('Diffing container: %s' % name) @@ -197,6 +221,10 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume mkdir -p /var/lib/config-data/${NAME}/var/www cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/ fi + + # Write a checksum of the config-data dir, this is used as a + # salt to trigger container restart when the config changes + tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum fi """) @@ -297,5 +325,30 @@ for returncode, config_volume in zip(returncodes, config_volumes): log.error('ERROR configuring %s' % config_volume) success = False + +# Update the startup configs with the config hash we generated above +config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data') +log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix) +startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs) +infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +for infile in infiles: + with open(infile) as f: + infile_data = json.load(f) + + for k, v in infile_data.iteritems(): + config_volume = match_config_volume(config_volume_prefix, v) + if config_volume: + config_hash = get_config_hash(config_volume_prefix, config_volume) + if config_hash: + env = v.get('environment', []) + env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash) + log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash)) + infile_data[k]['environment'] = env + + outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile)) + with open(outfile, 'w') as out_f: + json.dump(infile_data, out_f) + if not success: sys.exit(1) diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index f802e4e6..45cec053 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -78,7 +78,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-api.json: + /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/aodh @@ -118,7 +118,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/aodh/var/www/:/var/www/:ro diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 9d514d0c..74ac635f 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-evaluator.json: + /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index dac61087..0930f42e 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-listener.json: + /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index a22ae85e..607d9997 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-notifier.json: + /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index ba4ba921..9cec4a61 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-central.json: + /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central docker_config: step_3: @@ -89,7 +89,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index fe8dc158..8d06d094 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -68,11 +68,11 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-compute.json: + /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute docker_config: step_4: - ceilometer_agent-compute: + ceilometer_agent_compute: image: *ceilometer_agent_compute_image net: host privileged: false @@ -81,8 +81,9 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 79df3306..36424e91 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-notification.json: + /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification docker_config: step_3: @@ -80,7 +80,7 @@ outputs: volumes: - /var/log/containers/ceilometer:/var/log/ceilometer step_4: - ceilometer_agent-notification: + ceilometer_agent_notification: image: *ceilometer_agent_notification_image net: host privileged: false @@ -89,7 +89,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml new file mode 100644 index 00000000..3ee1d91d --- /dev/null +++ b/docker/services/congress-api.yaml @@ -0,0 +1,135 @@ +heat_template_version: pike + +description: > + OpenStack containerized Congress API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCongressApiImage: + description: image + default: 'centos-binary-congress-api:latest' + type: string + DockerCongressConfigImage: + description: image + default: 'centos-binary-congress-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CongressApiBase: + type: ../../puppet/services/congress.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Congress API role. + value: + service_name: {get_attr: [CongressApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CongressApiBase, role_data, config_settings] + step_config: &step_config + get_attr: [CongressApiBase, role_data, step_config] + service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: congress + puppet_tags: congress_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/congress_api.json: + command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + permissions: + - path: /var/log/congress + owner: congress:congress + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_3: + congress_init_logs: + start_order: 0 + image: &congress_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/congress:/var/log/congress + command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] + congress_db_sync: + start_order: 1 + image: *congress_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/congress/etc/:/etc/:ro + - /var/log/containers/congress:/var/log/congress + command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" + step_4: + congress_api: + start_order: 15 + image: *congress_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/log/containers/congress:/var/log/congress + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/congress + state: directory + upgrade_tasks: + - name: Stop and disable congress_api service + tags: step2 + service: name=openstack-congress-server state=stopped enabled=no diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 73df96c5..9000aee9 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -77,6 +77,14 @@ outputs: recurse: true docker_config: step_1: + redis_init_logs: + start_order: 0 + image: *redis_image + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: image: *redis_image net: host @@ -87,14 +95,17 @@ outputs: - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/redis/etc/:/etc/:ro - /etc/localtime:/etc/localtime:ro - - logs:/var/log/kolla + - /var/log/containers/redis:/var/log/redis environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /var/run/redis + - name: create persistent directories file: - path: /var/run/redis + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/redis + - /var/run/redis upgrade_tasks: - name: Stop and disable redis service tags: step2 diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index df8186da..88a091dd 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -79,7 +79,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] kolla_config: - /var/lib/kolla/config_files/glance-api.json: + /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND @@ -105,7 +105,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro - /var/log/containers/glance:/var/log/glance environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index e59d6095..9a5c77ee 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -78,7 +78,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-api.json: + /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/gnocchi @@ -118,7 +118,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 2724805b..ea26d838 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-metricd.json: + /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd permissions: - path: /var/log/gnocchi @@ -85,7 +85,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 305971f1..a8ae857d 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-statsd.json: + /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd permissions: - path: /var/log/gnocchi @@ -85,7 +85,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml new file mode 100644 index 00000000..022eb5dd --- /dev/null +++ b/docker/services/horizon.yaml @@ -0,0 +1,128 @@ +heat_template_version: pike + +description: > + OpenStack containerized Horizon service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHorizonImage: + description: image + default: 'centos-binary-horizon:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HorizonBase: + type: ../../puppet/services/horizon.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Horizon API role. + value: + service_name: {get_attr: [HorizonBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HorizonBase, role_data, config_settings] + - horizon::vhost_extra_params: + add_listen: true + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + - horizon::secure_cookies: false + step_config: {get_attr: [HorizonBase, role_data, step_config]} + service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: horizon + puppet_tags: horizon_config + step_config: {get_attr: [HorizonBase, role_data, step_config]} + config_image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + kolla_config: + /var/lib/kolla/config_files/horizon.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/horizon/ + owner: apache:apache + recurse: true + # FIXME Apache tries to write a .lock file there + - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ + owner: apache:apache + recurse: false + docker_config: + step_3: + horizon_fix_perms: + image: *horizon_image + user: root + # NOTE Set ownership for /var/log/horizon/horizon.log file here, + # otherwise it's created by root when generating django cache. + # FIXME Apache needs to read files in /etc/openstack-dashboard + # Need to set permissions to match the BM case, + # http://paste.openstack.org/show/609819/ + command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard'] + volumes: + - /var/log/containers/horizon:/var/log/horizon + - /var/lib/config-data/horizon/etc/:/etc/ + horizon: + start_order: 1 + image: *horizon_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro + - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/log/containers/horizon:/var/log/horizon + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/horizon + state: directory + upgrade_tasks: + - name: Stop and disable horizon service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HorizonBase, role_data, metadata_settings] diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index bd5147d3..f3a284fe 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -71,7 +71,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-l3-agent.json: + /var/lib/kolla/config_files/neutron_l3_agent.json: command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini permissions: - path: /var/log/neutron @@ -79,7 +79,7 @@ outputs: recurse: true docker_config: step_4: - neutronl3agent: + neutron_l3_agent: image: list_join: - '/' @@ -92,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 88b2ca5c..69bf0c4e 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -71,7 +71,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-metadata-agent.json: + /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent permissions: - path: /var/log/neutron @@ -92,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 89bf8663..65ad21ed 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-openvswitch-agent.json: + /var/lib/kolla/config_files/neutron_ovs_agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini permissions: - path: /var/log/neutron @@ -78,7 +78,7 @@ outputs: recurse: true docker_config: step_4: - neutronovsagent: + neutron_ovs_agent: image: &neutron_ovs_agent_image list_join: - '/' @@ -91,7 +91,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 4f10a1a3..9f647eba 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -74,7 +74,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] kolla_config: - /var/lib/kolla/config_files/nova-compute.json: + /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf permissions: - path: /var/log/nova @@ -86,17 +86,17 @@ outputs: docker_config: # FIXME: run discover hosts here step_4: - novacompute: + nova_compute: image: *nova_compute_image net: host privileged: true - user: root + user: nova restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - /dev:/dev - /etc/iscsi:/etc/iscsi diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index be0dd111..63780fe6 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -81,7 +81,7 @@ outputs: recurse: true docker_config: step_5: - novacompute: + nova_compute: image: list_join: - '/' diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 9779d676..6c871f14 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -44,6 +44,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + UseTLSTransportForLiveMigration: + type: boolean + default: true + description: If set to true and if EnableInternalTLS is enabled, it will + set the libvirt URI's transport to tls and configure the + relevant keys for libvirt. + +conditions: + + use_tls_for_live_migration: + and: + - equals: + - {get_param: EnableInternalTLS} + - true + - equals: + - {get_param: UseTLSTransportForLiveMigration} + - true resources: @@ -84,8 +104,12 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova-libvirt.json: - command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + /var/lib/kolla/config_files/nova_libvirt.json: + command: + if: + - use_tls_for_live_migration + - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf + - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf permissions: - path: /var/log/nova owner: nova:nova @@ -105,7 +129,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro - /lib/modules:/lib/modules:ro - /dev:/dev diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index b9e6e93a..0a5abada 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -80,7 +80,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] kolla_config: - /var/lib/kolla/config_files/panko-api.json: + /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/panko @@ -88,7 +88,7 @@ outputs: recurse: true docker_config: step_3: - panko-init-log: + panko_init_log: start_order: 0 image: *panko_image user: root @@ -120,7 +120,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/panko/var/www/:/var/www/:ro diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml new file mode 100644 index 00000000..2fc99d6f --- /dev/null +++ b/docker/services/tacker.yaml @@ -0,0 +1,134 @@ +heat_template_version: pike + +description: > + OpenStack containerized Tacker service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerTackerImage: + description: image + default: 'centos-binary-tacker:latest' + type: string + DockerTackerConfigImage: + description: image + default: 'centos-binary-tacker:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + TackerBase: + type: ../../puppet/services/tacker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Tacker role. + value: + service_name: {get_attr: [TackerBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [TackerBase, role_data, config_settings] + step_config: &step_config + get_attr: [TackerBase, role_data, step_config] + service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: tacker + puppet_tags: tacker_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/tacker_api.json: + command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + permissions: + - path: /var/log/tacker + owner: tacker:tacker + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_3: + tacker_init_logs: + start_order: 0 + image: &tacker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/tacker:/var/log/tacker + command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + tacker_db_sync: + start_order: 1 + image: *tacker_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/tacker/etc/:/etc/:ro + - /var/log/containers/tacker:/var/log/tacker + command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" + step_4: + tacker_api: + image: *tacker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/log/containers/tacker:/var/log/tacker + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/tacker + state: directory + upgrade_tasks: + - name: Stop and disable tacker-server service + tags: step2 + service: name=openstack-tacker-server state=stopped enabled=no diff --git a/environments/docker.yaml b/environments/docker.yaml index 5b03b084..28527945 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -46,6 +46,7 @@ resource_registry: OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/services-docker/congress.yaml b/environments/services-docker/congress.yaml new file mode 100644 index 00000000..5d4c7307 --- /dev/null +++ b/environments/services-docker/congress.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml diff --git a/environments/services-docker/tacker.yaml b/environments/services-docker/tacker.yaml new file mode 100644 index 00000000..cba8d6b9 --- /dev/null +++ b/environments/services-docker/tacker.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index 8bcae1d3..3c508d11 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -45,57 +45,61 @@ if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys fi -PHYSICAL_NETWORK=ctlplane - -ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) -subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) -subnet_id= +if [ "$(hiera neutron_api_enabled)" = "true" ]; then + PHYSICAL_NETWORK=ctlplane + + ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) + subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) + subnet_id= + + for subnet_id in $subnet_ids; do + network_id=$(openstack subnet show -f value -c network_id $subnet_id) + if [ "$network_id" = "$ctlplane_id" ]; then + break + fi + done -for subnet_id in $subnet_ids; do - network_id=$(openstack subnet show -f value -c network_id $subnet_id) - if [ "$network_id" = "$ctlplane_id" ]; then - break - fi -done - -net_create=1 -if [ -n "$subnet_id" ]; then - cidr=$(openstack subnet show $subnet_id -f value -c cidr) - if [ "$cidr" = "$undercloud_network_cidr" ]; then - net_create=0 - else - echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" - echo "Will attempt to delete and recreate subnet $subnet_id" + net_create=1 + if [ -n "$subnet_id" ]; then + cidr=$(openstack subnet show $subnet_id -f value -c cidr) + if [ "$cidr" = "$undercloud_network_cidr" ]; then + net_create=0 + else + echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" + echo "Will attempt to delete and recreate subnet $subnet_id" + fi fi -fi -if [ "$net_create" -eq "1" ]; then - # Delete the subnet and network to make sure it doesn't already exist - if openstack subnet list | grep start; then - openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') - fi - if openstack network show ctlplane; then - openstack network delete ctlplane + if [ "$net_create" -eq "1" ]; then + # Delete the subnet and network to make sure it doesn't already exist + if openstack subnet list | grep start; then + openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') + fi + if openstack network show ctlplane; then + openstack network delete ctlplane + fi + + + NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') + + NAMESERVER_ARG="" + if [ -n "${undercloud_nameserver:-}" ]; then + NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" + fi + + openstack subnet create --network=$NETWORK_ID \ + --gateway=$undercloud_network_gateway \ + --subnet-range=$undercloud_network_cidr \ + --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ + --host-route destination=169.254.169.254/32,gateway=$local_ip \ + $NAMESERVER_ARG ctlplane fi - - - NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') - - NAMESERVER_ARG="" - if [ -n "${undercloud_nameserver:-}" ]; then - NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" - fi - - openstack subnet create --network=$NETWORK_ID \ - --gateway=$undercloud_network_gateway \ - --subnet-range=$undercloud_network_cidr \ - --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ - --host-route destination=169.254.169.254/32,gateway=$local_ip \ - $NAMESERVER_ARG ctlplane fi -# Disable nova quotas -openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +if [ "$(hiera nova_api_enabled)" = "true" ]; then + # Disable nova quotas + openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +fi # MISTRAL WORKFLOW CONFIGURATION if [ "$(hiera mistral_api_enabled)" = "true" ]; then diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7b6fbb71..60ddeb8a 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -376,12 +376,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] BlockStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -400,22 +403,30 @@ resources: BlockStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: BlockStorageUpgradeInitDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] BlockStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: BlockStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: BlockStorageDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Map heat metadata into hiera datafiles BlockStorageConfig: @@ -477,7 +488,6 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -485,6 +495,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 8047e3dc..9d30ab29 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -382,12 +382,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] CephStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -406,22 +409,30 @@ resources: CephStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: CephStorageUpgradeInitDeployment server: {get_resource: CephStorage} config: {get_resource: CephStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: CephStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: CephStorageDeployment config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageConfig: type: OS::Heat::StructuredConfig @@ -489,13 +500,17 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: CephStorage} input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index e453508a..06a31ec9 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -396,12 +396,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} - actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -423,9 +426,13 @@ resources: NovaComputeUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: NovaComputeUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: NovaCompute} config: {get_resource: NovaComputeUpgradeInitConfig} @@ -476,9 +483,13 @@ resources: NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NovaComputeUpgradeInitDeployment - condition: server_not_blacklisted properties: name: NovaComputeDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: @@ -512,9 +523,13 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: NovaCompute} input_values: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 4c0a70f6..cccfdef1 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -415,13 +415,16 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment - condition: server_not_blacklisted depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: Controller} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} @@ -457,19 +460,27 @@ resources: # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first ControllerUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment - condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: ControllerUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: Controller} config: {get_resource: ControllerUpgradeInitConfig} ControllerDeployment: type: OS::TripleO::SoftwareDeployment - condition: server_not_blacklisted depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: @@ -551,10 +562,14 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment - condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 5ab6669f..19ea1b65 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -376,12 +376,16 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] + SwiftStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -400,11 +404,15 @@ resources: SwiftStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: SwiftStorageUpgradeInitDeployment server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -447,13 +455,17 @@ resources: SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment depends_on: SwiftStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: SwiftStorageHieraDeploy server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageHieraConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -476,13 +488,17 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: SwiftStorage} input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 570efb3a..7af90e24 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -398,7 +398,6 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -407,6 +406,11 @@ resources: input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] {{role}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -425,22 +429,30 @@ resources: {{role}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: {{role}}UpgradeInitDeployment server: {get_resource: {{role}}} config: {get_resource: {{role}}UpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Deployment: type: OS::Heat::StructuredDeployment depends_on: {{role}}UpgradeInitDeployment - condition: server_not_blacklisted properties: name: {{role}}Deployment config: {get_resource: {{role}}Config} server: {get_resource: {{role}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Config: type: OS::Heat::StructuredConfig @@ -510,7 +522,6 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -518,6 +529,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml index 6ad451a8..0508c557 100644 --- a/puppet/services/certmonger-user.yaml +++ b/puppet/services/certmonger-user.yaml @@ -26,11 +26,28 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + DefaultCRLURL: + default: 'http://ipa-ca/ipa/crl/MasterCRL.bin' + description: URI where to get the CRL to be configured in the nodes. + type: string + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: description: Role data for the certmonger-user service value: service_name: certmonger_user + config_settings: + tripleo::certmonger::ca::crl::crl_source: + if: + - internal_tls_enabled + - {get_param: DefaultCRLURL} + - null step_config: | include ::tripleo::profile::base::certmonger_user diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index 9b7b47ef..7be394b6 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,24 +27,12 @@ parameters: via parameter_defaults in the resource registry. type: json -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::expirer::enable_cron: false - step_config: | - include ::tripleo::profile::base::ceilometer::expirer + upgrade_tasks: + - name: Remove ceilometer expirer cron tab on upgrade + tags: step1 + shell: '/usr/bin/crontab -u ceilometer -r' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a71491c0..619cf131 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -50,6 +50,11 @@ parameters: type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. + InternalTLSCRLPEMFile: + default: '/etc/pki/CA/crl/overcloud-crl.pem' + type: string + description: Specifies the default CRL PEM file to use for revocation if + TLS is used for services in the internal network. resources: @@ -89,6 +94,7 @@ outputs: tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} + tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index e39e997a..68a71e42 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -105,6 +105,22 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - nova::compute::vcpu_pin_set: NovaVcpuPinSet + nova::compute::reserved_host_memory: NovaReservedHostMemory + - values: {get_param: [RoleParameters]} + - values: + NovaVcpuPinSet: {get_param: NovaVcpuPinSet} + NovaReservedHostMemory: {get_param: NovaReservedHostMemory} + outputs: role_data: description: Role data for the Nova Compute service. @@ -117,14 +133,18 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [RoleParametersValue, value] - nova::compute::libvirt::manage_libvirt_services: false nova::compute::pci_passthrough: str_replace: template: "JSON_PARAM" params: - JSON_PARAM: {get_param: NovaPCIPassthrough} - nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} - nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} + map_replace: + - map_replace: + - JSON_PARAM: NovaPCIPassthrough + - values: {get_param: [RoleParameters]} + - values: + NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true diff --git a/releasenotes/notes/example-roles-d27c748090f6a154.yaml b/releasenotes/notes/example-roles-d27c748090f6a154.yaml new file mode 100644 index 00000000..e27674da --- /dev/null +++ b/releasenotes/notes/example-roles-d27c748090f6a154.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + A set of example roles has been created in the roles folder in + tripleo-heat-templates. Management of services for roles should occur + in these role files rather than in roles_data.yaml. diff --git a/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml new file mode 100644 index 00000000..7854fa5c --- /dev/null +++ b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats + configured with ceilometer user will be removed to ensure the expirer + script is not running. diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml new file mode 100644 index 00000000..d242a5bb --- /dev/null +++ b/roles/BlockStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: BlockStorage # +############################################################################### +- name: BlockStorage + description: | + Cinder Block Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml new file mode 100644 index 00000000..d3de6bae --- /dev/null +++ b/roles/CephStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: CephStorage # +############################################################################### +- name: CephStorage + description: | + Ceph OSD Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Compute.yaml b/roles/Compute.yaml new file mode 100644 index 00000000..73ec6595 --- /dev/null +++ b/roles/Compute.yaml @@ -0,0 +1,40 @@ +############################################################################### +# Role: Compute # +############################################################################### +- name: Compute + description: | + Basic Compute Node role + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp diff --git a/roles/Controller.yaml b/roles/Controller.yaml new file mode 100644 index 00000000..7511d4c0 --- /dev/null +++ b/roles/Controller.yaml @@ -0,0 +1,120 @@ +############################################################################### +# Role: Controller # +############################################################################### +- name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml new file mode 100644 index 00000000..2d1702e8 --- /dev/null +++ b/roles/ControllerOpenstack.yaml @@ -0,0 +1,98 @@ +############################################################################### +# Role: ControllerOpenstack # +############################################################################### +- name: ControllerOpenstack + description: | + Controller role that does not contain the database, messaging and networking + components. Use in combination with the Database, Messaging and Networker + roles. + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar + diff --git a/roles/Database.yaml b/roles/Database.yaml new file mode 100644 index 00000000..3ef751a7 --- /dev/null +++ b/roles/Database.yaml @@ -0,0 +1,23 @@ +############################################################################### +# Role: Database # +############################################################################### +- name: Database + description: | + Standalone database role with the database being managed via Pacemaker + HostnameFormatDefault: '%stackname%-database-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml new file mode 100644 index 00000000..cbef61ab --- /dev/null +++ b/roles/Messaging.yaml @@ -0,0 +1,22 @@ +############################################################################### +# Role: Messaging # +############################################################################### +- name: Messaging + description: | + Standalone messaging role with RabbitMQ being managed via Pacemaker + HostnameFormatDefault: '%stackname%-messaging-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Networker.yaml b/roles/Networker.yaml new file mode 100644 index 00000000..b393fa7b --- /dev/null +++ b/roles/Networker.yaml @@ -0,0 +1,36 @@ +############################################################################### +# Role: Networker # +############################################################################### +- name: Networker + description: | + Standalone networking role to run Neutron services their own. Includes + Pacemaker integration via PacemakerRemote + HostnameFormatDefault: '%stackname%-networker-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpvpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::PacemakerRemote + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml new file mode 100644 index 00000000..3741ca66 --- /dev/null +++ b/roles/ObjectStorage.yaml @@ -0,0 +1,26 @@ +############################################################################### +# Role: ObjectStorage # +############################################################################### +- name: ObjectStorage + description: | + Swift Object Storage node role + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/README.rst b/roles/README.rst new file mode 100644 index 00000000..6c742332 --- /dev/null +++ b/roles/README.rst @@ -0,0 +1,206 @@ +Roles +===== + +The yaml files in this directory can be combined into a single roles_data.yaml +and be used with TripleO to create custom deployments. + +Use tripleoclient to build your own custom roles_data.yaml for your +environment. + +roles_data.yaml +--------------- + +The roles_data.yaml specifies which roles (groups of nodes) will be deployed. +Note this file is used as an input the the various \*.j2.yaml jinja2 templates, +so that they are converted into \*.yaml during the plan creation. This occurs +via a mistral action/workflow. The file format of this file is a yaml list. + +Role YAML files +=============== + +Each role yaml file should contain only a single role. The filename should +match the role name. The name of the role is mandatory and must be unique. + +The role files in this folder should contain at least a role name and the +default list of services for the role. + +Role Options +------------ + +* CountDefault: (number) optional, default number of nodes, defaults to 0 + sets the default for the {{role.name}}Count parameter in overcloud.yaml + +* HostnameFormatDefault: (string) optional default format string for hostname + defaults to '%stackname%-{{role.name.lower()}}-%index%' + sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml + +* disable_constraints: (boolean) optional, whether to disable Nova and Glance + constraints for each role specified in the templates. + +* disable_upgrade_deployment: (boolean) optional, whether to run the + ansible upgrade steps for all services that are deployed on the role. If set + to True, the operator will drive the upgrade for this role's nodes. + +* upgrade_batch_size: (number): batch size for upgrades where tasks are + specified by services to run in batches vs all nodes at once. + This defaults to 1, but larger batches may be specified here. + +* ServicesDefault: (list) optional default list of services to be deployed + on the role, defaults to an empty list. Sets the default for the + {{role.name}}Services parameter in overcloud.yaml + +* tags: (list) list of tags used by other parts of the deployment process to + find the role for a specific type of functionality. Currently a role + with both 'primary' and 'controller' is used as the primary role for the + deployment process. If no roles have have 'primary' and 'controller', the + first role in this file is used as the primary role. + +* description: (string) as few sentences describing the role and information + pertaining to the usage of the role. + +Working with Roles +================== +The tripleoclient provides a series of commands that can be used to view +roles and generate a roles_data.yaml file for deployment. + +Listing Available Roles +----------------------- +The ``openstack overcloud role list`` command can be used to view the list +of roles provided by tripleo-heat-templates. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role list [-h] [--roles-path <roles directory>] + + List availables roles + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role list + BlockStorage + CephStorage + Compute + Controller + ControllerOpenstack + Database + Messaging + Networker + ObjectStorage + Telemetry + Undercloud + +Viewing Role Details +-------------------- +The ``openstack overcloud role show`` command can be used as a quick way to +view some of the information about a role. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role show [-h] [--roles-path <roles directory>] + <role> + + Show information about a given role + + positional arguments: + <role> Role to display more information about. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role show Compute + ############################################################################### + # Role Data for 'Compute' + ############################################################################### + HostnameFormatDefault: '%stackname%-novacompute-%index%' + ServicesDefault: + * OS::TripleO::Services::AuditD + * OS::TripleO::Services::CACerts + * OS::TripleO::Services::CephClient + * OS::TripleO::Services::CephExternal + * OS::TripleO::Services::CertmongerUser + * OS::TripleO::Services::Collectd + * OS::TripleO::Services::ComputeCeilometerAgent + * OS::TripleO::Services::ComputeNeutronCorePlugin + * OS::TripleO::Services::ComputeNeutronL3Agent + * OS::TripleO::Services::ComputeNeutronMetadataAgent + * OS::TripleO::Services::ComputeNeutronOvsAgent + * OS::TripleO::Services::Docker + * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Kernel + * OS::TripleO::Services::MySQLClient + * OS::TripleO::Services::NeutronSriovAgent + * OS::TripleO::Services::NeutronVppAgent + * OS::TripleO::Services::NovaCompute + * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::Ntp + * OS::TripleO::Services::OpenDaylightOvs + * OS::TripleO::Services::Securetty + * OS::TripleO::Services::SensuClient + * OS::TripleO::Services::Snmp + * OS::TripleO::Services::Sshd + * OS::TripleO::Services::Timezone + * OS::TripleO::Services::TripleoFirewall + * OS::TripleO::Services::TripleoPackages + * OS::TripleO::Services::Vpp + name: 'Compute' + +Generate roles_data.yaml +------------------------ +The ``openstack overcloud roles generate`` command can be used to generate +a roles_data.yaml file for deployments. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud roles generate [-h] + [--roles-path <roles directory>] + [-o <output file>] + <role> [<role> ...] + + Generate roles_data.yaml file + + positional arguments: + <role> List of roles to use to generate the roles_data.yaml + file for the deployment. NOTE: Ordering is important + if no role has the "primary" and "controller" tags. If + no role is tagged then the first role listed will be + considered the primary role. This usually is the + controller role. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + -o <output file>, --output-file <output file> + File to capture all output to. For example, + roles_data.yaml + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml new file mode 100644 index 00000000..0f60364b --- /dev/null +++ b/roles/Telemetry.yaml @@ -0,0 +1,30 @@ +############################################################################### +# Role: Telemetry # +############################################################################### +- name: Telemetry + description: | + Telemetry role that has all the telemetry services. + HostnameFormatDefault: '%stackname%-telemetry-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml new file mode 100644 index 00000000..0a9bcadf --- /dev/null +++ b/roles/Undercloud.yaml @@ -0,0 +1,55 @@ +############################################################################### +# Role: Undercloud # +############################################################################### +- name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. + CountDefault: 1 + disable_constraints: True + tags: + - primary + - controller + ServicesDefault: + - OS::TripleO::Services::Apache + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::UndercloudAodhApi + - OS::TripleO::Services::UndercloudAodhEvaluator + - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::UndercloudGnocchiApi + - OS::TripleO::Services::UndercloudGnocchiMetricd + - OS::TripleO::Services::UndercloudGnocchiStatsd + - OS::TripleO::Services::UndercloudPankoApi + - OS::TripleO::Services::Zaqar diff --git a/roles_data.yaml b/roles_data.yaml index 86cd3f0d..c536e834 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -1,248 +1,237 @@ -# Specifies which roles (groups of nodes) will be deployed -# Note this is used as an input to the various *.j2.yaml -# jinja2 templates, so that they are converted into *.yaml -# during the plan creation (via a mistral action/workflow). -# -# The format is a list, with the following format: -# -# * name: (string) mandatory, name of the role, must be unique -# -# CountDefault: (number) optional, default number of nodes, defaults to 0 -# sets the default for the {{role.name}}Count parameter in overcloud.yaml -# -# HostnameFormatDefault: (string) optional default format string for hostname -# defaults to '%stackname%-{{role.name.lower()}}-%index%' -# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml -# -# disable_constraints: (boolean) optional, whether to disable Nova and Glance -# constraints for each role specified in the templates. -# -# disable_upgrade_deployment: (boolean) optional, whether to run the -# ansible upgrade steps for all services that are deployed on the role. If set -# to True, the operator will drive the upgrade for this role's nodes. -# -# upgrade_batch_size: (number): batch size for upgrades where tasks are -# specified by services to run in batches vs all nodes at once. -# This defaults to 1, but larger batches may be specified here. -# -# ServicesDefault: (list) optional default list of services to be deployed -# on the role, defaults to an empty list. Sets the default for the -# {{role.name}}Services parameter in overcloud.yaml -# -# tags: (list) list of tags used by other parts of the deployment process to -# find the role for a specific type of functionality. Currently a role -# with both 'primary' and 'controller' is used as the primary role for the -# deployment process. If no roles have have 'primary' and 'controller', the -# first role in this file is used as the primary role. -# +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Controller # +############################################################################### - name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. CountDefault: 1 tags: - primary - controller + HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - - OS::TripleO::Services::CinderBackup - - OS::TripleO::Services::CinderScheduler - - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::NeutronL2gwAgent - - OS::TripleO::Services::NeutronLinuxbridgeAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy - - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::ExternalSwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::Timezone - # FIXME: This service was disabled in Pike and this entry should be removed - # in Queens. - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::TripleO::Services::ManilaApi - - OS::TripleO::Services::ManilaScheduler - - OS::TripleO::Services::ManilaBackendGeneric - - OS::TripleO::Services::ManilaBackendNetapp - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylightApi - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::Tacker - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::NeutronML2FujitsuCfab - - OS::TripleO::Services::NeutronML2FujitsuFossw - - OS::TripleO::Services::CinderHPELeftHandISCSI - - OS::TripleO::Services::Etcd - - OS::TripleO::Services::AuditD - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::Zaqar +############################################################################### +# Role: Compute # +############################################################################### - name: Compute + description: | + Basic Compute Node role CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent - - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - +############################################################################### +# Role: BlockStorage # +############################################################################### - name: BlockStorage + description: | + Cinder Block Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: ObjectStorage # +############################################################################### - name: ObjectStorage + description: | + Swift Object Storage node role disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: CephStorage # +############################################################################### - name: CephStorage + description: | + Ceph OSD Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker + - OS::TripleO::Services::TripleoPackages diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d57c8fc6..ad760fd6 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -1,49 +1,58 @@ +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Undercloud # +############################################################################### - name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. CountDefault: 1 disable_constraints: True tags: - primary - controller ServicesDefault: - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::MySQL - - OS::TripleO::Services::MongoDb - - OS::TripleO::Services::Keystone - OS::TripleO::Services::Apache - - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Memcached - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement - - OS::TripleO::Services::NovaMetadata - - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MistralEngine - - OS::TripleO::Services::MistralApi - - OS::TripleO::Services::MistralExecutor - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhEvaluator - - OS::TripleO::Services::UndercloudAodhNotifier - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification - OS::TripleO::Services::UndercloudGnocchiApi - OS::TripleO::Services::UndercloudGnocchiMetricd - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi - - OS::TripleO::Services::UndercloudCeilometerAgentCentral - - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::Zaqar |