diff options
263 files changed, 11084 insertions, 4567 deletions
@@ -44,3 +44,18 @@ doc/_build # Built by pbr (python setup.py sdist): AUTHORS ChangeLog + +extraconfig/all_nodes/mac_hostname.yaml +extraconfig/all_nodes/random_string.yaml +extraconfig/all_nodes/swap-partition.yaml +extraconfig/all_nodes/swap.yaml +extraconfig/tasks/major_upgrade_pacemaker_init.yaml +network/service_net_map.yaml +overcloud-resource-registry-puppet.yaml +overcloud.yaml +puppet/blockstorage-config.yaml +puppet/cephstorage-config.yaml +puppet/compute-config.yaml +puppet/controller-config.yaml +puppet/objectstorage-config.yaml +puppet/post.yaml @@ -1,3 +1,12 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/tripleo-heat-templates.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + ====================== tripleo-heat-templates ====================== @@ -44,3 +53,64 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + + +Service testing matrix +---------------------- + +The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` +and should be executed according to the following table: + ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | ++================+=============+=============+=============+=============+=================+ +| keystone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| glance | file | swift | file | file | swift | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cinder | | iscsi | | | iscsi | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| heat | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mysql | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| neutron | ovs | ovs | ovs | ovs | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| rabbitmq | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mongodb | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| redis | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| haproxy | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| keepalived | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| memcached | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| pacemaker | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| nova | qemu | qemu | qemu | qemu | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ntp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| snmp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| timezone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| sahara | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| swift | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| aodh | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ceilometer | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| gnocchi | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| barbican | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| zaqar | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cephrgw | | X | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/ci/README.rst b/ci/README.rst new file mode 100644 index 00000000..44e8626d --- /dev/null +++ b/ci/README.rst @@ -0,0 +1,11 @@ +======================= +TripleO CI environments +======================= + +TripleO CI environments are exclusively used for Continuous Integration +purpose or for development usage. +They should not be used in production and we don't guarantee they work outside +TripleO CI. + +For more informations about TripleO CI, please look: +https://github.com/openstack-infra/tripleo-ci diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml new file mode 100644 index 00000000..49a06881 --- /dev/null +++ b/ci/common/net-config-multinode.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge configured + with a static IP address for the ctlplane network. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: | + #!/bin/bash + ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name + params: + CONTROLPLANEIP: {get_param: ControlPlaneIp} + CONTROLPLANESUBNETCIDR: {get_param: ControlPlaneSubnetCidr} + inputs: + - + name: bridge_name + default: br-ex + description: bridge-name + type: String + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml new file mode 100644 index 00000000..ee5bd648 --- /dev/null +++ b/ci/environments/scenario001-multinode.yaml @@ -0,0 +1,81 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + CinderEnableIscsiBackend: false diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml new file mode 100644 index 00000000..7875ef4e --- /dev/null +++ b/ci/environments/scenario002-multinode.yaml @@ -0,0 +1,52 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml new file mode 100644 index 00000000..26f94d03 --- /dev/null +++ b/ci/environments/scenario003-multinode.yaml @@ -0,0 +1,53 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml new file mode 100644 index 00000000..0d94cea0 --- /dev/null +++ b/ci/environments/scenario004-multinode.yaml @@ -0,0 +1,63 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephRgw + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/pingtests/scenario001-multinode.yaml b/ci/pingtests/scenario001-multinode.yaml new file mode 100644 index 00000000..ede83db0 --- /dev/null +++ b/ci/pingtests/scenario001-multinode.yaml @@ -0,0 +1,186 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario001. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + volume1: + type: OS::Cinder::Volume + properties: + name: Volume1 + image: { get_param: image } + size: 1 + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +# Disabling this resource now +# https://bugs.launchpad.net/tripleo/+bug/1646506 +# gnocchi_res_alarm: +# type: OS::Aodh::GnocchiResourcesAlarm +# properties: +# description: Do stuff with gnocchi +# metric: cpu_util +# aggregation_method: mean +# granularity: 60 +# evaluation_periods: 1 +# threshold: 50 +# alarm_actions: [] +# resource_type: instance +# resource_id: { get_resource: server1 } +# comparison_operator: gt + + asg: + type: OS::Heat::AutoScalingGroup + properties: + max_size: 5 + min_size: 1 + resource: + type: OS::Heat::RandomString + + scaleup_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: asg} + cooldown: 0 + scaling_adjustment: 1 + + alarm: + type: OS::Aodh::Alarm + properties: + description: Scale-up if the average CPU > 50% for 1 minute + meter_name: test_meter + statistic: count + comparison_operator: ge + threshold: 1 + period: 60 + evaluation_periods: 1 + alarm_actions: + - {get_attr: [scaleup_policy, alarm_url]} + matching_metadata: + metadata.metering.stack_id: {get_param: "OS::stack_id"} + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + asg_size: + value: {get_attr: [asg, current_size]} diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml new file mode 100644 index 00000000..1ab7eef9 --- /dev/null +++ b/ci/pingtests/scenario002-multinode.yaml @@ -0,0 +1,158 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario002. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + luks_volume_type: + type: OS::Cinder::VolumeType + properties: + name: LUKS + + encrypted_volume_type: + type: OS::Cinder::EncryptedVolumeType + properties: + volume_type: {get_resource: luks_volume_type} + provider: nova.volume.encryptors.luks.LuksEncryptor + cipher: aes-xts-plain64 + control_location: front-end + key_size: 256 + + volume1: + type: OS::Cinder::Volume + depends_on: encrypted_volume_type + properties: + name: Volume1 + image: { get_param: image } + size: 1 + volume_type: {get_resource: luks_volume_type} + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + zaqar_queue: + type: OS::Zaqar::Queue + properties: + name: pingtest-queue + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/ci/pingtests/scenario003-multinode.yaml b/ci/pingtests/scenario003-multinode.yaml new file mode 100644 index 00000000..445c47af --- /dev/null +++ b/ci/pingtests/scenario003-multinode.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario003. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + sahara-image: + type: OS::Sahara::ImageRegistry + properties: + image: { get_param: image } + username: cirros + tags: + - tripleo + + mistral_workflow: + type: OS::Mistral::Workflow + properties: + type: direct + name: test_workflow + description: Just testing workflow resource. + input: + phrase: Hello! + output: + out: <% $.word %> + tasks: + - name: hello + action: std.echo output=<% $.phrase %> + publish: + word: <% $.hello %> + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + exec: + description: Mistral output verifying execution + value: { get_attr: [mistral_workflow, executions]}
\ No newline at end of file diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml new file mode 100644 index 00000000..17792cd1 --- /dev/null +++ b/ci/pingtests/scenario004-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario004. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/deployed-server/README.rst b/deployed-server/README.rst index ce74e77b..f269b6a4 100644 --- a/deployed-server/README.rst +++ b/deployed-server/README.rst @@ -119,10 +119,15 @@ from the deployment command, the script should be ready to run: [NovaCompute]: CREATE_IN_PROGRESS state changed The user running the script must be able to ssh as root to each server. Define -the hostnames of the deployed servers you intend to use for each role type:: - - export controller_hosts="controller0 controller1 controller2" - export compute_hosts="compute0" +the the names of your custom roles (if applicable) and hostnames of the deployed +servers you intend to use for each role type. For each role name, a +corresponding <role-name>_hosts variable should also be defined, e.g.:: + + export ROLES="Controller NewtorkNode StorageNode Compute" + export Controller_hosts="10.0.0.1 10.0.0.2 10.0.0.3" + export NetworkNode_hosts="10.0.0.4 10.0.0.5 10.0.0.6" + export StorageNode_hosts="10.0.0.7 10.0.08" + export Compute_hosts="10.0.0.9 10.0.0.10 10.0.0.11" Then run the script on the undercloud with a stackrc file sourced, and the script will copy the needed os-collect-config.conf configuration to each diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml deleted file mode 100644 index eb10fba0..00000000 --- a/deployed-server/ctlplane-port.yaml +++ /dev/null @@ -1,23 +0,0 @@ -heat_template_version: 2014-10-16 - -parameters: - Hostname: - type: string - -resources: - - ControlPlanePort: - type: OS::Neutron::Port - properties: - network: ctlplane - name: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - - port - replacement_policy: AUTO - -outputs: - ip_address: - value: {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} diff --git a/deployed-server/deployed-neutron-port.yaml b/deployed-server/deployed-neutron-port.yaml new file mode 100644 index 00000000..7855be89 --- /dev/null +++ b/deployed-server/deployed-neutron-port.yaml @@ -0,0 +1,67 @@ +heat_template_version: 2016-10-14 + +description: " + A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on + the input from the DeployedServerPortMap (set via parameter_defaults). This + lookup requires the use of port naming conventions. In order for this to work + with deployed-server the keys should be <hostname>-<network>. + Example: + parameter_defaults: + DeployedServerPortMap: + gatsby_ctlplane: + fixed_ips: + - ip_address: 127.0.0.1 + subnets: + - cidr: 24" + +parameters: + name: + default: '' + type: string + network: + default: '' + type: string + fixed_ips: + default: '' + type: comma_delimited_list + replacement_policy: + default: '' + type: string + DeployedServerPortMap: + default: {} + type: json + + +outputs: + fixed_ips: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, fixed_ips]} + subnets: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, subnets]} + name: + value: {get_param: name} + status: + value: DOWN + allowed_address_pairs: + value: {} + device_id: + value: '' + device_owner: + value: {get_param: network} + dns_assignment: + value: '' + port_security_enabled: + value: False + admin_state_up: + value: False + security_groups: + value: {} + network_id: + value: '' + tenant_id: + value: '' + qos_policy_id: + value: '' + mac_address: + value: '' diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml deleted file mode 100644 index 8c59dc72..00000000 --- a/deployed-server/deployed-server-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -heat_template_version: 2014-10-16 -parameters: - user_data_format: - type: string - default: SOFTWARE_CONFIG - -resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID - deployed-server-config: - type: OS::Heat::SoftwareConfig - -outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. - user_data_format: - value: SOFTWARE_CONFIG - OS::stack_id: - value: {get_resource: deployed-server-config} - - diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index da5698e5..e4f35507 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -21,7 +21,7 @@ parameters: default: '' name: type: string - default: '' + default: 'deployed-server' image_update_policy: type: string default: '' @@ -40,20 +40,18 @@ parameters: default: {} resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID deployed-server: - type: OS::TripleO::DeployedServerConfig + type: OS::Heat::DeployedServer properties: - user_data_format: SOFTWARE_CONFIG + name: {get_param: name} + software_config_transport: {get_param: software_config_transport} InstanceIdConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: apply-config config: - instance-id: {get_attr: [deployed-server, "OS::stack_id"]} + instance-id: {get_resource: deployed-server} InstanceIdDeployment: type: OS::Heat::StructuredDeployment @@ -69,21 +67,10 @@ resources: #!/bin/bash set -eux mkdir -p $heat_outputs_path - host=$(hostnamectl --static) - echo -n "$host " > $heat_outputs_path.hosts_entry - host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")") - echo -n "$host_ip " >> $heat_outputs_path.hosts_entry - echo >> $heat_outputs_path.hosts_entry - cat $heat_outputs_path.hosts_entry - echo -n $host_ip > $heat_outputs_path.ip_address - cat $heat_outputs_path.ip_address + host=$(hostname -s) echo -n $host > $heat_outputs_path.hostname cat $heat_outputs_path.hostname outputs: - - name: hosts_entry - description: hosts_entry - - name: ip_address - description: ip_address - name: hostname description: hostname @@ -93,23 +80,23 @@ resources: config: {get_resource: HostsEntryConfig} server: {get_resource: deployed-server} - ControlPlanePort: + ControlPlanePortImpl: type: OS::TripleO::DeployedServer::ControlPlanePort properties: - Hostname: {get_attr: [HostsEntryDeployment, hostname]} + network: ctlplane + name: + list_join: + - '-' + - - {get_attr: [HostsEntryDeployment, hostname]} + - ctlplane + replacement_policy: AUTO outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. OS::stack_id: - value: {get_attr: [deployed-server, "OS::stack_id"]} + value: {get_resource: deployed-server} networks: value: ctlplane: - - {get_attr: [ControlPlanePort, ip_address]} + - {get_attr: [ControlPlanePortImpl, fixed_ips, 0, ip_address]} name: - value: {get_attr: [HostsEntryDeployment, hostname]} - hosts_entry: - value: {get_attr: [HostsEntryDeployment, hosts_entry]} - ip_address: - value: {get_attr: [HostsEntryDeployment, ip_address]} + value: {get_attr: [HostsEntryDeployment, hostname]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index 2c01174e..404244b1 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -11,28 +11,36 @@ OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""} CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""} SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"} SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32" +OVERCLOUD_ROLES=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} + +# Set the _hosts vars for the default roles based on the old var names that +# were all caps for backwards compatibility. +Controller_hosts=${Controller_hosts:-"$CONTROLLER_HOSTS"} +Compute_hosts=${Compute_hosts:-"$COMPUTE_HOSTS"} +BlockStorage_hosts=${BlockStorage_hosts:-"$BLOCKSTORAGE_HOSTS"} +ObjectStorage_hosts=${ObjectStorage_hosts:-"$OBJECTSTORAGE_HOSTS"} +CephStorage_hosts=${CephStorage_hosts:-"$CEPHSTORAGE_HOSTS"} + +# Set the _hosts_a vars for each role defined +for role in $OVERCLOUD_ROLES; do + eval hosts=\${${role}_hosts} + read -a ${role}_hosts_a <<< $hosts +done -read -a Controller_hosts_a <<< $CONTROLLER_HOSTS -read -a Compute_hosts_a <<< $COMPUTE_HOSTS -read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS -read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS -read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS - -roles="Controller Compute BlockStorage ObjectStorage CephStorage" admin_user_id=$(openstack user show admin -c id -f value) admin_project_id=$(openstack project show admin -c id -f value) function check_stack { - local stack_to_check=$1 + local stack_to_check=${1:-""} - if [ "$stack_to_check" = "|" ]; then + if [ "$stack_to_check" = "" ]; then echo Stack not created return 1 fi echo Checking if $1 stack is created set +e - heat resource-list $stack_to_check + openstack stack resource list $stack_to_check rc=$? set -e @@ -44,18 +52,18 @@ function check_stack { } -for role in $roles; do +for role in $OVERCLOUD_ROLES; do while ! check_stack overcloud; do sleep $SLEEP_TIME done - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) while ! check_stack $rg_stack; do sleep $SLEEP_TIME - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) done - stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}') + stacks=$(openstack stack resource list $rg_stack -c physical_resource_id -f value) i=0 @@ -65,30 +73,25 @@ for role in $roles; do server_resource_name="NovaCompute" fi - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) while ! check_stack $server_stack; do sleep $SLEEP_TIME - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}') + deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url') echo "======================" echo "$role$i os-collect-config.conf configuration:" config=" [DEFAULT] -collectors=heat +collectors=request command=os-refresh-config polling_interval=30 -[heat] -user_id=$admin_user_id -password=$OS_PASSWORD -auth_url=$OS_AUTH_URL -project_id=$admin_project_id -stack_id=$deployed_server_stack -resource_name=deployed-server-config" +[request] +metadata_url=$deployed_server_metadata_url" echo "$config" echo "======================" diff --git a/docker/README-containers.md b/docker/README-containers.md index ff062a93..5a9f6f3c 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -20,6 +20,9 @@ glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x You can use the tripleo.sh script up until the point of running the Overcloud. https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh +You will want to set up the runtime puppet script delivery system described here: +http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html + Create the Overcloud: ``` $ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml deleted file mode 100644 index 60b831be..00000000 --- a/docker/compute-post.yaml +++ /dev/null @@ -1,349 +0,0 @@ -heat_template_version: 2015-10-15 -description: > - OpenStack compute node post deployment for Docker. - -parameters: - servers: - type: json - DeployIdentifier: - type: string - description: Value which changes if the node configuration may need to be re-applied - DockerNamespace: - type: string - default: tripleoupstream - DockerComputeImage: - type: string - DockerComputeDataImage: - type: string - DockerLibvirtImage: - type: string - DockerOpenvswitchImage: - type: string - DockerOvsVswitchdImage: - type: string - DockerOpenvswitchDBImage: - type: string - LibvirtConfig: - type: string - default: "/etc/libvirt/libvirtd.conf" - NovaConfig: - type: string - default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" - NeutronOpenvswitchAgentConfig: - type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - RoleData: - type: json - default: {} - - -resources: - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - tags: package,file,concat,file_line,nova_config,neutron_config,neutron_agent_ovs,neutron_plugin_ml2 - inputs: - - name: tripleo::packages::enable_install - type: Boolean - default: True - outputs: - - name: result - config: - list_join: - - '' - - - get_file: ../puppet/manifests/overcloud_compute.pp - - {get_param: StepConfig} - - - ComputePuppetDeployment: - type: OS::Heat::SoftwareDeployments - properties: - name: ComputePuppetDeployment - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - update_identifier: {get_param: DeployIdentifier} - tripleo::packages::enable_install: True - - CopyEtcConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: {get_file: ./copy-etc.sh} - - CopyEtcDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: ComputePuppetDeployment - properties: - name: CopyEtcDeployment - config: {get_resource: CopyEtcConfig} - servers: {get_param: servers} - - CopyJsonConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - inputs: - - name: libvirt_config - - name: nova_config - - name: neutron_openvswitch_agent_config - config: | - #!/bin/python - import json - import os - - data = {} - file_perms = '600' - libvirt_perms = '644' - - libvirt_config = os.getenv('libvirt_config').split(',') - nova_config = os.getenv('nova_config').split(',') - neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') - - # Command, Config_files, Owner, Perms - services = {'nova-libvirt': ['/usr/sbin/libvirtd', libvirt_config, 'root', libvirt_perms], - 'nova-compute': ['/usr/bin/nova-compute', nova_config, 'nova', file_perms], - 'neutron-openvswitch-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_openvswitch_agent_config, 'neutron', file_perms], - 'ovs-vswitchd': ['/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log'], - 'ovsdb-server': ['/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log'] - } - - - def build_config_files(config, owner, perms): - config_source = '/var/lib/kolla/config_files/' - config_files_dict = {} - source = os.path.basename(config) - dest = config - config_files_dict.update({'source': config_source + source, - 'dest': dest, - 'owner': owner, - 'perm': perms}) - return config_files_dict - - - for service in services: - if service != 'ovs-vswitchd' and service != 'ovsdb-server': - command = services.get(service)[0] - config_files = services.get(service)[1] - owner = services.get(service)[2] - perms = services.get(service)[3] - config_files_list = [] - for config_file in config_files: - if service == 'nova-libvirt': - command = command + ' --config ' + config_file - else: - command = command + ' --config-file ' + config_file - data['command'] = command - config_files_dict = build_config_files(config_file, owner, perms) - config_files_list.append(config_files_dict) - data['config_files'] = config_files_list - else: - data['command'] = services.get(service)[0] - data['config_files'] = [] - - json_config_dir = '/var/lib/etc-data/json-config/' - with open(json_config_dir + service + '.json', 'w') as json_file: - json.dump(data, json_file, sort_keys=True, indent=4, separators=(',', ': ')) - - CopyJsonDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: CopyEtcDeployment - properties: - name: CopyJsonDeployment - config: {get_resource: CopyJsonConfig} - servers: {get_param: servers} - input_values: - libvirt_config: {get_param: LibvirtConfig} - nova_config: {get_param: NovaConfig} - neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeployments - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: servers} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /run:/run - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/openvswitchd:/etc/openvswitchd - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeployments - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: servers} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - - LibvirtContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] - properties: - name: LibvirtContainersDeployment - config: {get_resource: LibvirtContainersConfig} - servers: {get_param: servers} - - LibvirtContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - computedata: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ] - container_name: computedata - volumes: - - /var/lib/nova/instances - - /var/lib/libvirt - - libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /sys/fs/cgroup:/sys/fs/cgroup - - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - NovaComputeContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] - properties: - name: NovaComputeContainersDeployment - config: {get_resource: NovaComputeContainersConfig} - servers: {get_param: servers} - - NovaComputeContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - neutronovsagent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - str_split: - - "," - - list_join: - - "," - - [ "/run:/run", "/lib/modules:/lib/modules:ro", - "/var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json", - "/var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro", - "/var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro", - {get_param: NeutronOpenvswitchAgentPluginVolume}, - {get_param: NeutronOpenvswitchAgentOvsVolume} ] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - novacompute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /etc/iscsi:/etc/iscsi - - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro - - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - ExtraConfig: - depends_on: NovaComputeContainersDeployment - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/docker/copy-json.py b/docker/copy-json.py new file mode 100644 index 00000000..e85ff11e --- /dev/null +++ b/docker/copy-json.py @@ -0,0 +1,72 @@ +#!/bin/python +import json +import os + +data = {} +file_perms = '0600' +libvirt_perms = '0644' + +libvirt_config = os.getenv('libvirt_config').split(',') +nova_config = os.getenv('nova_config').split(',') +neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') + +# Command, Config_files, Owner, Perms +services = { + 'nova-libvirt': [ + '/usr/sbin/libvirtd', + libvirt_config, + 'root', + libvirt_perms], + 'nova-compute': [ + '/usr/bin/nova-compute', + nova_config, + 'nova', + file_perms], + 'neutron-openvswitch-agent': [ + '/usr/bin/neutron-openvswitch-agent', + neutron_openvswitch_agent_config, + 'neutron', + file_perms], + 'ovs-vswitchd': [ + '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'], + 'ovsdb-server': [ + '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log'] +} + + +def build_config_files(config, owner, perms): + config_source = '/var/lib/kolla/config_files/' + config_files_dict = {} + source = os.path.basename(config) + dest = config + config_files_dict.update({'source': config_source + source, + 'dest': dest, + 'owner': owner, + 'perm': perms}) + return config_files_dict + + +for service in services: + if service != 'ovs-vswitchd' and service != 'ovsdb-server': + command = services.get(service)[0] + config_files = services.get(service)[1] + owner = services.get(service)[2] + perms = services.get(service)[3] + config_files_list = [] + for config_file in config_files: + if service == 'nova-libvirt': + command = command + ' --config ' + config_file + else: + command = command + ' --config-file ' + config_file + data['command'] = command + config_files_dict = build_config_files(config_file, owner, perms) + config_files_list.append(config_files_dict) + data['config_files'] = config_files_list + else: + data['command'] = services.get(service)[0] + data['config_files'] = [] + + json_config_dir = '/var/lib/etc-data/json-config/' + with open(json_config_dir + service + '.json', 'w') as json_file: + json.dump(data, json_file, sort_keys=True, indent=4, + separators=(',', ': ')) diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index 65c4e6dc..40e5248a 100644..100755 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -18,12 +18,14 @@ echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts #echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker # Local docker registry 1.8 -if [ $docker_namespace_is_registry ]; then +# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is +# a place holder for text replacement done via heat +if [ "$docker_namespace_is_registry" = True ]; then /usr/bin/systemctl stop docker.service # if namespace is used with local registry, trim all namespacing trim_var=$docker_registry registry_host="${trim_var%%/*}" - /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker + /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker /usr/bin/systemctl start --no-block docker.service fi @@ -32,6 +34,29 @@ DOCKER_PULL_PID=$! mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container +# NOTE(flaper87): Heat Agent required mounts +AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ + -v /run:/run \ + -v /etc:/host/etc \ + -v /usr/bin/atomic:/usr/bin/atomic \ + -v /var/lib/dhclient:/var/lib/dhclient \ + -v /var/lib/cloud:/var/lib/cloud \ + -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ + -v /etc/sysconfig/docker:/etc/sysconfig/docker \ + -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ + -v /var/lib/os-collect-config:/var/lib/os-collect-config \ + -v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \ + -v /var/lib/heat-config:/var/lib/heat-config \ + -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" + + +# NOTE(flaper87): Some of these commands may not be present depending on the +# atomic version. +for docker_cmd in docker docker-current docker-latest; do + if [ -f "/usr/bin/$docker_cmd" ]; then + AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd" + fi +done # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -46,7 +71,9 @@ User=root Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image +ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ + $AGENT_COMMAND_MOUNTS \ + --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents [Install] diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml new file mode 100644 index 00000000..6cb92c83 --- /dev/null +++ b/docker/post.j2.yaml @@ -0,0 +1,287 @@ +heat_template_version: 2016-10-14 + +description: > + Post-deploy configuration steps via puppet for all roles, + as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + + DockerOpenvswitchDBImage: + description: image + default: 'centos-binary-openvswitch-db-server' + type: string + + DockerOvsVswitchdImage: + description: image + default: 'centos-binary-openvswitch-vswitchd' + type: string + + LibvirtConfig: + type: string + default: "/etc/libvirt/libvirtd.conf" + + NovaConfig: + type: string + default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" + + NeutronOpenvswitchAgentConfig: + type: string + default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + +resources: + +{% for role in roles %} + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number + # {{role.name}} Role steps + {{role.name}}ArtifactsConfig: + type: ../puppet/deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + {% if role.name.lower() == 'compute' %} + PuppetTags: {get_param: [role_data, {{role.name}}, puppet_tags]} + {% endif %} + + # Step through a series of configuration steps + {{role.name}}Deployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}Deployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 1 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step1 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step3: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step2 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step3 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step4: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step3 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step4 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step5: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step4 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step5 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 5 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + + {% if role.name.lower() == 'compute' %} + CopyEtcConfig: + type: OS::Heat::SoftwareConfig + depends_on: {{role.name}}PostConfig + properties: + group: script + outputs: + - name: result + config: {get_file: ../docker/copy-etc.sh} + + CopyEtcDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: CopyEtcDeployment + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: CopyEtcConfig} + + CopyJsonConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: libvirt_config + - name: nova_config + - name: neutron_openvswitch_agent_config + config: {get_file: ../docker/copy-json.py} + + CopyJsonDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CopyEtcDeployment + properties: + name: CopyJsonDeployment + config: {get_resource: CopyJsonConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + libvirt_config: {get_param: LibvirtConfig} + nova_config: {get_param: NovaConfig} + neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} + + NovaComputeContainersDeploymentOVS: + type: OS::Heat::StructuredDeploymentGroup + depends_on: CopyJsonDeployment + properties: + name: NovaComputeContainersDeploymentOVS + config: {get_resource: NovaComputeContainersConfigOVS} + servers: {get_param: [servers, {{role.name}}]} + + NovaComputeContainersConfigOVS: + type: OS::Heat::StructuredConfig + properties: + group: docker-cmd + config: + openvswitchdb: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] + net: host + restart: always + volumes: + - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /run:/run + - logs:/var/log/kolla/ + - openvswitch_db:/var/lib/openvswitch/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + ovsvswitchd: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] + net: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + {{role.name}}ContainersConfig_Step1: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_1]} + + {{role.name}}ContainersConfig_Step2: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_2]} + + {{role.name}}ContainersDeployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}ContainersDeployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step1} + + {{role.name}}ContainersDeployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: {{role.name}}ContainersDeployment_Step1 + properties: + name: {{role.name}}ContainersDeployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step2} + {% endif %} +{% endfor %} diff --git a/docker/services/README.rst b/docker/services/README.rst new file mode 100644 index 00000000..8d1f9e86 --- /dev/null +++ b/docker/services/README.rst @@ -0,0 +1,60 @@ +======== +services +======== + +A TripleO nested stack Heat template that encapsulates generic configuration +data to configure a specific service. This generally includes everything +needed to configure the service excluding the local bind ports which +are still managed in the per-node role templates directly (controller.yaml, +compute.yaml, etc.). All other (global) service settings go into +the puppet/service templates. + +Input Parameters +---------------- + +Each service may define its own input parameters and defaults. +Operators will use the parameter_defaults section of any Heat +environment to set per service parameters. + +Config Settings +--------------- + +Each service may define a config_settings output variable which returns +Hiera settings to be configured. + +Steps +----- + +Each service may define an output variable which returns a puppet manifest +snippet that will run at each of the following steps. Earlier manifests +are re-asserted when applying latter ones. + + * config_settings: Custom hiera settings for this service. These are + used to generate configs. + + * step_config: A puppet manifest that is used to step through the deployment + sequence. Each sequence is given a "step" (via hiera('step') that provides + information for when puppet classes should activate themselves. + + * docker_compose: + + * container_name: + + * volumes: + +Steps correlate to the following: + + 1) Service configuration generation with puppet. + + 2) Early Openstack Service setup (database init?) + + 3) Early containerized networking services startup (OVS) + + 4) Network configuration + + 5) General OpenStack Services + + 6) Service activation (Pacemaker) + + 7) Fencing (Pacemaker) + diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml new file mode 100644 index 00000000..8d092a34 --- /dev/null +++ b/docker/services/neutron-ovs-agent.yaml @@ -0,0 +1,75 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Neutron openvswitch service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOpenvswitchImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent' + type: string + NeutronOpenvswitchAgentPluginVolume: + type: string + default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" + NeutronOpenvswitchAgentOvsVolume: + type: string + default: " " + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronOvsAgentBase: + type: ../../puppet/services/neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Neutron openvswitch service + value: + config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]} + step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]} + puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + docker_config: + step_1: + neutronovsagent: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro + - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro + - {get_param: NeutronOpenvswitchAgentPluginVolume} + - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml new file mode 100644 index 00000000..5c56aeee --- /dev/null +++ b/docker/services/nova-compute.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack containerized Nova Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaComputeBase: + type: ../../puppet/services/nova-compute.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} + step_config: {get_attr: [NovaComputeBase, role_data, step_config]} + puppet_tags: nova_config,nova_paste_api_ini + docker_config: + step_1: + novacompute: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - logs:/var/log/kolla/ + - /etc/iscsi:/etc/iscsi + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml new file mode 100644 index 00000000..36511557 --- /dev/null +++ b/docker/services/nova-libvirt.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Libvirt Service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerLibvirtImage: + description: image + default: 'centos-binary-libvirt' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaLibvirtBase: + type: ../../puppet/services/nova-libvirt.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} + step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]} + puppet_tags: nova_config + docker_config: + step_1: + nova_libvirt: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - /sys/fs/cgroup:/sys/fs/cgroup + - logs:/var/log/kolla/ + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + - nova_libvirt_qemu:/etc/libvirt/qemu + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/services.yaml b/docker/services/services.yaml new file mode 100644 index 00000000..37e7b655 --- /dev/null +++ b/docker/services/services.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2016-10-14 + +description: > + Utility stack to convert an array of services into a set of combined + role configs. + +parameters: + Services: + default: [] + description: | + List nested stack service templates. + type: comma_delimited_list + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + description: Mapping of service -> default password. Used to help + pass top level passwords managed by Heat into services. + type: json + +resources: + + PuppetServices: + type: ../../puppet/services/services.yaml + properties: + Services: {get_param: Services} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + + ServiceChain: + type: OS::Heat::ResourceChain + properties: + resources: {get_param: Services} + concurrent: true + resource_properties: + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: + {get_attr: [PuppetServices, role_data, service_names]} + monitoring_subscriptions: + {get_attr: [PuppetServices, role_data, monitoring_subscriptions]} + logging_sources: + {get_attr: [PuppetServices, role_data, logging_sources]} + logging_groups: + {get_attr: [PuppetServices, role_data, logging_groups]} + service_config_settings: + {get_attr: [PuppetServices, role_data, service_config_settings]} + config_settings: + {get_attr: [PuppetServices, role_data, config_settings]} + global_config_settings: + {get_attr: [PuppetServices, role_data, global_config_settings]} + step_config: + {get_attr: [PuppetServices, role_data, step_config]} + puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]} + docker_config: + step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}} + step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}} diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml index 0437cc67..b9a84342 100644 --- a/environments/cinder-netapp-config.yaml +++ b/environments/cinder-netapp-config.yaml @@ -25,5 +25,5 @@ parameter_defaults: CinderNetappControllerIps: '' CinderNetappSaPassword: '' CinderNetappStoragePools: '' - CinderNetappEseriesHostType: 'linux_dm_mp' + CinderNetappHostType: '' CinderNetappWebservicePath: '/devmgr/v2' diff --git a/environments/debug.yaml b/environments/debug.yaml new file mode 100644 index 00000000..b938555c --- /dev/null +++ b/environments/debug.yaml @@ -0,0 +1,5 @@ +# A Heat environment file which can be used to enable the debug +# setting in the overcloud openstack services configuration. + +parameter_defaults: + Debug: true diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml index c63d399a..7a6639f9 100644 --- a/environments/deployed-server-environment.yaml +++ b/environments/deployed-server-environment.yaml @@ -1,4 +1,3 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/ctlplane-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index cfda314d..54f5e41d 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,4 +1,3 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index c03d8511..9b0f65f9 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,7 +1,16 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::ComputePostDeployment: ../docker/compute-post.yaml - OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Compute::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml + # NOTE (dprince) here we set new roles to be docker enabled as we add support + #OS::TripleO::ComputePostDeploySteps: ../docker/post.yaml + # NOTE (mandre) Defining per role post deploy steps doesn't work yet + # Set a global PostDeploySteps that works for both containerized and + # non-containerized roles + OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::Services: ../docker/services/services.yaml parameter_defaults: NovaImage: atomic-image @@ -10,11 +19,15 @@ parameter_defaults: DockerNamespace: tripleoupstream # Enable local Docker registry DockerNamespaceIsRegistry: false - # Compute Node Images - DockerComputeImage: centos-binary-nova-compute:latest - DockerAgentImage: heat-docker-agents:latest - DockerComputeDataImage: centos-binary-data:latest - DockerLibvirtImage: centos-binary-nova-libvirt:latest - DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest - DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest - DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest + DockerAgentImage: heat-docker-agents:newton + # Docker containers + DockerNovaComputeImage: centos-binary-nova-compute:newton + DockerLibvirtImage: centos-binary-nova-libvirt:newton + DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton + DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton + DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton + + ComputeServices: + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::ComputeNeutronOvsAgent diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml new file mode 100644 index 00000000..6e912faa --- /dev/null +++ b/environments/enable-internal-tls.yaml @@ -0,0 +1,8 @@ +# A Heat environment file which can be used to enable a +# a TLS for in the internal network via certmonger +parameter_defaults: + EnableInternalTLS: true +resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml + OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index cee4ae4a..77fa5a49 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -5,7 +5,24 @@ resource_registry: parameter_defaults: ComputeServices: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::CephOSD - -parameter_merge_strategies: - ComputeServices: merge
\ No newline at end of file diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml index eefa7026..c583ca79 100644 --- a/environments/logging-environment.yaml +++ b/environments/logging-environment.yaml @@ -4,7 +4,7 @@ resource_registry: OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml -parameter_defaults: +#parameter_defaults: ## Simple configuration # diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml index ad428686..47b2003d 100644 --- a/environments/low-memory-usage.yaml +++ b/environments/low-memory-usage.yaml @@ -13,3 +13,6 @@ parameter_defaults: ApacheMaxRequestWorkers: 32 ApacheServerLimit: 32 + + ControllerExtraConfig: + 'nova::network::neutron::neutron_url_timeout': '60' diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml new file mode 100644 index 00000000..69d72edd --- /dev/null +++ b/environments/major-upgrade-all-in-one.yaml @@ -0,0 +1,8 @@ +# We run the upgrade steps without disabling the OS::TripleO::PostDeploySteps +# this means you can do a major upgrade in one pass, which may be useful +# e.g for all-in-one deployments where we can upgrade the compute services +# at the same time as the controlplane +# Note that it will be necessary to pass a mapping of OS::Heat::None again for +# any subsequent updates, or the upgrade steps will run again. +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml new file mode 100644 index 00000000..6798c255 --- /dev/null +++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml @@ -0,0 +1,7 @@ +resource_registry: + + # This initiates the upgrades for ceilometer api to run under apache wsgi + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml + + # no-op the rest + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml new file mode 100644 index 00000000..7e10014b --- /dev/null +++ b/environments/major-upgrade-composable-steps.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml index f023cb32..e9a5f9be 100644 --- a/environments/major-upgrade-pacemaker-converge.yaml +++ b/environments/major-upgrade-pacemaker-converge.yaml @@ -1,2 +1,6 @@ parameter_defaults: UpgradeLevelNovaCompute: '' + +resource_registry: + OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml new file mode 100644 index 00000000..e0aaf130 --- /dev/null +++ b/environments/major-upgrade-remove-sahara.yaml @@ -0,0 +1,6 @@ +parameter_defaults: + KeepSaharaServicesOnUpgrade: false +resource_registry: + OS::TripleO::Services::SaharaApi: OS::Heat::None + OS::TripleO::Services::SaharaEngine: OS::Heat::None + diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml index 4115d8b2..5632d8d6 100644 --- a/environments/manila-cephfsnative-config.yaml +++ b/environments/manila-cephfsnative-config.yaml @@ -1,18 +1,17 @@ # A Heat environment file which can be used to enable a # a Manila CephFS Native driver backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml parameter_defaults: - ManilaCephFSNativeEnableBackend: true ManilaCephFSNativeBackendName: cephfsnative ManilaCephFSNativeDriverHandlesShareServers: false - ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: 'manila' ManilaCephFSNativeCephFSClusterName: 'ceph' ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml index a847a02b..65884a94 100644 --- a/environments/manila-generic-config.yaml +++ b/environments/manila-generic-config.yaml @@ -1,17 +1,16 @@ # This environment file enables Manila with the Generic backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml parameter_defaults: ManilaServiceInstanceUser: '' ManilaServiceInstancePassword: '' ManilaServiceInstanceFlavorId: 2 ManilaServiceNetworkCidr: '172.16.0.0/16' - ManilaGenericEnableBackend: true ManilaGenericBackendName: tripleo_generic ManilaGenericDriverHandlesShareServers: true ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml index 98de6adf..7eb14941 100644 --- a/environments/manila-netapp-config.yaml +++ b/environments/manila-netapp-config.yaml @@ -1,13 +1,12 @@ # This environment file enables Manila with the Netapp backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml parameter_defaults: - ManilaNetappEnableBackend: true ManilaNetappBackendName: tripleo_netapp ManilaNetappDriverHandlesShareServers: true ManilaNetappLogin: '' diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml index a8ad2084..f4aa67a9 100644 --- a/environments/monitoring-environment.yaml +++ b/environments/monitoring-environment.yaml @@ -1,30 +1,16 @@ -## A Heat environment file which can be used to set up monitoring -## and logging agents +## A Heat environment file which can be used to set up monitoring agents resource_registry: OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml -parameter_defaults: - #### Sensu settings #### - ##MonitoringRabbitHost: 10.10.10.10 - ##MonitoringRabbitPort: 5672 - ##MonitoringRabbitUserName: sensu - ##MonitoringRabbitPassword: sensu - ##MonitoringRabbitUseSSL: false - ##MonitoringRabbitVhost: "/sensu" - ##SensuClientCustomConfig: - ## - api: - ## - warning: 10 - ## critical: 20 - ## openstack: - ## - username: admin - ## password: changeme - ## project_name: admin - ## auth_url: http://controller:5000/v2.0 - ## region_name: RegionOne - - #### EFK settings #### - ## TBD - - #### Grafana/Graphite settings #### - ## TBD +#parameter_defaults: +# MonitoringRabbitHost: 10.10.10.10 +# MonitoringRabbitPort: 5672 +# MonitoringRabbitUserName: sensu +# MonitoringRabbitPassword: sensu +# MonitoringRabbitUseSSL: false +# MonitoringRabbitVhost: "/sensu" +# SensuClientCustomConfig: +# api: +# warning: 10 +# critical: 20 diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index d0fc9ec6..b02fc198 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -50,7 +50,12 @@ parameter_defaults: DnsServers: ["8.8.8.8","8.8.4.4"] # Set to empty string to enable multiple external networks or VLANs NeutronExternalNetworkBridge: "''" + # List of Neutron network types for tenant networks (will be used in order) + NeutronNetworkType: 'vxlan,vlan' # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. NeutronTunnelTypes: 'vxlan' + # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000': + NeutronNetworkVLANRanges: 'datacentre:1:1000' # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" + # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup. BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 821ad0c2..bafb2a73 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -5,6 +5,9 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml +# Disabling Neutron services that overlap with OVN + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index e157ae35..74899246 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -19,7 +19,7 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin' + NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' NeutronEnableDHCPAgent: false NeutronServicePlugins: [] NovaOVSBridge: 'alubr0' diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml index d61270b2..00be3048 100644 --- a/environments/neutron-opendaylight-l3.yaml +++ b/environments/neutron-opendaylight-l3.yaml @@ -2,12 +2,12 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml - OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml OS::TripleO::Services::NeutronL3Agent: OS::Heat::None parameter_defaults: - EnableOpenDaylightOnController: true NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight' NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin" diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 8fa2e542..35c90aab 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -2,10 +2,10 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml - OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml parameter_defaults: - EnableOpenDaylightOnController: true NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight' diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index b658d3a5..973cbe16 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -30,10 +30,15 @@ parameter_defaults: # affect the agent on the controller node. NeutronL3AgentMode: 'dvr_snat' - # L3 HA isn't supported for DVR enabled routers. If upgrading from a system - # where L3 HA is enabled and has neutron routers configured, it is - # recommended setting this value to true until such time all routers can be - # migrated to DVR routers. Once migration of the routers is complete, - # NeutronL3HA can be returned to false. All new systems should be deployed - # with NeutronL3HA set to false. - NeutronL3HA: false + # Enabling DVR deploys additional services to the compute nodes that through + # normal operation will consume memory. The amount required is roughly + # proportional to the number of Neutron routers that will be scheduled to + # that host. It is necessary to reserve memory on the compute nodes to avoid + # memory issues when creating instances that are connected to routed + # networks. The current expected consumption is 50 MB per router in addition + # to the base reserved amount. Deployers should refer to existing + # documentation, release notes, etc. for additional information on estimating + # an appropriate value. The provided value here is based on an estimate of 10 + # routers and is an example value *only* and should be reviewed and modified + # if necessary before deploying. + NovaReservedHostMemory: 2560 diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8cfbab6d..b8e93f20 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -16,3 +16,6 @@ resource_registry: OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): + + # Services that are disabled for HA deployments with pacemaker + OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/services/barbican.yaml b/environments/services/barbican.yaml new file mode 100644 index 00000000..1735646a --- /dev/null +++ b/environments/services/barbican.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable +# Barbican with the default secret store backend. +resource_registry: + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml diff --git a/environments/services/haproxy-internal-tls-certmonger.yaml b/environments/services/haproxy-internal-tls-certmonger.yaml new file mode 100644 index 00000000..074fec4d --- /dev/null +++ b/environments/services/haproxy-internal-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml diff --git a/environments/services/haproxy-public-tls-certmonger.yaml b/environments/services/haproxy-public-tls-certmonger.yaml new file mode 100644 index 00000000..d3ad3ad4 --- /dev/null +++ b/environments/services/haproxy-public-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml diff --git a/environments/services/panko.yaml b/environments/services/panko.yaml new file mode 100644 index 00000000..28bf99f6 --- /dev/null +++ b/environments/services/panko.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml new file mode 100644 index 00000000..ee137925 --- /dev/null +++ b/environments/services/zaqar.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml index 8cf34622..8e02c300 100644 --- a/environments/storage-environment.yaml +++ b/environments/storage-environment.yaml @@ -34,18 +34,18 @@ parameter_defaults: # CinderNfsServers: '' - #### GLANCE FILE BACKEND PACEMAKER SETTINGS (used for mounting NFS) #### + #### GLANCE NFS SETTINGS #### - ## Whether to make Glance 'file' backend a mount managed by Pacemaker - # GlanceFilePcmkManage: false - ## File system type of the mount - # GlanceFilePcmkFstype: nfs - ## Pacemaker mount point, e.g. '192.168.122.1:/export/glance' for NFS - ## (If using IPv6, use both double- and single-quotes, - ## e.g. "'[fdd0::1]:/export/glance'") - # GlanceFilePcmkDevice: '' - ## Options for the mount managed by Pacemaker - # GlanceFilePcmkOptions: '' + ## Make sure to set `GlanceBackend: file` when enabling NFS + ## + ## Whether to make Glance 'file' backend a NFS mount + # GlanceNfsEnabled: false + ## NFS share for image storage, e.g. '192.168.122.1:/export/glance' + ## (If using IPv6, use both double- and single-quotes, + ## e.g. "'[fdd0::1]:/export/glance'") + # GlanceNfsShare: '' + ## Mount options for the NFS image storage mount point + # GlanceNfsOptions: 'intr,context=system_u:object_r:glance_var_lib_t:s0' #### CEPH SETTINGS #### diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 0a0996d3..fb66b38a 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -5,6 +5,9 @@ parameter_defaults: AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} @@ -37,6 +40,9 @@ parameter_defaults: ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} @@ -47,9 +53,18 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 5a2b8839..6586a547 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -5,6 +5,9 @@ parameter_defaults: AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} @@ -37,6 +40,9 @@ parameter_defaults: ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} @@ -47,9 +53,18 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml new file mode 100644 index 00000000..ebb491f0 --- /dev/null +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -0,0 +1,70 @@ +# Use this environment when deploying an overcloud where all the endpoints are +# DNS names and there's TLS in all endpoint types. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml index daf07bc7..b700312f 100644 --- a/environments/use-dns-for-vips.yaml +++ b/environments/use-dns-for-vips.yaml @@ -1,5 +1,5 @@ # A Heat environment file which can be used to disable the writing of the VIPs # to the /etc/hosts file in the overcloud. Use this in case you have a working # DNS server that you will provide for the overcloud. -resource_registry: - OS::TripleO::Services::VipHosts: OS::Heat::None +parameter_defaults: + AddVipsToEtcHosts: False diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 1c9acd2b..71ab0767 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -116,6 +116,7 @@ case "${REG_METHOD:-}" in if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then subscription-manager attach $attach_opts fi + subscription-manager repos --disable '*' subscription-manager $repos ;; satellite) diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh index 07666245..64c4457e 100644 --- a/extraconfig/tasks/major_upgrade_block_storage.sh +++ b/extraconfig/tasks/major_upgrade_block_storage.sh @@ -4,5 +4,8 @@ # set -eu +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +special_case_ovs_upgrade_if_needed + yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml new file mode 100644 index 00000000..c87e6824 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2014-10-16 + +description: > + Software-config for ceilometer configuration under httpd during upgrades + +parameters: + servers: + type: json + input_values: + type: json + description: input values for the software deployments +resources: + CeilometerWsgiMitakaNewtonPreUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + config: + get_file: mitaka_to_newton_ceilometer_wsgi_upgrade.pp + + CeilometerWsgiMitakaNewtonUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\nset -e\n\n" + - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - "disable_standalone_ceilometer_api\n\n" + + CeilometerWsgiMitakaNewtonPostUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -e + /usr/bin/systemctl reload httpd + + CeilometerWsgiMitakaNewtonPreUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: CeilometerWsgiMitakaNewtonPreUpgradeDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonPreUpgradeConfig} + + CeilometerWsgiMitakaNewtonUpgradeConfigDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CeilometerWsgiMitakaNewtonPreUpgradeDeployment + properties: + name: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonUpgradeConfig} + + CeilometerWsgiMitakaNewtonPostUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment + properties: + name: CeilometerWsgiMitakaNewtonPostUpgradeDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonPostUpgradeConfig} diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh index b633e658..e0d160f1 100755 --- a/extraconfig/tasks/major_upgrade_ceph_mon.sh +++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh @@ -5,7 +5,7 @@ set -o pipefail echo INFO: starting $(basename "$0") # Exit if not running -if ! pidof ceph-mon; then +if ! pidof ceph-mon &> /dev/null; then echo INFO: ceph-mon is not running, skipping exit 0 fi @@ -54,7 +54,7 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # RPM could own some of these but we can't take risks on the pre-existing files for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do - chown -R ceph:ceph $d || echo WARNING: chown of $d failed + chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed done # Replay udev events with newer rules @@ -71,6 +71,10 @@ elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then sleep 10; done" + # if tunables become legacy, cluster status will be HEALTH_WARN causing + # upgrade to fail on following node + ceph osd crush tunables default + echo INFO: Ceph was upgraded to Jewel else echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index dc80a724..a745e723 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -8,7 +8,9 @@ set -o pipefail UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh -cat > $UPGRADE_SCRIPT << 'ENDOFCAT' +declare -f special_case_ovs_upgrade_if_needed > $UPGRADE_SCRIPT +# use >> here so we don't lose the declaration we added above +cat >> $UPGRADE_SCRIPT << 'ENDOFCAT' #!/bin/bash ### DO NOT MODIFY THIS FILE ### This file is automatically delivered to the ceph-storage nodes as part of the @@ -18,7 +20,7 @@ set -eu echo INFO: starting $(basename "$0") # Exit if not running -if ! pidof ceph-osd; then +if ! pidof ceph-osd &> /dev/null; then echo INFO: ceph-osd is not running, skipping exit 0 fi @@ -49,6 +51,8 @@ timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do sleep 2; done" +special_case_ovs_upgrade_if_needed + # Update (Ceph to Jewel) yum -y install python-zaqarclient # needed for os-collect-config yum -y update @@ -63,12 +67,22 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # RPM could own some of these but we can't take risks on the pre-existing files for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do - chown -R ceph:ceph $d || echo WARNING: chown of $d failed + chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed done # Replay udev events with newer rules udevadm trigger && udevadm settle + # If on ext4, we need to enforce lower values for name and namespace len + # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187 + for OSD_ID in $OSD_IDS; do + OSD_FS=$(df -l --output=fstype /var/lib/ceph/osd/ceph-${OSD_ID} | tail -n +2) + if [ ${OSD_FS} = ext4 ]; then + crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256 + crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64 + fi + done + # Enable systemd unit systemctl enable ceph-osd.target for OSD_ID in $OSD_IDS; do diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh index dc7ec71a..8bdff5e7 100755 --- a/extraconfig/tasks/major_upgrade_check.sh +++ b/extraconfig/tasks/major_upgrade_check.sh @@ -18,14 +18,8 @@ check_pcsd() fi } -check_disk_for_mysql_dump() +mysql_need_update() { - # Where to backup current database if mysql need to be upgraded - MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp - MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup - # Spare disk ratio for extra safety - MYSQL_BACKUP_SIZE_RATIO=1.2 - # Shall we upgrade mysql data directory during the stack upgrade? if [ "$mariadb_do_major_upgrade" = "auto" ]; then ret=$(is_mysql_upgrade_needed) @@ -40,6 +34,17 @@ check_disk_for_mysql_dump() else DO_MYSQL_UPGRADE=1 fi +} + +check_disk_for_mysql_dump() +{ + # Where to backup current database if mysql need to be upgraded + MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp + MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup + # Spare disk ratio for extra safety + MYSQL_BACKUP_SIZE_RATIO=1.2 + + mysql_need_update if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then if [ $DO_MYSQL_UPGRADE -eq 1 ]; then @@ -88,8 +93,8 @@ check_python_rpm() check_clean_cluster() { - if crm_mon -1 | grep -A3 Failed; then - echo_error "ERROR: upgrade cannot start with failed resources on the cluster. Clean them up before starting: pcs resource cleanup." + if pcs status | grep -q Stopped:; then + echo_error "ERROR: upgrade cannot start with stopped resources on the cluster. Make sure that all the resources are up and running." exit 1 fi } diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index a1df695f..7a3e1073 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -18,9 +18,16 @@ set -eu crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed + yum -y install python-zaqarclient # needed for os-collect-config yum -y update +# Due to bug#1640177 we need to restart compute agent +echo "Restarting openstack ceilometer agent compute" +systemctl restart openstack-ceilometer-compute + ENDOFCAT # ensure the permissions are OK diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index cdf3fa70..080831ab 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -2,11 +2,11 @@ set -eu -cluster_sync_timeout=1800 - check_cluster check_pcsd -check_clean_cluster +if [[ -n $(is_bootstrap_node) ]]; then + check_clean_cluster +fi check_python_rpm check_galera_root_password check_disk_for_mysql_dump @@ -15,170 +15,22 @@ check_disk_for_mysql_dump # nodes where a service fails to stop, which could be fatal during an upgrade # procedure. So we remember the stonith state. If it was enabled we reenable it # at the end of this script -STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') -pcs property set stonith-enabled=false - -# Migrate to HA NG if [[ -n $(is_bootstrap_node) ]]; then - migrate_full_to_ng_ha -fi - -# After migrating the cluster to HA-NG the services not under pacemaker's control -# are still up and running. We need to stop them explicitely otherwise during the yum -# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which -# is going to take a long time because rabbit is down. By having the service stopped -# systemctl try-restart is a noop - -for service in $(services_to_migrate); do - manage_systemd_service stop "${service%%-clone}" - # So the reason for not reusing check_resource_systemd is that - # I have observed systemctl is-active returning unknown with at least - # one service that was stopped (See LP 1627254) - timeout=600 - tstart=$(date +%s) - tend=$(( $tstart + $timeout )) - check_interval=3 - while (( $(date +%s) < $tend )); do - if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then - echo "$service still active, sleeping $check_interval seconds." - sleep $check_interval - else - # we do not care if it is inactive, unknown or failed as long as it is - # not running - break - fi - - done -done - -# In case the mysql package is updated, the database on disk must be -# upgraded as well. This typically needs to happen during major -# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) -# -# Because in-place upgrades are not supported across 2+ major versions -# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle -# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 -# -# The default is to determine automatically if upgrade is needed based -# on mysql package versionning, but this can be overriden manually -# to support specific upgrade scenario - -if [[ -n $(is_bootstrap_node) ]]; then - if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" - cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" + STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') + # We create this empty file if stonith was set to true so we can reenable stonith in step2 + rm -f /var/tmp/stonith-true + if [ $STONITH_STATE == "true" ]; then + touch /var/tmp/stonith-true fi - - pcs resource disable redis - check_resource redis stopped 600 - pcs resource disable rabbitmq - check_resource rabbitmq stopped 600 - pcs resource disable galera - check_resource galera stopped 600 - pcs resource disable openstack-cinder-volume - check_resource openstack-cinder-volume stopped 600 - # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: - # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do - pcs resource disable $vip - check_resource $vip stopped 60 - done - pcs cluster stop --all + pcs property set stonith-enabled=false fi - -# Swift isn't controlled by pacemaker -systemctl_swift stop - -tstart=$(date +%s) -while systemctl is-active pacemaker; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_sync_timeout )) ; then - echo_error "ERROR: cluster shutdown timed out" - exit 1 - fi -done - -# The reason we do an sql dump *and* we move the old dir out of -# the way is because it gives us an extra level of safety in case -# something goes wrong during the upgrade. Once the restore is -# successful we go ahead and remove it. If the directory exists -# we bail out as it means the upgrade process had issues in the last -# run. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then - echo_error "ERROR: mysql backup dir already exist" - exit 1 - fi - mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR -fi - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y -q update - -# We need to ensure at least those two configuration settings, otherwise -# mariadb 10.1+ won't activate galera replication. -# wsrep_cluster_address must only be set though, its value does not -# matter because it's overriden by the galera resource agent. -cat >> /etc/my.cnf.d/galera.cnf <<EOF -[mysqld] -wsrep_on = ON -wsrep_cluster_address = gcomm://localhost -EOF - -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - # Scripts run via heat have no HOME variable set and this confuses - # mysqladmin - export HOME=/root - - mkdir /var/lib/mysql || /bin/true - chown mysql:mysql /var/lib/mysql - chmod 0755 /var/lib/mysql - restorecon -R /var/lib/mysql/ - mysql_install_db --datadir=/var/lib/mysql --user=mysql - chown -R mysql:mysql /var/lib/mysql/ - - if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - mysqld_safe --wsrep-new-cluster & - # We have a populated /root/.my.cnf with root/password here so - # we need to temporarily rename it because the newly created - # db is empty and no root password is set - mv /root/.my.cnf /root/.my.cnf.temporary - timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' - mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" - mv /root/.my.cnf.temporary /root/.my.cnf - mysqladmin -u root shutdown - # The import was successful so we may remove the folder - rm -r "$MYSQL_BACKUP_DIR" - fi -fi - -# If we reached here without error we can safely blow away the origin -# mysql dir from every controller - -# TODO: What if the upgrade fails on the bootstrap node, but not on -# this controller. Data may be lost. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR -fi - -# Let's reset the stonith back to true if it was true, before starting the cluster -if [ $STONITH_STATE == "true" ]; then - pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true +# Migrate to HA NG and fix up rabbitmq queues +# We fix up the rabbitmq ha queues after the migration because it will +# restart the rabbitmq resource. Doing it after the migration means no other +# services will be restart as there are no other constraints +if [[ -n $(is_bootstrap_node) ]]; then + migrate_full_to_ng_ha + rabbitmq_newton_ocata_upgrade fi -# Pin messages sent to compute nodes to kilo, these will be upgraded later -crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" -# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 -# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 -crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit -# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 -# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists -crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" -# LP: 1615035, required only for M/N upgrade. -crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager -# LP: 1627450, required only for M/N upgrade -crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler - -crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 4dc2b168..6bfe1239 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -2,84 +2,175 @@ set -eu -cluster_form_timeout=600 -cluster_settle_timeout=1800 -galera_sync_timeout=600 +cluster_sync_timeout=1800 -if [[ -n $(is_bootstrap_node) ]]; then - pcs cluster start --all +# After migrating the cluster to HA-NG the services not under pacemaker's control +# are still up and running. We need to stop them explicitely otherwise during the yum +# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which +# is going to take a long time because rabbit is down. By having the service stopped +# systemctl try-restart is a noop +for service in $(services_to_migrate); do + manage_systemd_service stop "${service%%-clone}" + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 tstart=$(date +%s) - while pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_form_timeout )) ; then - echo_error "ERROR: timed out forming the cluster" - exit 1 - fi + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + done +done - if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then - echo_error "ERROR: timed out waiting for cluster to finish transition" - exit 1 +# In case the mysql package is updated, the database on disk must be +# upgraded as well. This typically needs to happen during major +# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) +# +# Because in-place upgrades are not supported across 2+ major versions +# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle +# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 +# +# The default is to determine automatically if upgrade is needed based +# on mysql package versionning, but this can be overriden manually +# to support specific upgrade scenario + +# Calling this function will set the DO_MYSQL_UPGRADE variable which is used +# later +mysql_need_update + +if [[ -n $(is_bootstrap_node) ]]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" + cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" fi - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do - pcs resource enable $vip - check_resource_pacemaker $vip started 60 + pcs resource disable redis + check_resource redis stopped 600 + pcs resource disable rabbitmq + check_resource rabbitmq stopped 600 + pcs resource disable galera + check_resource galera stopped 600 + pcs resource disable openstack-cinder-volume + check_resource openstack-cinder-volume stopped 600 + # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: + # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do + pcs resource disable $vip + check_resource $vip stopped 60 done + pcs cluster stop --all fi -start_or_enable_service galera -check_resource galera started 600 -# We need mongod which is now a systemd service up and running before calling -# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes -# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely -# we should be good. -# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm -systemctl start mongod -check_resource mongod started 600 -if [[ -n $(is_bootstrap_node) ]]; then - tstart=$(date +%s) - while ! clustercheck; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > galera_sync_timeout )) ; then - echo_error "ERROR galera sync timed out" - exit 1 - fi - done +# Swift isn't controlled by pacemaker +systemctl_swift stop + +tstart=$(date +%s) +while systemctl is-active pacemaker; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > cluster_sync_timeout )) ; then + echo_error "ERROR: cluster shutdown timed out" + exit 1 + fi +done - # Run all the db syncs - # TODO: check if this can be triggered in puppet and removed from here - ceilometer-dbsync --config-file=/etc/ceilometer/ceilometer.conf - cinder-manage db sync - glance-manage --config-file=/etc/glance/glance-registry.conf db_sync - heat-manage --config-file /etc/heat/heat.conf db_sync - keystone-manage db_sync - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head - nova-manage db sync - nova-manage api_db sync - #TODO(marios):someone from sahara needs to check this: - # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head +# The reason we do an sql dump *and* we move the old dir out of +# the way is because it gives us an extra level of safety in case +# something goes wrong during the upgrade. Once the restore is +# successful we go ahead and remove it. If the directory exists +# we bail out as it means the upgrade process had issues in the last +# run. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then + echo_error "ERROR: mysql backup dir already exist" + exit 1 + fi + mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR fi -start_or_enable_service rabbitmq -check_resource rabbitmq started 600 -start_or_enable_service redis -check_resource redis started 600 -start_or_enable_service openstack-cinder-volume -check_resource openstack-cinder-volume started 600 +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +special_case_ovs_upgrade_if_needed +yum -y install python-zaqarclient # needed for os-collect-config +yum -y -q update -# Swift isn't controled by pacemaker -systemctl_swift start +# We need to ensure at least those two configuration settings, otherwise +# mariadb 10.1+ won't activate galera replication. +# wsrep_cluster_address must only be set though, its value does not +# matter because it's overriden by the galera resource agent. +cat >> /etc/my.cnf.d/galera.cnf <<EOF +[mysqld] +wsrep_on = ON +wsrep_cluster_address = gcomm://localhost +EOF + +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + # Scripts run via heat have no HOME variable set and this confuses + # mysqladmin + export HOME=/root + + mkdir /var/lib/mysql || /bin/true + chown mysql:mysql /var/lib/mysql + chmod 0755 /var/lib/mysql + restorecon -R /var/lib/mysql/ + mysql_install_db --datadir=/var/lib/mysql --user=mysql + chown -R mysql:mysql /var/lib/mysql/ + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + mysqld_safe --wsrep-new-cluster & + # We have a populated /root/.my.cnf with root/password here so + # we need to temporarily rename it because the newly created + # db is empty and no root password is set + mv /root/.my.cnf /root/.my.cnf.temporary + timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' + mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" + mv /root/.my.cnf.temporary /root/.my.cnf + mysqladmin -u root shutdown + # The import was successful so we may remove the folder + rm -r "$MYSQL_BACKUP_DIR" + fi +fi + +# If we reached here without error we can safely blow away the origin +# mysql dir from every controller + +# TODO: What if the upgrade fails on the bootstrap node, but not on +# this controller. Data may be lost. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + +# Let's reset the stonith back to true if it was true, before starting the cluster +if [[ -n $(is_bootstrap_node) ]]; then + if [ -f /var/tmp/stonith-true ]; then + pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true + fi + rm -f /var/tmp/stonith-true +fi + +# Pin messages sent to compute nodes to kilo, these will be upgraded later +crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" +# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 +# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 +crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit +# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 +# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists +crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" +# LP: 1615035, required only for M/N upgrade. +crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager +# LP: 1627450, required only for M/N upgrade +crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler + +crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm -# We need to start the systemd services we explicitely stopped at step _1.sh -# FIXME: Should we let puppet during the convergence step do the service enabling or -# should we add it here? -for service in $(services_to_migrate); do - manage_systemd_service start "${service%%-clone}" - check_resource_systemd "${service%%-clone}" started 600 -done diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh new file mode 100755 index 00000000..6748f891 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +set -eu + +cluster_form_timeout=600 +cluster_settle_timeout=1800 +galera_sync_timeout=600 + +if [[ -n $(is_bootstrap_node) ]]; then + pcs cluster start --all + + tstart=$(date +%s) + while pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > cluster_form_timeout )) ; then + echo_error "ERROR: timed out forming the cluster" + exit 1 + fi + done + + if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then + echo_error "ERROR: timed out waiting for cluster to finish transition" + exit 1 + fi + + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do + pcs resource enable $vip + check_resource_pacemaker $vip started 60 + done +fi + +start_or_enable_service galera +check_resource galera started 600 +start_or_enable_service redis +check_resource redis started 600 +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 + +if [[ -n $(is_bootstrap_node) ]]; then + tstart=$(date +%s) + while ! clustercheck; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > galera_sync_timeout )) ; then + echo_error "ERROR galera sync timed out" + exit 1 + fi + done + + # Run all the db syncs + # TODO: check if this can be triggered in puppet and removed from here + ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types + cinder-manage db sync + glance-manage --config-file=/etc/glance/glance-registry.conf db_sync + heat-manage --config-file /etc/heat/heat.conf db_sync + keystone-manage db_sync + neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + nova-manage db sync + nova-manage api_db sync + nova-manage db online_data_migrations + sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head +fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh new file mode 100755 index 00000000..d2cb9553 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -eu + +start_or_enable_service rabbitmq +check_resource rabbitmq started 600 +start_or_enable_service redis +check_resource redis started 600 +start_or_enable_service openstack-cinder-volume +check_resource openstack-cinder-volume started 600 + +# start httpd so keystone is available for gnocchi +# upgrade to run. +systemctl start httpd + +# Swift isn't controled by pacemaker +systemctl_swift start diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh new file mode 100755 index 00000000..fa95f1f8 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -eu + +if [[ -n $(is_bootstrap_node) ]]; then + # run gnocchi upgrade + gnocchi-upgrade +fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh new file mode 100755 index 00000000..d569084d --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eu + +# We need to start the systemd services we explicitely stopped at step _1.sh +# FIXME: Should we let puppet during the convergence step do the service enabling or +# should we add it here? +services=$(services_to_migrate) +if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then + services=${services%%openstack-sahara*} +fi +for service in $services; do + manage_systemd_service start "${service%%-clone}" + check_resource_systemd "${service%%-clone}" started 600 +done diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index f82457ce..d9d1b4d5 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -23,6 +23,8 @@ function systemctl_swift { done } +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed systemctl_swift stop diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index a2a1bb5d..a175a423 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -22,6 +22,11 @@ parameters: type: boolean default: false description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean + KeepSaharaServicesOnUpgrade: + type: boolean + default: true + description: Whether to keep Sahara services when upgrading controller nodes from mitaka to newton + resources: # TODO(jistr): for Mitaka->Newton upgrades and further we can use @@ -92,7 +97,11 @@ resources: depends_on: ControllerPacemakerUpgradeDeployment_Step1 properties: group: script - config: {get_file: major_upgrade_block_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_block_storage.sh BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup @@ -108,7 +117,20 @@ resources: config: list_join: - '' - - - get_file: pacemaker_common_functions.sh + - - str_replace: + template: | + #!/bin/bash + upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' + params: + UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - str_replace: + template: | + #!/bin/bash + mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' + params: + MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} + - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_check.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_2.sh @@ -120,3 +142,84 @@ resources: config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} input_values: {get_param: input_values} + ControllerPacemakerUpgradeConfig_Step3: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_3.sh + + ControllerPacemakerUpgradeDeployment_Step3: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step2 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step3} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step4: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_4.sh + + ControllerPacemakerUpgradeDeployment_Step4: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step3 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step4} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step5: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_5.sh + + ControllerPacemakerUpgradeDeployment_Step5: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step4 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step5} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step6: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + keep_sahara_services_on_upgrade='KEEP_SAHARA_SERVICES_ON_UPGRADE' + params: + KEEP_SAHARA_SERVICES_ON_UPGRADE: {get_param: KeepSaharaServicesOnUpgrade} + - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_6.sh + + ControllerPacemakerUpgradeDeployment_Step6: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step5 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step6} + input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml index f6aa3066..8e9cbdb4 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml @@ -54,19 +54,28 @@ resources: upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' params: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_compute.sh ObjectStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_object_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_object_storage.sh CephStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_ceph_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_ceph_storage.sh {% for role in roles %} UpgradeInit{{role.name}}Deployment: diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index d974bb79..6d02acc8 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -77,7 +77,6 @@ function services_to_migrate { openstack-aodh-evaluator-clone openstack-aodh-listener-clone openstack-aodh-notifier-clone - openstack-ceilometer-api-clone openstack-ceilometer-central-clone openstack-ceilometer-collector-clone openstack-ceilometer-notification-clone @@ -109,7 +108,7 @@ function services_to_migrate { # during the conversion # 2. Remove all the colocation constraints and then the ordering constraints, except the # ones related to haproxy/VIPs which exist in Newton as well -# 3. Take the cluster out of maintenance-mode and do a resource cleanup +# 3. Take the cluster out of maintenance-mode # 4. Remove all the resources that won't be managed by pacemaker in newton. The # outcome will be # that they are stopped and removed from pacemakers control @@ -117,13 +116,9 @@ function services_to_migrate { function migrate_full_to_ng_ha { if [[ -n $(pcmk_running) ]]; then pcs property set maintenance-mode=true - # We are making sure here that the property has propagated everywhere - if ! timeout -k 10 300 crm_resource --wait; then - echo_error "ERROR: cluster remained unstable after setting maintenance-mode for more than 300 seconds, exiting." - exit 1 - fi - # First we go through all the colocation constraints (except the ones we want to keep, i.e. the haproxy/ip ones) - # and we remove those + + # First we go through all the colocation constraints (except the ones + # we want to keep, i.e. the haproxy/ip ones) and we remove those COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) for constraint in $COL_CONSTRAINTS; do log_debug "Deleting colocation constraint $constraint from CIB" @@ -158,7 +153,7 @@ function migrate_full_to_ng_ha { fi pcs resource delete --force "$resource" else - log_debug "Service $service not found as a pacemaker resource, not trying to delete." + log_debug "Service $resource not found as a pacemaker resource, not trying to delete." fi done @@ -173,3 +168,34 @@ function migrate_full_to_ng_ha { fi fi } + +function disable_standalone_ceilometer_api { + if [[ -n $(is_bootstrap_node) ]]; then + if [[ -n $(is_pacemaker_managed openstack-ceilometer-api) ]]; then + # Disable pacemaker resources for ceilometer-api + manage_pacemaker_service disable openstack-ceilometer-api + check_resource_pacemaker openstack-ceilometer-api stopped 600 + pcs resource delete openstack-ceilometer-api --wait=600 + fi + fi +} + + +# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton +# In newton we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" +# In ocata we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" +# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) +# Note that changing an attribute like this makes the rabbitmq resource restart +function rabbitmq_newton_ocata_upgrade { + if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then + # Number of controller is obtained by counting how many hostnames we + # have in controller_node_names hiera key + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + fi +} diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp new file mode 100644 index 00000000..a8d43663 --- /dev/null +++ b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp @@ -0,0 +1,103 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This puppet manifest is to be used only during a Mitaka->Newton upgrade +# It configures ceilometer to be run under httpd but it makes sure to not +# restart any services. This snippet needs to be called before init as a +# pre upgrade migration. + +Service <| + tag == 'ceilometer-service' +|> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', +} + +if $::hostname == downcase(hiera('bootstrap_nodeid')) { + $pacemaker_master = true + $sync_db = true +} else { + $pacemaker_master = false + $sync_db = false +} + +include ::tripleo::packages + + +if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') +} else { + $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') +} +$mongodb_replset = hiera('mongodb::server::replset') +$mongo_node_string = join($mongo_node_ips_with_port, ',') +$database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" + +$rabbit_hosts = hiera('rabbitmq_node_ips', undef) +$rabbit_port = hiera('ceilometer::rabbit_port', 5672) +$rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + +class { '::ceilometer' : + rabbit_hosts => $rabbit_endpoints, +} + +class {'::ceilometer::db': + database_connection => $database_connection, +} + +if $sync_db { + include ::ceilometer::db::sync +} + +include ::ceilometer::config + +class { '::ceilometer::api': + enabled => true, + service_name => 'httpd', + keystone_password => hiera('ceilometer::keystone::auth::password'), + identity_uri => hiera('ceilometer::keystone::authtoken::auth_url'), + auth_uri => hiera('ceilometer::keystone::authtoken::auth_uri'), + keystone_tenant => hiera('ceilometer::keystone::authtoken::project_name'), +} + +class { '::apache' : + service_enable => false, + service_manage => true, + service_restart => '/bin/true', + purge_configs => false, + purge_vhost_dir => false, +} + +# To ensure existing ports are not overridden +class { '::aodh::wsgi::apache': + servername => $::hostname, + ssl => false, +} +class { '::gnocchi::wsgi::apache': + servername => $::hostname, + ssl => false, +} + +class { '::keystone::wsgi::apache': + servername => $::hostname, + ssl => false, +} +class { '::ceilometer::wsgi::apache': + servername => $::hostname, + ssl => false, +} diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 4f17b69a..aae4a2de 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -284,7 +284,7 @@ function systemctl_swift { services=$(systemctl | grep openstack-swift- | grep running | awk '{print $1}') ;; start) - enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage') + enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::swift::storage::enable_swift_storage) if [[ $enable_swift_storage != "true" ]]; then services=( openstack-swift-proxy ) fi @@ -297,3 +297,27 @@ function systemctl_swift { manage_systemd_service $action $service done } + +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +function special_case_ovs_upgrade_if_needed { + if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + rm -rf OVS_UPGRADE + mkdir OVS_UPGRADE && pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + for pkg in $(ls -1 *.rpm); do + if rpm -U --test $pkg 2>&1 | grep "already installed" ; then + echo "Looks like newer version of $pkg is already installed, skipping" + else + echo "Updating $pkg with nopostun option" + rpm -U --replacepkgs --nopostun $pkg + fi + done + popd + else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" + fi + +} + diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index 3da7efec..49d39bc8 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -4,11 +4,14 @@ set -eux # Run if pacemaker is running, we're the bootstrap node, # and we're updating the deployment (not creating). -if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then + +RESTART_FOLDER="/var/lib/tripleo/pacemaker-restarts" + +if [[ -d "$RESTART_FOLDER" && -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then TIMEOUT=600 - SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)" PCS_STATUS_OUTPUT="$(pcs status)" + SERVICES_TO_RESTART="$(ls $RESTART_FOLDER)" for service in $SERVICES_TO_RESTART; do if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then @@ -20,6 +23,11 @@ if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then for service in $SERVICES_TO_RESTART; do echo "Restarting $service..." pcs resource restart --wait=$TIMEOUT $service - rm -f /var/lib/tripleo/pacemaker-restarts/$service + rm -f "$RESTART_FOLDER"/$service done + +fi + +if [ $(systemctl is-active haproxy) = "active" ]; then + systemctl reload haproxy fi diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index b045e5ea..74af7b02 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -44,6 +44,27 @@ fi pacemaker_status=$(systemctl is-active pacemaker) +# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455 +# and https://bugs.launchpad.net/tripleo/+bug/1634851 +if [[ "$pacemaker_status" == "active" && \ + "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]] ; then + if pcs resource show rabbitmq | grep -E "start.*timeout=100"; then + pcs resource update rabbitmq op start timeout=200s + fi + if pcs resource show rabbitmq | grep -E "stop.*timeout=90"; then + pcs resource update rabbitmq op stop timeout=200s + fi + if pcs resource show redis | grep -E "start.*timeout=120"; then + pcs resource update redis op start timeout=200s + fi + if pcs resource show redis | grep -E "stop.*timeout=120"; then + pcs resource update redis op stop timeout=200s + fi +fi + +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +special_case_ovs_upgrade_if_needed + if [[ "$pacemaker_status" == "active" ]] ; then echo "Pacemaker running, stopping cluster node and doing full package update" node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*") @@ -54,8 +75,9 @@ if [[ "$pacemaker_status" == "active" ]] ; then pcs cluster stop fi else - echo "Upgrading openstack-puppet-modules" + echo "Upgrading openstack-puppet-modules and its dependencies" yum -q -y update openstack-puppet-modules + yum deplist openstack-puppet-modules | awk '/dependency/{print $2}' | xargs yum -q -y update echo "Upgrading other packages is handled by config management tooling" echo -n "true" > $heat_outputs_path.update_managed_packages exit 0 @@ -70,6 +92,17 @@ return_code=$? echo "$result" echo "yum return code: $return_code" +# Writes any changes caused by alterations to os-net-config and bounces the +# interfaces *before* restarting the cluster. +os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes +RETVAL=$? +if [[ $RETVAL == 2 ]]; then + echo "os-net-config: interface configuration files updated successfully" +elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed" + exit $RETVAL +fi + if [[ "$pacemaker_status" == "active" ]] ; then echo "Starting cluster node" pcs cluster start diff --git a/extraconfig/tasks/yum_update.yaml b/extraconfig/tasks/yum_update.yaml index d313ca9f..f2de5acf 100644 --- a/extraconfig/tasks/yum_update.yaml +++ b/extraconfig/tasks/yum_update.yaml @@ -9,7 +9,12 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: yum_update.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: yum_update.sh + inputs: - name: update_identifier description: yum will only run for previously unused values of update_identifier diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml index 833c3bc2..a513120d 100644 --- a/firstboot/os-net-config-mappings.yaml +++ b/firstboot/os-net-config-mappings.yaml @@ -38,7 +38,7 @@ resources: str_replace: template: | #!/bin/sh - eth_addr=$(/sbin/ifconfig eth0 | grep ether | awk '{print $2}') + eth_addr=$(cat /sys/class/net/*/address | tr '\n' ',') mkdir -p /etc/os-net-config # Create an os-net-config mapping file, note this defaults to @@ -51,7 +51,7 @@ resources: input = sys.stdin.readline() or '{}' data = json.loads(input) for node in data: - if '${eth_addr}' in data[node].values(): + if any(x in '$eth_addr'.split(',') for x in data[node].values()): interface_mapping = {'interface_mapping': data[node]} with open('/etc/os-net-config/mapping.yaml', 'w') as f: yaml.safe_dump(interface_mapping, f, default_flow_style=False) diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml index f8891b29..63d5bbf8 100644 --- a/firstboot/userdata_heat_admin.yaml +++ b/firstboot/userdata_heat_admin.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: 2016-10-14 parameters: # Can be overridden via parameter_defaults in the environment @@ -6,6 +6,10 @@ parameters: type: string default: heat-admin + node_admin_extra_ssh_keys: + type: comma_delimited_list + default: [] + description: > Uses cloud-init to create an additional user with a known name, in addition to the distro-default user created by the cloud-init default. @@ -23,6 +27,8 @@ resources: properties: cloud_config: user: {get_param: node_admin_username} + ssh_authorized_keys: {get_param: node_admin_extra_ssh_keys} + outputs: OS::stack_id: diff --git a/hosts-config.yaml b/hosts-config.yaml new file mode 100644 index 00000000..a24b9bb4 --- /dev/null +++ b/hosts-config.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-10-14 +description: 'All Hosts Config' + +parameters: + hosts: + type: string + +resources: + + hostsConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: hosts + default: + list_join: + - ' ' + - str_split: + - '\n' + - {get_param: hosts} + config: {get_file: scripts/hosts-config.sh} + +outputs: + config_id: + description: The ID of the hostsConfigImpl resource. + value: + {get_resource: hostsConfigImpl} + hosts_entries: + description: | + The content that should be appended to your /etc/hosts if you want to get + hostname-based access to the deployed nodes (useful for testing without + setting up a DNS). + value: {get_attr: [hostsConfigImpl, config, hosts]} + OS::stack_id: + description: The ID of the hostsConfigImpl resource. + value: {get_resource: hostsConfigImpl} diff --git a/j2_excludes.yaml b/j2_excludes.yaml new file mode 100644 index 00000000..063e63d4 --- /dev/null +++ b/j2_excludes.yaml @@ -0,0 +1,10 @@ +# This template specifies which j2 rendered templates +# should be excluded in the render process from +# tripleo-common/tripleo_common/actions/templates.py + +name: + - puppet/controller-role.yaml + - puppet/compute-role.yaml + - puppet/blockstorage-role.yaml + - puppet/objectstorage-role.yaml + - puppet/cephstorage-role.yaml diff --git a/net-config-bond.yaml b/net-config-bond.yaml index ec881bdc..db6ff2c7 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -1,20 +1,22 @@ -heat_template_version: 2016-10-14 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. - parameters: BondInterfaceOvsOptions: default: '' - description: | - The ovs_options string for the bond interface. Set things like + description: 'The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + + ' type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ControlPlaneIp: default: '' description: IP address/subnet on the ctlplane network @@ -43,43 +45,35 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: ovs_bond + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 use_dhcp: true - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - # os-net-config translates nic1 => em1 (for example) - - - type: interface - name: nic1 - - - type: interface - name: nic2 - + - type: interface + name: nic1 + - type: interface + name: nic2 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index 4f7a19dc..e7b96695 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -32,35 +30,29 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index 0980803e..d8274f3c 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -35,43 +33,45 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string - default: '192.0.2.1' + default: 192.0.2.1 EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - default: '169.254.169.254/32' - - + default: 169.254.169.254/32 resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ControlPlaneIp} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + addresses: + - ip_netmask: + get_param: ControlPlaneIp + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - routes: - - - ip_netmask: 0.0.0.0/0 - next_hop: {get_param: ControlPlaneDefaultRoute} + routes: + - ip_netmask: 0.0.0.0/0 + next_hop: + get_param: ControlPlaneDefaultRoute default: true - - - ip_netmask: {get_param: EC2MetadataIp} - next_hop: {get_param: ControlPlaneDefaultRoute} - + - ip_netmask: + get_param: EC2MetadataIp + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index 6dbe5982..a1d86728 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,53 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: interface - # would like to do the following, but can't b/c of: - # https://bugs.launchpad.net/heat/+bug/1344284 - # name: - # list_join: - # - '/' - # - - {get_input: bridge_name} - # - ':0' - # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in - # controller.yaml anyway. - name: br-ex:0 - addresses: - - - ip_netmask: + - type: interface + name: br-ex:0 + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index a3d6d8b5..1e1498b3 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,42 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static.yaml b/net-config-static.yaml index 9de16cd8..c67b4e99 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -46,37 +44,39 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: {get_input: interface_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: interface_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 9f537c02..2f92f4b5 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the ceph storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,64 +88,63 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -161,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index b4d71fa3..0e53e202 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the cinder storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index 3fc764be..a9b314a4 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,8 +32,8 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string ExternalNetworkVlanID: default: 10 @@ -70,7 +67,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -84,71 +81,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -163,30 +159,25 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - - - type: ovs_user_bridge - name: br-link - members: - - - type: ovs_dpdk_bond + - type: ovs_user_bridge + name: br-link + members: + - type: ovs_dpdk_bond name: dpdkbond0 members: - - - type: ovs_dpdk_port - name: dpdk0 - members: - - - type: interface - name: nic4 - - - type: ovs_dpdk_port - name: dpdk1 - members: - - - type: interface - name: nic5 - + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic4 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic5 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index b2cfb0a2..4cac448b 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 4c3e59fa..46090974 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,79 +88,76 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -176,8 +172,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 1361d969..d07a26ff 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -1,11 +1,8 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role with IPv6 on the External - network. The IPv6 default route is on the External network, and the - IPv4 default route is on the Control Plane. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6 + on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control + Plane. parameters: ControlPlaneIp: default: '' @@ -36,15 +33,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -77,7 +76,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -91,91 +90,88 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -191,8 +187,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 677c90c5..e2973a72 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -34,15 +31,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,86 +88,85 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -184,8 +182,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index e16d6b6e..5bdba802 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the swift storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index c31c6e65..e9c34213 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the ceph storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,48 +76,48 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -135,8 +132,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index 4f8b7f64..f58f1168 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the cinder storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml new file mode 100644 index 00000000..db9b4919 --- /dev/null +++ b/network/config/multiple-nics/compute-dvr.yaml @@ -0,0 +1,162 @@ +heat_template_version: '2016-10-14' +description: > + Software Config to drive os-net-config to configure multiple interfaces for the + compute role with external bridge for DVR. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: 10.0.0.1 + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface + name: nic5 + use_dhcp: false + primary: true + # External bridge for DVR (no IP address required) + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + members: + - type: interface + name: nic6 + primary: true + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: interface + # name: nic7 + # use_dhcp: false + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 77514745..9b0c8c02 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the compute role. - + Software Config to drive os-net-config to configure multiple interfaces for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,62 +76,58 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -150,8 +143,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index da1f95f1..a0ed9f78 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role with IPv6 on the External network. The IPv6 - default route is on the External network, and the IPv4 default route - is on the Control Plane. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External + network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,89 +77,81 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -180,8 +168,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 7a1f9e5f..e38c545c 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,84 +76,77 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -173,8 +163,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 05083105..1ad503a7 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the swift storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index fc8e8b6f..0a6faa79 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,54 +76,55 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -141,8 +139,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 6fb247ed..5abaea66 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index e31720d8..aa63dd3a 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,68 +76,69 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index 80125149..28cf6ced 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -63,7 +59,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,81 +77,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -163,7 +157,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -171,8 +165,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index aef5d4e3..566f1feb 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,81 +76,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -161,7 +156,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -169,8 +164,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index a5d2f966..fe948ad1 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 6fa288af..6e0a97da 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -53,7 +50,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -67,52 +64,53 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -126,8 +124,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index d1135776..f58665f7 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index bd3cef34..40264284 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index 8e8b0f5d..b9aec1ea 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. No external IP is configured. - + Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,64 +76,65 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -150,8 +148,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index ecbf2efb..4f065d1e 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,76 +77,74 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 - # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -165,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index c5979a89..4a615d91 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,71 +76,72 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -158,8 +156,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index 7b06580c..88f69b4d 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index fb01925b..0178c4dd 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -10,6 +10,15 @@ Aodh: net_param: AodhApi port: 8042 +Barbican: + Internal: + net_param: BarbicanApi + Public: + net_param: Public + Admin: + net_param: BarbicanApi + port: 9311 + Ceilometer: Internal: net_param: CeilometerApi @@ -28,6 +37,15 @@ Gnocchi: net_param: GnocchiApi port: 8041 +Panko: + Internal: + net_param: PankoApi + Public: + net_param: Public + Admin: + net_param: PankoApi + port: 8779 + Cinder: Internal: net_param: CinderApi @@ -148,6 +166,21 @@ Manila: V1: /v1/%(tenant_id)s port: 8786 +Mistral: + Internal: + net_param: MistralApi + uri_suffixes: + '': /v2 + Public: + net_param: Public + uri_suffixes: + '': /v2 + Admin: + net_param: MistralApi + uri_suffixes: + '': /v2 + port: 8989 + Neutron: Internal: net_param: NeutronApi @@ -243,3 +276,21 @@ Ironic: uri_suffixes: '': /v1 port: 6385 + +Zaqar: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 8888 + +ZaqarWebSocket: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 9000 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 734b6431..95791677 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -22,6 +22,9 @@ parameters: AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} + BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} @@ -54,6 +57,9 @@ parameters: ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} + MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} @@ -64,12 +70,21 @@ parameters: NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: @@ -323,6 +338,249 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhPublic, port] + BarbicanAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, BarbicanAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, BarbicanAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, BarbicanApiNetwork] + port: + get_param: [EndpointMap, BarbicanAdmin, port] + protocol: + get_param: [EndpointMap, BarbicanAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanAdmin, port] + BarbicanInternal: + host: + str_replace: + template: + get_param: [EndpointMap, BarbicanInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, BarbicanInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, BarbicanApiNetwork] + port: + get_param: [EndpointMap, BarbicanInternal, port] + protocol: + get_param: [EndpointMap, BarbicanInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, BarbicanApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, BarbicanApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanInternal, port] + BarbicanPublic: + host: + str_replace: + template: + get_param: [EndpointMap, BarbicanPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, BarbicanPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, BarbicanPublic, port] + protocol: + get_param: [EndpointMap, BarbicanPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, BarbicanPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, BarbicanPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, BarbicanPublic, port] CeilometerAdmin: host: str_replace: @@ -4003,6 +4261,252 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, ManilaPublic, port] + MistralAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, MistralAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, MistralAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, MistralApiNetwork] + port: + get_param: [EndpointMap, MistralAdmin, port] + protocol: + get_param: [EndpointMap, MistralAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, MistralAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralAdmin, port] + - /v2 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, MistralAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralAdmin, port] + MistralInternal: + host: + str_replace: + template: + get_param: [EndpointMap, MistralInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, MistralInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, MistralApiNetwork] + port: + get_param: [EndpointMap, MistralInternal, port] + protocol: + get_param: [EndpointMap, MistralInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, MistralInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralInternal, port] + - /v2 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, MistralInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MistralApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MistralApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralInternal, port] + MistralPublic: + host: + str_replace: + template: + get_param: [EndpointMap, MistralPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, MistralPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, MistralPublic, port] + protocol: + get_param: [EndpointMap, MistralPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, MistralPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralPublic, port] + - /v2 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, MistralPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MistralPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, MistralPublic, port] MysqlInternal: host: str_replace: @@ -4816,6 +5320,249 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyPublic, port] + PankoAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoAdmin, port] + protocol: + get_param: [EndpointMap, PankoAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + PankoInternal: + host: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoInternal, port] + protocol: + get_param: [EndpointMap, PankoInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + PankoPublic: + host: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, PankoPublic, port] + protocol: + get_param: [EndpointMap, PankoPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] SaharaAdmin: host: str_replace: @@ -5550,3 +6297,489 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + ZaqarAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + ZaqarInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarInternal, port] + protocol: + get_param: [EndpointMap, ZaqarInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + ZaqarPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarPublic, port] + protocol: + get_param: [EndpointMap, ZaqarPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + ZaqarWebSocketAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + ZaqarWebSocketInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketInternal, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + ZaqarWebSocketPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketPublic, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] diff --git a/network/external.yaml b/network/external.yaml index 3b24da7e..4dfbc77e 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -37,6 +37,10 @@ parameters: default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] description: Ip allocation pool range for the external network. type: json + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string resources: ExternalNetwork: @@ -55,6 +59,7 @@ resources: name: {get_param: ExternalSubnetName} network: {get_resource: ExternalNetwork} allocation_pools: {get_param: ExternalAllocationPools} + gateway_ip: {get_param: ExternalInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/external_v6.yaml b/network/external_v6.yaml index 3e120f24..e0736ab7 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -42,6 +42,10 @@ parameters: default: dhcpv6-stateful description: Neutron subnet IPv6 router advertisement mode type: string + ExternalInterfaceDefaultRoute: + default: '2001:db8:fd00:1000::1' + description: default route for the external network + type: string resources: ExternalNetwork: @@ -62,6 +66,7 @@ resources: name: {get_param: ExternalSubnetName} network: {get_resource: ExternalNetwork} allocation_pools: {get_param: ExternalAllocationPools} + gateway_ip: {get_param: ExternalInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 6f8aa3a8..090e38f7 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -55,6 +55,7 @@ resources: name: {get_param: InternalApiSubnetName} network: {get_resource: InternalApiNetwork} allocation_pools: {get_param: InternalApiAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 68c14fbe..19d64b0a 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -62,6 +62,7 @@ resources: name: {get_param: InternalApiSubnetName} network: {get_resource: InternalApiNetwork} allocation_pools: {get_param: InternalApiAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/management.yaml b/network/management.yaml index 6878bac4..6798e11e 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -13,7 +13,7 @@ parameters: ManagementNetValueSpecs: default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} description: Value specs for the management network. - type: json + type: json ManagementNetAdminStateUp: default: false description: The admin state of the network. @@ -38,6 +38,10 @@ parameters: default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] description: Ip allocation pool range for the management network. type: json + ManagementInterfaceDefaultRoute: + default: null + description: The default route of the management network. + type: string resources: ManagementNetwork: @@ -56,6 +60,7 @@ resources: name: {get_param: ManagementSubnetName} network: {get_resource: ManagementNetwork} allocation_pools: {get_param: ManagementAllocationPools} + gateway_ip: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 07e2de4c..263eccd8 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -31,6 +31,32 @@ parameters: ServiceHostnameList: default: [] type: comma_delimited_list + NetworkHostnameMap: + default: [] + type: json + +resources: + # This adds the extra "services" on for keystone + # so that keystone_admin_api_network and + # keystone_public_api_network point to the correct + # network on the nodes running the "keystone" service + EnabledServicesValue: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: let(root => $) -> $.data.extra_services.items().where($[0] in $root.data.enabled_services).select($[1]).flatten() + $root.data.enabled_services + data: + enabled_services: {get_param: EnabledServices} + extra_services: + # If anything other than keystone needs this + # then we should add an extra_networks interface + # to the service templates role_data but for + # now we hard-code the keystone special case + keystone: + - keystone_admin_api + - keystone_public_api outputs: net_ip_map: @@ -64,7 +90,7 @@ outputs: template: SERVICE_node_ips: SERVICE_network for_each: - SERVICE: {get_param: EnabledServices} + SERVICE: {get_attr: [EnabledServicesValue, value]} - values: {get_param: ServiceNetMap} - values: ctlplane: {get_param: ControlPlaneIpList} @@ -78,6 +104,45 @@ outputs: description: > Map of enabled services to a list of hostnames where they're running value: + map_replace: + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_node_names: SERVICE_network + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} + - values: {get_param: ServiceNetMap} + - values: {get_param: NetworkHostnameMap} + short_service_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_short_node_names: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} + short_service_bootstrap_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + Used for bootstrap purposes + value: yaql: # If ServiceHostnameList is empty the role is deployed with zero nodes # therefore we don't want to add any *_node_names to the map @@ -87,6 +152,6 @@ outputs: map_merge: repeat: template: - SERVICE_node_names: {get_param: ServiceHostnameList} + SERVICE_short_bootstrap_node_name: {get_param: ServiceHostnameList} for_each: - SERVICE: {get_param: EnabledServices} + SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh new file mode 100755 index 00000000..5df67b78 --- /dev/null +++ b/network/scripts/run-os-net-config.sh @@ -0,0 +1,136 @@ +#!/bin/bash +# The following environment variables may be set to substitute in a +# custom bridge or interface name. Normally these are provided by the calling +# SoftwareConfig resource, but they may also be set manually for testing. +# $bridge_name : The bridge device name to apply +# $interface_name : The interface name to apply +# +# Also this token is replaced via a str_replace in the SoftwareConfig running +# the script - in future we may extend this to also work with a variable, e.g +# a deployment input via input_values +# $network_config : the json serialized os-net-config config to apply +# +set -ux + +function get_metadata_ip() { + + local METADATA_IP + + # Look for a variety of Heat transports + # FIXME: Heat should provide a way to obtain this in a single place + for URL in os-collect-config.cfn.metadata_url os-collect-config.heat.auth_url os-collect-config.request.metadata_url os-collect-config.zaqar.auth_url; do + METADATA_IP=$(os-apply-config --key $URL --key-default '' --type raw 2>/dev/null | sed -e 's|http.*://\([^:]*\).*|\1|') + [ -n "$METADATA_IP" ] && break + done + + echo $METADATA_IP + +} + +function is_local_ip() { + local IP_TO_CHECK=$1 + if ip -o a | grep "inet6\? $IP_TO_CHECK/" &>/dev/null; then + return 0 + else + return 1 + fi +} + +function ping_metadata_ip() { + local METADATA_IP=$(get_metadata_ip) + + if [ -n "$METADATA_IP" ] && ! is_local_ip $METADATA_IP; then + + echo -n "Trying to ping metadata IP ${METADATA_IP}..." + + local COUNT=0 + until ping -c 1 $METADATA_IP &> /dev/null; do + COUNT=$(( $COUNT + 1 )) + if [ $COUNT -eq 10 ]; then + echo "FAILURE" + echo "$METADATA_IP is not pingable." >&2 + exit 1 + fi + done + echo "SUCCESS" + + else + echo "No metadata IP found. Skipping." + fi +} + +function configure_safe_defaults() { + +[[ $? == 0 ]] && return 0 + +cat > /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT +# This file is an autogenerated safe defaults file for os-net-config +# which runs DHCP on all discovered interfaces to ensure connectivity +# back to the undercloud for updates +network_config: +EOF_CAT + + for iface in $(ls /sys/class/net | grep -v ^lo$); do + local mac_addr_type="$(cat /sys/class/net/${iface}/addr_assign_type)" + if [ "$mac_addr_type" != "0" ]; then + echo "Device has generated MAC, skipping." + else + ip link set dev $iface up &>/dev/null + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + + TRIES=10 + while [ "$HAS_LINK" == "0" -a $TRIES -gt 0 ]; do + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + if [ "$HAS_LINK" == "1" ]; then + break + else + sleep 1 + fi + TRIES=$(( TRIES - 1 )) + done + if [ "$HAS_LINK" == "1" ] ; then +cat >> /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT + - + type: interface + name: $iface + use_dhcp: true +EOF_CAT + fi + fi + done + os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: configuration of safe defaults failed." + fi +} + +if [ -n '$network_config' ]; then + trap configure_safe_defaults EXIT + + mkdir -p /etc/os-net-config + # Note these variables come from the calling heat SoftwareConfig + echo '$network_config' > /etc/os-net-config/config.json + sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json + sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json + + os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + + #NOTE: dprince this udev rule can apparently leak DHCP processes? + # https://bugs.launchpad.net/tripleo/+bug/1538259 + # until we discover the root cause we can simply disable the + # rule because networking has already been configured at this point + if [ -f /etc/udev/rules.d/99-dhcp-all-interfaces.rules ]; then + rm /etc/udev/rules.d/99-dhcp-all-interfaces.rules + fi + + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed." >&2 + exit 1 + fi +fi diff --git a/network/service_net_map.yaml b/network/service_net_map.j2.yaml index 6e5c2449..5991b3bc 100644 --- a/network/service_net_map.yaml +++ b/network/service_net_map.j2.yaml @@ -8,15 +8,25 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. + Note that the key in this map must match the service_name + in the service template, e.g if the service_name is heat_api + the key must be either heat_api_network, or optionally + HeatApiNetwork (which will be internally converted to + transform captalization to underscores). default: {} type: json + # Note that the key in this map must match the service_name + # see the description above about conversion from CamelCase to + # snake_case - the names must still match when converted ServiceNetMapDefaults: default: ApacheNetwork: internal_api NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api AodhApiNetwork: internal_api + PankoApiNetwork: internal_api + BarbicanApiNetwork: internal_api GnocchiApiNetwork: internal_api MongodbNetwork: internal_api CinderApiNetwork: internal_api @@ -46,13 +56,16 @@ parameters: CephClusterNetwork: storage_mgmt CephMonNetwork: storage CephRgwNetwork: storage - ControllerHostnameResolveNetwork: internal_api - ComputeHostnameResolveNetwork: internal_api - BlockStorageHostnameResolveNetwork: internal_api - ObjectStorageHostnameResolveNetwork: internal_api - CephStorageHostnameResolveNetwork: storage PublicNetwork: external - OpenDaylightApiNetwork: internal_api + OpendaylightApiNetwork: internal_api + MistralApiNetwork: internal_api + ZaqarApiNetwork: internal_api + # We special-case the default ResolveNetwork for the CephStorage role + # for backwards compatibility, all other roles default to internal_api + CephStorageHostnameResolveNetwork: storage +{% for role in roles if role.name != 'CephStorage' %} + {{role.name}}HostnameResolveNetwork: internal_api +{% endfor %} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json diff --git a/network/storage.yaml b/network/storage.yaml index dc9f35ea..35dae17a 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -55,6 +55,7 @@ resources: name: {get_param: StorageSubnetName} network: {get_resource: StorageNetwork} allocation_pools: {get_param: StorageAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index 59933c8c..03cfd139 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -55,6 +55,7 @@ resources: name: {get_param: StorageMgmtSubnetName} network: {get_resource: StorageMgmtNetwork} allocation_pools: {get_param: StorageMgmtAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index f05644ef..39c456db 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -62,6 +62,7 @@ resources: name: {get_param: StorageMgmtSubnetName} network: {get_resource: StorageMgmtNetwork} allocation_pools: {get_param: StorageMgmtAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index 36a6fae8..5c8af9e5 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -62,6 +62,7 @@ resources: name: {get_param: StorageSubnetName} network: {get_resource: StorageNetwork} allocation_pools: {get_param: StorageAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/tenant.yaml b/network/tenant.yaml index 6fe96121..1045b81b 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -55,6 +55,7 @@ resources: name: {get_param: TenantSubnetName} network: {get_resource: TenantNetwork} allocation_pools: {get_param: TenantAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index b653eaf7..bf758a50 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -62,6 +62,7 @@ resources: name: {get_param: TenantSubnetName} network: {get_resource: TenantNetwork} allocation_pools: {get_param: TenantAllocationPools} + gateway_ip: null outputs: OS::stack_id: diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.j2.yaml index f0a6035a..3c1c435d 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -1,39 +1,47 @@ resource_registry: - OS::TripleO::BlockStorage: puppet/cinder-storage.yaml - OS::TripleO::BlockStorage::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::Compute: puppet/compute.yaml - OS::TripleO::Compute::Net::SoftwareConfig: net-config-noop.yaml + OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::Controller: puppet/controller.yaml - OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml - OS::TripleO::ObjectStorage: puppet/swift-storage.yaml - OS::TripleO::ObjectStorage::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::CephStorage: puppet/ceph-storage.yaml - OS::TripleO::CephStorage::Net::SoftwareConfig: net-config-noop.yaml - # set to controller-config-pacemaker.yaml to enable pacemaker - OS::TripleO::ControllerConfig: puppet/controller-config.yaml OS::TripleO::PostDeploySteps: puppet/post.yaml - OS::TripleO::ComputeConfig: puppet/compute-config.yaml - OS::TripleO::BlockStorageConfig: puppet/blockstorage-config.yaml - OS::TripleO::ObjectStorageConfig: puppet/objectstorage-config.yaml - OS::TripleO::CephStorageConfig: puppet/cephstorage-config.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml + OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml OS::TripleO::DefaultPasswords: default_passwords.yaml # Tasks (for internal TripleO usage) OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml - OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None - OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None - OS::TripleO::Tasks::ComputePreConfig: OS::Heat::None - OS::TripleO::Tasks::ComputePostConfig: OS::Heat::None - OS::TripleO::Tasks::BlockStoragePreConfig: OS::Heat::None - OS::TripleO::Tasks::BlockStoragePostConfig: OS::Heat::None - OS::TripleO::Tasks::ObjectStoragePreConfig: OS::Heat::None - OS::TripleO::Tasks::ObjectStoragePostConfig: OS::Heat::None - OS::TripleO::Tasks::CephStoragePreConfig: OS::Heat::None - OS::TripleO::Tasks::CephStoragePostConfig: OS::Heat::None +{% for role in roles %} + OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml + OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml + OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml + OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None + OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None + OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml + # Port assignments for the {{role.name}} role + # Note we have to special-case ObjectStorage for backwards compatibility + {% if role.name != 'ObjectStorage' %} + OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml + {% else %} + OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml + {% endif %} + OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml +{% endfor %} + + # This resource registry entry will override the one generated by default + # in the jinja loop + OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml + + OS::TripleO::ServiceServerMetadataHook: OS::Heat::None OS::TripleO::Server: OS::Nova::Server @@ -43,18 +51,22 @@ resource_registry: # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config + # role::NodeUserData == Role specific cloud-init additional user-data # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml +{% for role in roles %} + OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml +{% endfor %} OS::TripleO::NodeTLSCAData: OS::Heat::None OS::TripleO::NodeTLSData: OS::Heat::None - OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml + OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None + # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when # configuration with knowledge of all nodes in the cluster is required vs single @@ -84,46 +96,7 @@ resource_registry: OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::ManagementPort: network/ports/noop.yaml + OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port # Service to network Mappings OS::TripleO::ServiceNetMap: network/service_net_map.yaml @@ -134,9 +107,14 @@ resource_registry: # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + # Upgrade resources + OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml + OS::TripleO::UpgradeSteps: OS::Heat::None + # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml + OS::TripleO::Services::ApacheTLS: OS::Heat::None OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None @@ -147,6 +125,7 @@ resource_registry: OS::TripleO::Services::CinderBackup: OS::Heat::None OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml + OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Core: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml @@ -157,6 +136,7 @@ resource_registry: OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml + OS::TripleO::Services::MySQLTLS: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml @@ -180,6 +160,8 @@ resource_registry: OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml + OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None + OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None @@ -211,22 +193,23 @@ resource_registry: OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml - OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::FluentdClient: OS::Heat::None OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml - OS::Tripleo::Services::ManilaApi: OS::Heat::None - OS::Tripleo::Services::ManilaScheduler: OS::Heat::None - OS::Tripleo::Services::ManilaShare: OS::Heat::None - OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None - OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None - OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None + OS::TripleO::Services::ManilaApi: OS::Heat::None + OS::TripleO::Services::ManilaScheduler: OS::Heat::None + OS::TripleO::Services::ManilaShare: OS::Heat::None + OS::TripleO::Services::ManilaBackendGeneric: OS::Heat::None + OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None + OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::BarbicanApi: OS::Heat::None OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml + OS::TripleO::Services::PankoApi: OS::Heat::None OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None OS::TripleO::Services::MistralExecutor: OS::Heat::None @@ -235,10 +218,21 @@ resource_registry: OS::TripleO::Services::NovaIronic: OS::Heat::None OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml - OS::TripleO::Services::OpenDaylight: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: OS::Heat::None OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None OS::TripleO::Services::SensuClient: OS::Heat::None + OS::TripleO::Services::ContrailAnalytics: puppet/services/network/contrail-analytics.yaml + OS::TripleO::Services::ContrailConfig: puppet/services/network/contrail-config.yaml + OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml + OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml + OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::Zaqar: OS::Heat::None parameter_defaults: EnablePackageInstall: false SoftwareConfigTransport: POLL_TEMP_URL + +{% for role in roles %} + # Parameters generated for {{role.name}} Role + {{role.name}}Services: {{role.ServicesDefault|default([])}} +{% endfor %} diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index e2ff4c14..316aeb6d 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -121,7 +121,6 @@ parameters: resource_registry) which represent nested stacks for each service that should get installed on the {{role.name}} role. type: comma_delimited_list - default: {{role.ServicesDefault|default([])}} {{role.name}}Count: description: Number of {{role.name}} nodes to deploy @@ -147,6 +146,15 @@ parameters: List of resources to be removed from {{role.name}} ResourceGroup when doing an update which requires removal of specific resources. Example format ComputeRemovalPolicies: [{'resource_list': ['0']}] + +{% if role.name != 'Compute' %} + {{role.name}}SchedulerHints: +{% else %} + NovaComputeSchedulerHints: +{% endif %} + type: json + description: Optional scheduler hints to pass to nova + default: {} {% endfor %} # Identifiers to trigger tasks on nodes @@ -162,9 +170,50 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + AddVipsToEtcHosts: + default: True + type: boolean + description: > + Set to true to append per network Vips to /etc/hosts on each node. + +conditions: + add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} resources: + VipHosts: + type: OS::Heat::Value + properties: + type: string + value: + list_join: + - "\n" + - - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, external]} + HOST: {get_param: CloudName} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, ctlplane]} + HOST: {get_param: CloudNameCtlplane} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, internal_api]} + HOST: {get_param: CloudNameInternal} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage]} + HOST: {get_param: CloudNameStorage} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} + HOST: {get_param: CloudNameStorageManagement} + HeatAuthEncryptionKey: type: OS::Heat::RandomString @@ -205,15 +254,37 @@ resources: EndpointMap: {get_attr: [EndpointMap, endpoint_map]} DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + {{role.name}}HostsDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: {{role.name}}HostsDeployment + config: {get_attr: [hostsConfig, config_id]} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}AllNodesDeployment: type: OS::Heat::StructuredDeployments + depends_on: +{% for role_inner in roles %} + - {{role_inner.name}}HostsDeployment +{% endfor %} properties: name: {{role.name}}AllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} input_values: - bootstrap_nodeid: {get_attr: [{{role.name}}, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [{{role.name}}, resource.0.ip_address]} + # Note we have to use yaql to look up the first hostname/ip in the + # list because heat path based attributes operate on the attribute + # inside the ResourceGroup, not the exposed list ref discussion in + # https://bugs.launchpad.net/heat/+bug/1640488 + # The coalesce is needed because $.data is None during heat validation + bootstrap_nodeid: + yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{role.name}}, hostname]} + bootstrap_nodeid_ip: + yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{role.name}}, ip_address]} {{role.name}}AllNodesValidationDeployment: type: OS::Heat::StructuredDeployments @@ -236,6 +307,15 @@ resources: EnabledServices: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} + NetworkHostnameMap: + # Note (shardy) this somewhat complex yaql may be replaced + # with a map_deep_merge function in ocata. It merges the + # list of maps, but appends to colliding lists so we can + # create a map of lists for all nodes for each network + yaql: + expression: dict($.data.where($ != null).flatten().selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + - {get_attr: [{{role.name}}, hostname_map]} {{role.name}}: type: OS::Heat::ResourceGroup @@ -255,6 +335,11 @@ resources: params: '%stackname%': {get_param: 'OS::stack_name'} NodeIndex: '%index%' + {% if role.name != 'Compute' %} + {{role.name}}SchedulerHints: {get_param: {{role.name}}SchedulerHints} + {% else %} + NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints} + {% endif %} ServiceConfigSettings: map_merge: - get_attr: [{{role.name}}ServiceChain, role_data, config_settings] @@ -266,7 +351,7 @@ resources: # - The outer one filters the map based on the services enabled for the role # then merges the result into one map. - yaql: - expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {}) data: map: yaql: @@ -278,8 +363,24 @@ resources: services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} - LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} - LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} + ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]} +{% endfor %} + + hostsConfig: + type: OS::TripleO::Hosts::SoftwareConfig + properties: + hosts: + list_join: + - "\n" + - - if: + - add_vips_to_etc_hosts + - {get_attr: [VipHosts, value]} + - '' + - +{% for role in roles %} + - list_join: + - "\n" + - {get_attr: [{{role.name}}, hosts_entry]} {% endfor %} allNodesConfig: @@ -290,18 +391,30 @@ resources: cloud_name_storage: {get_param: CloudNameStorage} cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement} cloud_name_ctlplane: {get_param: CloudNameCtlplane} - hosts: -{% for role in roles %} - - list_join: - - '\n' - - {get_attr: [{{role.name}}, hosts_entry]} -{% endfor %} enabled_services: list_join: - ',' {% for role in roles %} - {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + logging_groups: + yaql: + expression: > + $.data.groups.flatten() + data: + groups: +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} +{% endfor %} + logging_sources: + yaql: + expression: > + $.data.sources.flatten() + data: + sources: +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} +{% endfor %} controller_ips: {get_attr: [Controller, ip_address]} controller_names: {get_attr: [Controller, hostname]} service_ips: @@ -324,10 +437,24 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, service_hostnames]} {% endfor %} + short_service_node_names: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]} +{% endfor %} + short_service_bootstrap_node: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten().first()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} - keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} @@ -359,7 +486,7 @@ resources: type: OS::TripleO::Network ControlVirtualIP: - type: OS::Neutron::Port + type: OS::TripleO::Network::Ports::ControlPlaneVipPort depends_on: Networks properties: name: control_virtual_ip @@ -442,6 +569,10 @@ resources: UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow + depends_on: +{% for role in roles %} + - {{role.name}}AllNodesDeployment +{% endfor %} properties: servers: {% for role in roles %} @@ -465,9 +596,27 @@ resources: servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} + # Upgrade steps for all roles + AllNodesUpgradeSteps: + type: OS::TripleO::UpgradeSteps + depends_on: +{% for role in roles %} + - {{role.name}}AllNodesDeployment +{% endfor %} + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + role_data: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} + # Post deployment steps for all roles AllNodesDeploySteps: type: OS::TripleO::PostDeploySteps + depends_on: AllNodesUpgradeSteps properties: servers: {% for role in roles %} @@ -488,54 +637,6 @@ outputs: KeystoneAdminVip: description: Keystone Admin VIP endpoint value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - PublicVip: - description: Controller VIP for public API endpoints - value: {get_attr: [VipMap, net_ip_map, external]} - AodhInternalVip: - description: VIP for Aodh API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} - CeilometerInternalVip: - description: VIP for Ceilometer API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} - CephRgwInternalVip: - description: VIP for Ceph RGW internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephRgwNetwork]}]} - CinderInternalVip: - description: VIP for Cinder API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} - GlanceInternalVip: - description: VIP for Glance API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} - GnocchiInternalVip: - description: VIP for Gnocchi API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} - HeatInternalVip: - description: VIP for Heat API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} - IronicInternalVip: - description: VIP for Ironic API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} - KeystoneInternalVip: - description: VIP for Keystone API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - ManilaInternalVip: - description: VIP for Manila API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} - NeutronInternalVip: - description: VIP for Neutron API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} - NovaInternalVip: - description: VIP for Nova API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} - OpenDaylightInternalVip: - description: VIP for OpenDaylight API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} - SaharaInternalVip: - description: VIP for Sahara API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} - SwiftInternalVip: - description: VIP for Swift Proxy internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} EndpointMap: description: | Mapping of the resources with the needed info for their endpoints. @@ -547,10 +648,20 @@ outputs: The content that should be appended to your /etc/hosts if you want to get hostname-based access to the deployed nodes (useful for testing without setting up a DNS). - value: {get_attr: [allNodesConfig, hosts_entries]} + value: + list_join: + - "\n" + - - {get_attr: [hostsConfig, hosts_entries]} + - - {get_attr: [VipHosts, value]} EnabledServices: description: The services enabled on each role value: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + RoleData: + description: The configuration data associated with each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index c764d4ef..5f56fe28 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -12,26 +12,28 @@ parameters: type: string cloud_name_ctlplane: type: string - hosts: - type: comma_delimited_list # FIXME(shardy) this can be comma_delimited_list when # https://bugs.launchpad.net/heat/+bug/1617019 is fixed enabled_services: type: string controller_ips: type: comma_delimited_list + logging_groups: + type: json + logging_sources: + type: json service_ips: type: json service_node_names: type: json + short_service_node_names: + type: json + short_service_bootstrap_node: + type: json controller_names: type: comma_delimited_list memcache_node_ips: type: comma_delimited_list - keystone_public_api_node_ips: - type: comma_delimited_list - keystone_admin_api_node_ips: - type: comma_delimited_list NetVipMap: type: json RedisVirtualIP: @@ -56,169 +58,151 @@ parameters: Heat action on performed top-level stack. constraints: - allowed_values: ['CREATE', 'UPDATE'] + # NOTE(jaosorior): This is being set as IPA as it's the first + # CA we'll actually be testing out. But we can change this if + # people request it. + CertmongerCA: + type: string + default: 'IPA' + EnableInternalTLS: + type: boolean + default: false resources: allNodesConfigImpl: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hosts: - list_join: - - "\n" - - {get_param: hosts} - hiera: - datafiles: - bootstrap_node: - mapped_data: - bootstrap_nodeid: {get_input: bootstrap_nodeid} - bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} - all_nodes: - mapped_data: - map_merge: - - enabled_services: {get_param: enabled_services} - # This writes out a mapping of service_name_enabled: 'true' - # For any services not enabled, hiera foo_enabled will - # return nil, as it's undefined - - map_merge: - repeat: - template: - # Note this must be string 'true' due to - # https://bugs.launchpad.net/heat/+bug/1617203 - SERVICE_enabled: 'true' - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - # Dynamically generate per-service network data - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: + datafiles: + bootstrap_node: + bootstrap_nodeid: {get_input: bootstrap_nodeid} + bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} + all_nodes: + map_merge: + - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} + - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} + - enabled_services: {get_param: enabled_services} + # This writes out a mapping of service_name_enabled: 'true' + # For any services not enabled, hiera foo_enabled will + # return nil, as it's undefined + - map_merge: + repeat: + template: + # Note this must be string 'true' due to + # https://bugs.launchpad.net/heat/+bug/1617203 + SERVICE_enabled: 'true' + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + # Dynamically generate per-service network data + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_network: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + # Keystone doesn't provide separate entries for the public + # and admin endpoints, so we need to add them here manually + # like we do in the vip-config below + - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} + keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} + # provides a mapping of service_name_ips to a list of IPs + - {get_param: service_ips} + - {get_param: service_node_names} + - {get_param: short_service_node_names} + - {get_param: short_service_bootstrap_node} + - controller_node_ips: + list_join: + - ',' + - {get_param: controller_ips} + controller_node_names: + list_join: + - ',' + - {get_param: controller_names} + memcached_node_ips_v6: + repeat: + template: "inet6:[NAME]" + for_each: + NAME: {get_param: memcache_node_ips} + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} + vip_data: + map_merge: + # Dynamically generate per-service VIP data based on enabled_services + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetVipMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: - map_merge: repeat: template: - SERVICE_network: SERVICE_network + SERVICE_vip: SERVICE_network for_each: SERVICE: str_split: [',', {get_param: enabled_services}] - values: {get_param: ServiceNetMap} - # Keystone doesn't provide separate entries for the public - # and admin endpoints, so we need to add them here manually - # like we do in the vip-config below - - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} - keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} - # provides a mapping of service_name_ips to a list of IPs - - {get_param: service_ips} - - {get_param: service_node_names} - - controller_node_ips: - list_join: - - ',' - - {get_param: controller_ips} - controller_node_names: - list_join: - - ',' - - {get_param: controller_names} - memcached_node_ips_v6: - str_replace: - template: "['inet6:[SERVERS_LIST]']" - params: - SERVERS_LIST: - list_join: - - "]','inet6:[" - - {get_param: memcache_node_ips} - keystone_public_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_public_api_node_ips} - keystone_admin_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_admin_api_node_ips} - - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - stack_action: {get_param: StackAction} - vip_data: - mapped_data: - map_merge: - # Dynamically generate per-service VIP data based on enabled_services - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g internal_api with the IP from NetVipMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: - - map_replace: - - map_merge: - repeat: - template: - SERVICE_vip: SERVICE_network - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - - values: {get_param: ServiceNetMap} - - values: {get_param: NetVipMap} - - keystone_admin_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] - keystone_public_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] - public_virtual_ip: {get_param: [NetVipMap, external]} - controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - storage_virtual_ip: {get_param: [NetVipMap, storage]} - storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - redis_vip: {get_param: RedisVirtualIP} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} - tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} - cloud_name_external: {get_param: cloud_name_external} - cloud_name_internal_api: {get_param: cloud_name_internal_api} - cloud_name_storage: {get_param: cloud_name_storage} - cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} - cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + - values: {get_param: NetVipMap} + - keystone_admin_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] + keystone_public_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] + public_virtual_ip: {get_param: [NetVipMap, external]} + controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + storage_virtual_ip: {get_param: [NetVipMap, storage]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + redis_vip: {get_param: RedisVirtualIP} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} + tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} + cloud_name_external: {get_param: cloud_name_external} + cloud_name_internal_api: {get_param: cloud_name_internal_api} + cloud_name_storage: {get_param: cloud_name_storage} + cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} + cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + # TLS parameters + certmonger_ca: {get_param: CertmongerCA} + enable_internal_tls: {get_param: EnableInternalTLS} outputs: config_id: description: The ID of the allNodesConfigImpl resource. value: {get_resource: allNodesConfigImpl} - hosts_entries: - description: | - The content that should be appended to your /etc/hosts if you want to get - hostname-based access to the deployed nodes (useful for testing without - setting up a DNS). - value: {get_attr: [allNodesConfigImpl, config, hosts]} diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml deleted file mode 100644 index e455c4cb..00000000 --- a/puppet/blockstorage-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_volume.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - BlockStoragePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_volume.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: BlockStoragePuppetConfigImpl} diff --git a/puppet/cinder-storage.yaml b/puppet/blockstorage-role.yaml index a66ea08b..e74beb2d 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/blockstorage-role.yaml @@ -66,15 +66,25 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + BlockStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json BlockStorageSchedulerHints: type: json @@ -92,16 +102,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: BlockStorage: @@ -123,7 +136,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: BlockStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -135,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -146,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::BlockStorage::NodeUserData + ExternalPort: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: @@ -222,6 +246,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -230,9 +344,30 @@ resources: server: {get_resource: BlockStorage} actions: {get_param: NetworkDeploymentActions} + BlockStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + BlockStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: BlockStorageUpgradeInitDeployment + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageUpgradeInitConfig} + BlockStorageDeployment: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: BlockStorageUpgradeInitDeployment properties: name: BlockStorageDeployment server: {get_resource: BlockStorage} @@ -244,41 +379,39 @@ resources: BlockStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: - mapped_data: {get_param: BlockStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - volume: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig + - service_names + - service_configs + - volume + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + volume_extraconfig: {get_param: BlockStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + volume: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -315,6 +448,16 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [BlockStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -332,47 +475,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [BlockStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the block storage server value: diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml deleted file mode 100644 index 3f428609..00000000 --- a/puppet/cephstorage-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_cephstorage.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - CephStoragePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_cephstorage.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: CephStoragePuppetConfigImpl} diff --git a/puppet/ceph-storage.yaml b/puppet/cephstorage-role.yaml index 03a53b00..75f58012 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/cephstorage-role.yaml @@ -72,15 +72,25 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + CephStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json CephStorageSchedulerHints: type: json @@ -98,16 +108,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: CephStorage: @@ -129,7 +142,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: CephStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -141,6 +158,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -152,6 +171,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::CephStorage::NodeUserData + ExternalPort: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: @@ -228,6 +252,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -236,9 +350,30 @@ resources: server: {get_resource: CephStorage} actions: {get_param: NetworkDeploymentActions} + CephStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + CephStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: CephStorageUpgradeInitDeployment + server: {get_resource: CephStorage} + config: {get_resource: CephStorageUpgradeInitConfig} + CephStorageDeployment: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: CephStorageUpgradeInitDeployment properties: name: CephStorageDeployment config: {get_resource: CephStorageConfig} @@ -249,40 +384,39 @@ resources: CephStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: - mapped_data: {get_param: CephStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - ceph: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig + - service_names + - service_configs + - ceph + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + ceph_extraconfig: {get_param: CephStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + ceph: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -325,6 +459,16 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [CephStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -342,47 +486,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [CephStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the ceph storage server value: diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml deleted file mode 100644 index 2314c47d..00000000 --- a/puppet/compute-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_compute.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ComputePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_compute.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ComputePuppetConfigImpl} diff --git a/puppet/compute.yaml b/puppet/compute-role.yaml index 0205d0a6..cedab0e6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute-role.yaml @@ -87,15 +87,25 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + NovaComputeServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json NovaComputeSchedulerHints: type: json @@ -110,16 +120,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: @@ -143,7 +156,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: NovaComputeServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -155,6 +172,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -166,6 +185,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Compute::NodeUserData + ExternalPort: type: OS::TripleO::Compute::Ports::ExternalPort properties: @@ -231,6 +255,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig properties: @@ -253,54 +367,73 @@ resources: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} + NovaComputeUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + NovaComputeUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: NovaComputeUpgradeInitDeployment + server: {get_resource: NovaCompute} + config: {get_resource: NovaComputeUpgradeInitConfig} + NovaComputeConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: - mapped_data: {get_param: NovaComputeExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - compute: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig + - service_names + - service_configs + - compute + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre + - nova_nuage_data # Optionally provided by ComputeExtraConfigPre + - midonet_data # Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + - cisco_aci_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + compute_extraconfig: {get_param: NovaComputeExtraConfig} + extraconfig: {get_param: ExtraConfig} + compute: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment + depends_on: NovaComputeUpgradeInitDeployment properties: name: NovaComputeDeployment config: {get_resource: NovaComputeConfig} @@ -368,6 +501,16 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [NovaCompute, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -387,47 +530,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [NovaCompute, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/controller-config.yaml b/puppet/config.role.j2.yaml index 99c7b26e..552c59b2 100644 --- a/puppet/controller-config.yaml +++ b/puppet/config.role.j2.yaml @@ -1,7 +1,7 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > - A software config which runs manifests/overcloud_controller.pp + A software config which runs puppet on the {{role}} role parameters: ConfigDebug: @@ -12,10 +12,18 @@ parameters: type: string description: Config manifests that will be used to step through the deployment. default: '' + PuppetTags: + type: string + description: List of comma-separated tags to limit puppet catalog to. + default: '' + +conditions: + + puppet_tags_empty: {equals : [{get_param: PuppetTags}, '']} resources: - ControllerPuppetConfigImpl: + {{role}}PuppetConfigImpl: type: OS::Heat::SoftwareConfig properties: group: puppet @@ -24,6 +32,13 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + tags: + if: + - puppet_tags_empty + - '' + - list_join: + - ',' + - ['file,concat,file_line', {get_param: PuppetTags}] outputs: - name: result inputs: @@ -32,10 +47,13 @@ resources: config: list_join: - '' - - - get_file: manifests/overcloud_controller.pp + - - str_replace: + template: {get_file: manifests/overcloud_role.pp} + params: + __ROLE__: {{role.lower()}} - {get_param: StepConfig} outputs: OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ControllerPuppetConfigImpl} + description: The software config which runs puppet on the {{role}} role + value: {get_resource: {{role}}PuppetConfigImpl} diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml index b313f5de..24f31dc8 100644 --- a/puppet/controller-config-pacemaker.yaml +++ b/puppet/controller-config-pacemaker.yaml @@ -26,6 +26,9 @@ resources: modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules outputs: - name: result + inputs: + - name: step + type: Number config: list_join: - '' diff --git a/puppet/controller.yaml b/puppet/controller-role.yaml index ccb517f8..05527b63 100644 --- a/puppet/controller.yaml +++ b/puppet/controller-role.yaml @@ -101,15 +101,25 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + ControllerServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json ControllerSchedulerHints: type: json @@ -124,16 +134,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' parameter_groups: - label: deprecated @@ -162,7 +175,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: ControllerServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -174,6 +191,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -185,6 +204,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: @@ -250,6 +274,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: @@ -287,10 +401,30 @@ resources: server: {get_resource: Controller} NodeIndex: {get_param: NodeIndex} + ControllerUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + ControllerUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: ControllerUpgradeInitDeployment + server: {get_resource: Controller} + config: {get_resource: ControllerUpgradeInitConfig} ControllerDeployment: type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment + depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment config: {get_resource: ControllerConfig} @@ -304,59 +438,57 @@ resources: ControllerConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - mapped_data: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - controller: - mapped_data: # data supplied directly to this deployment configuration, etc - bootstack_nodeid: {get_input: bootstack_nodeid} - - # Pacemaker - enable_load_balancer: {get_input: enable_load_balancer} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig + - service_configs + - service_names + - controller + - bootstrap_node # provided by BootstrapNodeConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + controller_extraconfig: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} + extraconfig: {get_param: ExtraConfig} + controller: + # data supplied directly to this deployment configuration, etc + bootstack_nodeid: {get_input: bootstack_nodeid} + # Pacemaker + enable_load_balancer: {get_input: enable_load_balancer} - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + # Misc + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: @@ -411,6 +543,16 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [Controller, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -430,47 +572,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [Controller, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 22fde9a7..4e1ad89f 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -8,7 +8,7 @@ trap cleanup EXIT if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do - curl -o $TMP_DATA/file_data "$artifact_urls" + curl --globoff -o $TMP_DATA/file_data "$URL" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then yum install -y $TMP_DATA/file_data elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 6ff90881..48446e5a 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -70,12 +70,22 @@ parameters: CinderNetappStoragePools: type: string default: '' - CinderNetappEseriesHostType: + CinderNetappHostType: type: string - default: 'linux_dm_mp' + default: '' CinderNetappWebservicePath: type: string default: '/devmgr/v2' + # DEPRECATED options for compatibility with older versions + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - CinderNetappEseriesHostType resources: CinderNetappConfig: @@ -108,7 +118,7 @@ resources: cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType} + cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} CinderNetappDeployment: @@ -139,7 +149,7 @@ resources: NetappControllerIps: {get_param: CinderNetappControllerIps} NetappSaPassword: {get_param: CinderNetappSaPassword} NetappStoragePools: {get_param: CinderNetappStoragePools} - NetappEseriesHostType: {get_param: CinderNetappEseriesHostType} + NetappHostType: {get_param: CinderNetappHostType} NetappWebservicePath: {get_param: CinderNetappWebservicePath} outputs: diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml new file mode 100644 index 00000000..84d431fb --- /dev/null +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2015-10-15 + +description: Enroll nodes to FreeIPA + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + CloudDomain: + description: > + The configured cloud domain; this will also be used as the kerberos realm + type: string + + FreeIPAOTP: + default: '' + description: 'OTP that will be used for FreeIPA enrollment' + type: string + hidden: true + FreeIPAServer: + default: '' + description: 'FreeIPA server DNS name' + type: string + FreeIPAIPAddress: + default: '' + description: 'FreeIPA server IP Address' + type: string + +resources: + FreeIPAEnrollmentConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: otp + - name: ipa_server + - name: ipa_domain + - name: ipa_ip + config: | + #!/bin/sh + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi + fi + # Set the node's domain if needed + if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then + hostnamectl set-hostname "$(hostname).${ipa_domain}" + fi + yum install -y ipa-client + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. + if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi + ipa-client-install --server ${ipa_server} -w ${otp} \ + --domain=${ipa_domain} -U + fi + # Get a TGT + kinit -k -t /etc/krb5.keytab + + FreeIPAControllerEnrollmentDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: FreeIPAEnrollmentDeployment + config: {get_resource: FreeIPAEnrollmentConfig} + server: {get_param: server} + input_values: + otp: {get_param: FreeIPAOTP} + ipa_server: {get_param: FreeIPAServer} + ipa_domain: {get_param: CloudDomain} + ipa_ip: {get_param: FreeIPAIPAddress} + +outputs: + deploy_stdout: + description: Output of the FreeIPA enrollment deployment + value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index e281ef51..49d84574 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -64,11 +64,9 @@ resources: | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus # We need to reload haproxy in case the certificate changed because - # puppet doesn't know the contents of the cert file. The pacemaker - # case is handled separately in a pacemaker-specific resource. - pacemaker_status=$(systemctl is-active pacemaker) + # puppet doesn't know the contents of the cert file. haproxy_status=$(systemctl is-active haproxy) - if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + if [ "$haproxy_status" = "active" ]; then systemctl reload haproxy fi diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml new file mode 100644 index 00000000..8d954c09 --- /dev/null +++ b/puppet/major_upgrade_steps.j2.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade steps for all roles' + +parameters: + servers: + type: json + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + UpdateIdentifier: + type: string + description: > + Setting to a previously unused value during stack-update will trigger + the Upgrade resources to re-run on all roles. + +resources: + +# Upgrade Steps for all roles +# FIXME(shardy): would be nice to make the number of steps configurable +{% for step in range(1, 8) %} + {% for role in roles %} + # Step {{step}} resources + {{role.name}}UpgradeConfig_Step{{step}}: + type: OS::TripleO::UpgradeConfig + # The UpgradeConfig resources could actually be created without + # serialization, but the event output is easier to follow if we + # do, and there should be minimal performance hit (creating the + # config is cheap compared to the time to apply the deployment). + {% if step > 1 %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} + step: {{step}} + + {{role.name}}Upgrade_Step{{step}}: + type: OS::Heat::StructuredDeploymentGroup + {% if step > 1 %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {{role.name}}Upgrade_Step{{step}} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}} + input_values: + role: {{role.name}} + update_identifier: {get_param: UpdateIdentifier} + {% endfor %} +{% endfor %} + +outputs: + # Output the config for each role, just use Step1 as the config should be + # the same for all steps (only the tag provided differs) + upgrade_configs: + description: The per-role upgrade configuration used + value: +{% for role in roles %} + {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} +{% endfor %} + diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp deleted file mode 100644 index 2653badf..00000000 --- a/puppet/manifests/overcloud_cephstorage.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('ceph_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp deleted file mode 100644 index 25bdbfb2..00000000 --- a/puppet/manifests/overcloud_controller.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('controller_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp deleted file mode 100644 index 414a06ba..00000000 --- a/puppet/manifests/overcloud_object.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('object_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_role.pp index f96c193c..1a59620c 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_role.pp @@ -13,9 +13,14 @@ # License for the specific language governing permissions and limitations # under the License. +# The content of this file will be used to generate +# the puppet manifests for all roles, the placeholder +# __ROLE__ will be replaced by 'controller', 'blockstorage', +# 'cephstorage' and all the deployed roles. + if hiera('step') >= 4 { - hiera_include('compute_classes', []) + hiera_include('__ROLE___classes', []) } -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp deleted file mode 100644 index e1cdadd5..00000000 --- a/puppet/manifests/overcloud_volume.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('volume_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml deleted file mode 100644 index 33480544..00000000 --- a/puppet/objectstorage-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_object.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ObjectStoragePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_object.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ObjectStoragePuppetConfigImpl} diff --git a/puppet/swift-storage.yaml b/puppet/objectstorage-role.yaml index 899ba66d..77a60510 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/objectstorage-role.yaml @@ -66,15 +66,25 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + SwiftStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json ObjectStorageSchedulerHints: type: json @@ -92,16 +102,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: @@ -123,7 +136,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: SwiftStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -135,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -146,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::ObjectStorage::NodeUserData + ExternalPort: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: @@ -222,6 +246,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -230,49 +344,67 @@ resources: server: {get_resource: SwiftStorage} actions: {get_param: NetworkDeploymentActions} + SwiftStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + SwiftStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: SwiftStorageUpgradeInitDeployment + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftStorageUpgradeInitConfig} + SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: - mapped_data: {get_param: ObjectStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - object: - mapped_data: # data supplied directly to this deployment configuration, etc - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} - + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig + - service_names + - service_configs + - object + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + object_extraconfig: {get_param: ObjectStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + object: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: SwiftStorageUpgradeInitDeployment properties: name: SwiftStorageHieraDeploy server: {get_resource: SwiftStorage} @@ -314,6 +446,16 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [SwiftStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -331,47 +473,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [SwiftStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the swift storage server value: diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 65c96ac2..582eb28d 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -47,73 +47,39 @@ resources: properties: StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - # Step through a series of configuration steps - {{role.name}}Deployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - properties: - name: {{role.name}}Deployment_Step1 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Deployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step1 - {% endfor %} + {% if role.name == 'Controller' %} + ControllerPrePuppet: + type: OS::TripleO::Tasks::ControllerPrePuppet properties: - name: {{role.name}}Deployment_Step2 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + servers: {get_param: [servers, Controller]} input_values: - step: 2 update_identifier: {get_param: DeployIdentifier} + {% endif %} - {{role.name}}Deployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step2 - {% endfor %} - properties: - name: {{role.name}}Deployment_Step3 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} + # Step through a series of configuration steps +{% for step in range(1, 6) %} + {% for role in roles %} - {{role.name}}Deployment_Step4: + {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% else %} depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step3 - {% endfor %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} properties: - name: {{role.name}}Deployment_Step4 + name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}Config} input_values: - step: 4 + step: {{step}} update_identifier: {get_param: DeployIdentifier} - {{role.name}}Deployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step4 {% endfor %} - properties: - name: {{role.name}}Deployment_Step5 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} +{% endfor %} {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig @@ -136,4 +102,16 @@ resources: type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} + + {% if role.name == 'Controller' %} + ControllerPostPuppet: + depends_on: + - ControllerExtraConfigPost + type: OS::TripleO::Tasks::ControllerPostPuppet + properties: + servers: {get_param: [servers, Controller]} + input_values: + update_identifier: {get_param: DeployIdentifier} + {% endif %} + {% endfor %} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml new file mode 100644 index 00000000..22370a7d --- /dev/null +++ b/puppet/role.role.j2.yaml @@ -0,0 +1,545 @@ +heat_template_version: 2016-10-14 +description: 'OpenStack {{role}} node configured by Puppet' +parameters: + Overcloud{{role}}Flavor: + description: Flavor for the {{role}} node. + default: baremetal + type: string +{% if disable_constraints is not defined %} + constraints: + - custom_constraint: nova.flavor +{% endif %} + {{role}}Image: + type: string + default: overcloud-full +{% if disable_constraints is not defined %} + constraints: + - custom_constraint: glance.image +{% endif %} + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing Nova key pair to enable SSH access to the instances + type: string + default: default +{% if disable_constraints is not defined %} + constraints: + - custom_constraint: nova.keypair +{% endif %} + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that {{role}}ExtraConfig takes precedence over ExtraConfig. + type: json + {{role}}ExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + {{role}}IPs: + default: {} + type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + SoftwareConfigTransport: + default: POLL_SERVER_CFN + description: | + How the server should receive the metadata required for software configuration. + type: string + constraints: + - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + {{role}}ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json + ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. + type: json + {{role}}SchedulerHints: + type: json + description: Optional scheduler hints to pass to nova + default: {} + NodeIndex: + type: number + default: 0 + ServiceConfigSettings: + type: json + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ServiceMetadataSettings: + type: json + default: {} + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + + +resources: + {{role}}: + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} + properties: + image: {get_param: {{role}}Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Overcloud{{role}}Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} + software_config_transport: {get_param: SoftwareConfigTransport} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: {{role}}ServerMetadata} + - {get_param: ServiceMetadataSettings} + scheduler_hints: {get_param: {{role}}SchedulerHints} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + - config: {get_resource: RoleUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::{{role}}::NodeUserData + + ExternalPort: + type: OS::TripleO::{{role}}::Ports::ExternalPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + InternalApiPort: + type: OS::TripleO::{{role}}::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + StoragePort: + type: OS::TripleO::{{role}}::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + StorageMgmtPort: + type: OS::TripleO::{{role}}::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + TenantPort: + type: OS::TripleO::{{role}}::Ports::TenantPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + ManagementPort: + type: OS::TripleO::{{role}}::Ports::ManagementPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + NetworkConfig: + type: OS::TripleO::{{role}}::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} + ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} + TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} + ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + name: NetworkDeployment + config: {get_resource: NetworkConfig} + server: {get_resource: {{role}}} + actions: {get_param: NetworkDeploymentActions} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + {{role}}UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + {{role}}UpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: {{role}}UpgradeInitDeployment + server: {get_resource: {{role}}} + config: {get_resource: {{role}}UpgradeInitConfig} + + {{role}}Deployment: + type: OS::Heat::StructuredDeployment + depends_on: {{role}}UpgradeInitDeployment + properties: + name: {{role}}Deployment + config: {get_resource: {{role}}Config} + server: {get_resource: {{role}}} + input_values: + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + + {{role}}Config: + type: OS::Heat::StructuredConfig + properties: + group: hiera + config: + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - {{role.lower()}}_extraconfig + - extraconfig + - service_names + - service_configs + - {{role.lower()}} + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig} + extraconfig: {get_param: ExtraConfig} + {{role.lower()}}: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: {{role}}Deployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: {{role}}} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + {{role}}ExtraConfigPre: + depends_on: {{role}}Deployment + type: OS::TripleO::{{role}}ExtraConfigPre + properties: + server: {get_resource: {{role}}} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: {{role}}} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: {{role}}} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [{{role}}, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [{{role}}, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + hosts_entry: + value: + str_replace: + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST + params: + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} + PRIMARYHOST: {get_attr: [{{role}}, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} + CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} + nova_server_resource: + description: Heat resource handle for {{role}} server + value: + {get_resource: {{role}}} + external_ip_address: + description: IP address of the server in the external network + value: {get_attr: [ExternalPort, ip_address]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + tenant_ip_address: + description: IP address of the server in the tenant network + value: {get_attr: [TenantPort, ip_address]} + management_ip_address: + description: IP address of the server in the management network + value: {get_attr: [ManagementPort, ip_address]} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 8fe51fa3..6e4e9c1d 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -22,8 +22,8 @@ Config Settings Each service may define a config_settings output variable which returns Hiera settings to be configured. -Steps ------ +Deployment Steps +---------------- Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests @@ -49,8 +49,42 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) - 6) Fencing (Pacemaker) +Upgrade Steps +------------- + +Each service template may optionally define a `upgrade_tasks` key, which is a +list of ansible tasks to be performed during the upgrade process. + +Similar to the step_config, we allow a series of steps for the per-service +upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first +step, "step2" for the second, etc. + + Steps/tages correlate to the following: + + 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster + + 2) Stop all control-plane services, ready for upgrade + + 3) Perform a package update, (either specific packages or the whole system) + + 4) Start services needed for migration tasks (e.g DB) + + 5) Perform any migration tasks, e.g DB sync commands + + 6) Start control-plane services + + 7) Any additional online migration tasks (e.g data migrations) + +Nova Server Metadata Settings +----------------------------- + +One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass +entries to the nova instances' metadata. It is, however, disabled by default. +In order to overwrite it one needs to define it in the resource registry. An +implementation of this hook needs to conform to the following: -Note: Not all roles currently support all steps: +* It needs to define an input called `RoleData` of json type. This gets as + input the contents of the `role_data` for each role's ServiceChain. - * ObjectStorage role only supports steps 2, 3 and 4 +* This needs to define an output called `metadata` which will be given to the + Nova Server resource as the instance's metadata. diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index d3d9b5ad..0cc7ad8b 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -21,11 +21,9 @@ parameters: MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string - EnableCombinationAlarms: - default: false - description: Combination alarms are deprecated in Newton, hence disabled - by default. To enable, set this parameter to true. + EnableInternalTLS: type: boolean + default: false resources: AodhBase: @@ -41,6 +39,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -52,29 +51,34 @@ outputs: map_merge: - get_attr: [AodhBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - aodh::wsgi::apache::ssl: false + - aodh::wsgi::apache::ssl: {get_param: EnableInternalTLS} aodh::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' + aodh::api::enable_proxy_headers_parsing: true tripleo.aodh_api.firewall_rules: '128 aodh-api': dport: - 8042 - 13042 + aodh::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} - tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} service_config_settings: - get_attr: [AodhBase, role_data, service_config_settings] + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 5314b837..0e2410f7 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -59,14 +59,7 @@ outputs: value: service_name: aodh_base config_settings: - aodh::evaluator::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + aodh_redis_password: {get_param: RedisPassword} aodh::db::database_connection: list_join: - '' @@ -87,13 +80,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::db::mysql::user: aodh - aodh::db::mysql::password: {get_param: AodhPassword} - aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - aodh::db::mysql::dbname: aodh - aodh::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' service_config_settings: @@ -104,3 +90,11 @@ outputs: aodh::keystone::auth::password: {get_param: AodhPassword} aodh::keystone::auth::region: {get_param: KeystoneRegion} aodh::keystone::auth::tenant: 'service' + mysql: + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml new file mode 100644 index 00000000..1d76b9a3 --- /dev/null +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -0,0 +1,50 @@ +heat_template_version: 2016-10-14 + +description: > + Apache service TLS configurations. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + # The following parameters are not needed by the template but are + # required to pass the pep8 tests + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Apache role. + value: + service_name: apache_internal_tls_certmonger + config_settings: + generate_service_certificates: true + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: + # NOTE(jaosorior) Get unique network names to create + # certificates for those. We skip the tenant network since + # we don't need a certificate for that, and the external + # network will be handled in another template. + yaql: + expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant) + data: + map: + get_param: ServiceNetMap diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index c9792019..382e0ff9 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -27,6 +27,17 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + + +resources: + + ApacheTLS: + type: OS::TripleO::Services::ApacheTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} outputs: role_data: @@ -34,19 +45,22 @@ outputs: value: service_name: apache config_settings: - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} - apache::server_signature: 'Off' - apache::server_tokens: 'Prod' - apache_remote_proxy_ips_network: - str_replace: - template: "NETWORK_subnet" - params: - NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} - apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } - apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } - apache::mod::remoteip::proxy_ips: - - "%{hiera('apache_remote_proxy_ips_network')}" + map_merge: + - get_attr: [ApacheTLS, role_data, config_settings] + - + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::server_signature: 'Off' + apache::server_tokens: 'Prod' + apache_remote_proxy_ips_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } + apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } + apache::mod::remoteip::proxy_ips: + - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml new file mode 100644 index 00000000..24687d03 --- /dev/null +++ b/puppet/services/barbican-api.yaml @@ -0,0 +1,144 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Barbican API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + BarbicanPassword: + description: The password for the barbican service account. + type: string + hidden: true + BarbicanWorkers: + description: Set the number of workers for barbican::wsgi::apache + default: '%{::processorcount}' + type: string + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Barbican API role. + value: + service_name: barbican_api + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - barbican::keystone::authtoken::password: {get_param: BarbicanPassword} + barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + barbican::keystone::authtoken::project_name: 'service' + barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} + barbican::api::db_auto_create: false + barbican::api::enabled_certificate_plugins: ['simple_certificate'] + barbican::api::logging::debug: {get_param: Debug} + barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + barbican::api::rabbit_userid: {get_param: RabbitUserName} + barbican::api::rabbit_password: {get_param: RabbitPassword} + barbican::api::rabbit_port: {get_param: RabbitClientPort} + barbican::api::rabbit_heartbeat_timeout_threshold: 60 + barbican::api::service_name: 'httpd' + barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]} + barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS} + barbican::wsgi::apache::workers: {get_param: BarbicanWorkers} + barbican::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} + barbican::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://barbican:' + - {get_param: BarbicanPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/barbican' + tripleo.barbican_api.firewall_rules: + '117 barbican': + dport: + - 9311 + - 13311 + step_config: | + include ::tripleo::profile::base::barbican::api + service_config_settings: + mysql: + barbican::db::mysql::password: {get_param: BarbicanPassword} + barbican::db::mysql::user: barbican + barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + barbican::db::mysql::dbname: barbican + barbican::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone: + barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]} + barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]} + barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]} + barbican::keystone::auth::password: {get_param: BarbicanPassword} + barbican::keystone::auth::region: {get_param: KeystoneRegion} + barbican::keystone::auth::tenant: 'service' + nova_compute: + nova::compute::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + nova::compute::barbican_endpoint: + get_param: [EndpointMap, BarbicanInternal, uri] + nova::compute::barbican_auth_endpoint: + get_param: [EndpointMap, KeystoneV3Internal, uri] + cinder_api: + cinder::api::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + cinder::api::keymgr_encryption_api_url: + get_param: [EndpointMap, BarbicanInternal, uri] + cinder::api::keymgr_encryption_auth_url: + get_param: [EndpointMap, KeystoneV3Internal, uri] diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 2ae46d0e..c4abc307 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -51,13 +51,6 @@ outputs: config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + - ceilometer_redis_password: {get_param: RedisPassword} step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 50431e3d..2e2d3f2d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -26,7 +26,9 @@ parameters: default: tag: openstack.ceilometer.api path: /var/log/ceilometer/api.log - + EnableInternalTLS: + type: boolean + default: false resources: CeilometerServiceBase: @@ -42,6 +44,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -68,16 +71,22 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - ceilometer::api::service_name: 'httpd' - ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::api::enable_proxy_headers_parsing: true + ceilometer::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} - ceilometer::wsgi::apache::ssl: false + ceilometer::wsgi::apache::ssl: {get_param: EnableInternalTLS} ceilometer::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: - get_attr: [CeilometerServiceBase, role_data, service_config_settings] + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 25fccd9e..24c71cbb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -31,11 +31,17 @@ parameters: type: string hidden: true CeilometerMeterDispatcher: - default: 'gnocchi' - description: Dispatcher to process meter data - type: string + default: ['gnocchi'] + description: Comma-seperated list of Dispatcher to process meter data + type: comma_delimited_list constraints: - allowed_values: ['gnocchi', 'database'] + CeilometerEventDispatcher: + default: ['gnocchi'] + description: Comma-separated list of Dispatchers to process events data + type: comma_delimited_list + constraints: + - allowed_values: ['panko', 'gnocchi', 'database'] CeilometerWorkers: default: 0 description: Number of workers for Ceilometer service. @@ -44,6 +50,14 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + EnableLegacyCeilometerApi: + default: false + description: Enable legacy ceilometer Api service if needed. + type: boolean + EventPipelinePublishers: + default: ['notifier://?topic=alarm.all'] + description: A list of publishers to put in event_pipeline.yaml. + type: comma_delimited_list Debug: default: '' description: Set to True to enable debugging on all services. @@ -87,6 +101,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' + enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -98,11 +113,12 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' - ceilometer::db::mysql::password: {get_param: CeilometerPassword} ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher} ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' @@ -111,12 +127,6 @@ outputs: ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ceilometer::rabbit_port: {get_param: RabbitClientPort} - ceilometer::db::mysql::user: ceilometer - ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - ceilometer::db::mysql::dbname: ceilometer - ceilometer::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 @@ -129,3 +139,11 @@ outputs: ceilometer::keystone::auth::password: {get_param: CeilometerPassword} ceilometer::keystone::auth::region: {get_param: KeystoneRegion} ceilometer::keystone::auth::tenant: 'service' + mysql: + ceilometer::db::mysql::password: {get_param: CeilometerPassword} + ceilometer::db::mysql::user: ceilometer + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ceilometer::db::mysql::dbname: ceilometer + ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 4d15be8e..e3f1ef4e 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -55,5 +55,7 @@ outputs: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] - get_attr: [CeilometerServiceBase, role_data, config_settings] + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce8d9158..8faf5640 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Ceph base service. Shared by all Ceph services. @@ -29,9 +29,20 @@ parameters: GlanceRbdPoolName: default: images type: string + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaRbdPoolName: default: vms type: string @@ -63,6 +74,16 @@ parameter_groups: parameters: - ControllerEnableCephStorage +conditions: + glance_multiple_locations: + and: + - equals: + - get_param: GlanceBackend + - rbd + - equals: + - get_param: NovaEnableRbdBackend + - true + outputs: role_data: description: Role data for the Ceph base service. @@ -75,6 +96,12 @@ outputs: ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} + # FIXME(gfidente): we should not have to list the packages explicitly in the templates, + # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -92,33 +119,33 @@ outputs: NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: - str_replace: - template: "{ - client.admin: { - secret: 'ADMIN_KEY', - mode: '0600', - cap_mon: 'allow *', - cap_osd: 'allow *', + map_replace: + - client.admin: + secret: {get_param: CephAdminKey} + mode: '0600' + cap_mon: 'allow *' + cap_osd: 'allow *' cap_mds: 'allow *' - }, - client.bootstrap-osd: { - secret: 'ADMIN_KEY', - keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + client.bootstrap-osd: + secret: {get_param: CephAdminKey} + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring' cap_mon: 'allow profile bootstrap-osd' - }, - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: CephClientKey} - ADMIN_KEY: {get_param: CephAdminKey} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + CEPH_CLIENT_KEY: + secret: {get_param: CephClientKey} + mode: '0644' + cap_mon: 'allow r' + cap_osd: + str_replace: + template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + params: + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + - keys: + CEPH_CLIENT_KEY: + list_join: ['.', ['client', {get_param: CephClientUserName}]] + service_config_settings: + glance_api: + glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 52c4824f..b708665f 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Ceph External service. @@ -27,9 +27,20 @@ parameters: GlanceRbdPoolName: default: images type: string + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaRbdPoolName: default: vms type: string @@ -51,6 +62,16 @@ parameters: default: 'overcloud-ceph-external' type: string +conditions: + glance_multiple_locations: + and: + - equals: + - get_param: GlanceBackend + - rbd + - equals: + - get_param: NovaEnableRbdBackend + - true + outputs: role_data: description: Role data for the Ceph External service. @@ -78,5 +99,16 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + ceph::profile::params::manage_repo: false + # FIXME(gfidente): we should not have to list the packages explicitly in + # the templates, but this should stay until the following is fixed: + # https://bugs.launchpad.net/puppet-ceph/+bug/1629933 + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd + service_config_settings: + glance_api: + glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} step_config: | include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 552086ab..3471f16c 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -101,5 +101,7 @@ outputs: '110 ceph_mon': dport: - 6789 + service_config_settings: + get_attr: [CephBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceph::mon diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 18a4b780..4b85d28f 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -55,15 +55,9 @@ outputs: - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - ceph::profile::params::frontend_type: 'civetweb' - ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]} - ceph::profile::params::rgw_frontends: - list_join: - - '' - - - 'civetweb port=' - - '%{hiera("ceph_rgw_civetweb_bind_address")}' - - ':' - - {get_param: [EndpointMap, CephRgwInternal, port]} + tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} + tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} + ceph::params::user_radosgw: ceph tripleo.ceph_rgw.firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} @@ -74,6 +68,7 @@ outputs: ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::user: 'swift' ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 875a3aa1..6cb2b194 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Cinder API service configured with Puppet @@ -39,9 +39,27 @@ parameters: default: tag: openstack.cinder.api path: /var/log/cinder/cinder-api.log + CinderWorkers: + type: string + description: Set the number of workers for cinder::wsgi::apache + default: '%{::os_workers}' + EnableInternalTLS: + type: boolean + default: false + +conditions: + cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + CinderBase: type: ./cinder-base.yaml properties: @@ -61,6 +79,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} @@ -79,12 +98,31 @@ outputs: dport: - 8776 - 13776 + cinder::api::bind_host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} + cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} + cinder::api::service_name: 'httpd' # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} + cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} + cinder::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} + - + if: + - cinder_workers_zero + - {} + - cinder::wsgi::apache::workers: {get_param: CinderWorkers} step_config: | include ::tripleo::profile::base::cinder::api service_config_settings: @@ -101,3 +139,11 @@ outputs: cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} cinder::keystone::auth::password: {get_param: CinderPassword} cinder::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + cinder::db::mysql::password: {get_param: CinderPassword} + cinder::db::mysql::user: cinder + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + cinder::db::mysql::dbname: cinder + cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 0db17189..59c9b844 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -60,20 +60,12 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - cinder::db::mysql::password: {get_param: CinderPassword} cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} - cinder::db::mysql::user: cinder - cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - cinder::db::mysql::dbname: cinder - cinder::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml new file mode 100644 index 00000000..3ba51fb6 --- /dev/null +++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-10-14 + +description: > + MySQL configurations for using TLS via certmonger. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + # The following parameters are not needed by the template but are + # required to pass the pep8 tests + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: MySQL configurations for using TLS via certmonger. + value: + service_name: mysql_internal_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 094a7c9f..abe752e2 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -35,50 +35,68 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean +resources: + + MySQLTLS: + type: OS::TripleO::Services::MySQLTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} + outputs: role_data: description: Service MySQL using composable services. value: service_name: mysql config_settings: - # The Galera package should work in cluster and - # non-cluster modes based on the config file. - # We set the package name here explicitly so - # that it matches what we pre-install - # in tripleo-puppet-elements. - mysql::server::package_name: 'mariadb-galera-server' - mysql::server::manage_config_file: true - tripleo.mysql.firewall_rules: - '104 mysql galera': - dport: - - 873 - - 3306 - - 4444 - - 4567 - - 4568 - - 9200 - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql::server::root_password: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: MysqlRootPassword} - - {get_param: [DefaultPasswords, mysql_root_password]} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - enable_galera: {get_param: EnableGalera} - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::bind_address: - str_replace: - template: - '"%{::fqdn_$NETWORK}"' - params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + map_merge: + - get_attr: [MySQLTLS, role_data, config_settings] + - + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true + tripleo.mysql.firewall_rules: + '104 mysql galera': + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + upgrade_tasks: + - name: Stop service + tags: step2 + service: name=mariadb state=stopped + - name: Start service + tags: step4 + service: name=mariadb state=started + diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 4ed3c007..2fab0eb6 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -39,6 +39,6 @@ outputs: # internal_api_subnet - > IP/CIDR redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 - redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' - redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" + redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c399bf4e..33abdbf9 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -18,32 +18,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - CephClientUserName: - default: openstack - type: string Debug: default: '' description: Set to True to enable debugging on all services. type: string - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' GlancePassword: description: The password for the glance service and db account, used by the glance services. type: string hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GlanceWorkers: default: '' description: | @@ -55,31 +37,6 @@ parameters: memory consumption. It is recommended that a suitable non-default value be selected on such systems. type: string - GlanceRbdPoolName: - default: images - type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint MonitoringSubscriptionGlanceApi: default: 'overcloud-glance-api' type: string @@ -89,6 +46,14 @@ parameters: tag: openstack.glance.api path: /var/log/glance/api.log +resources: + GlanceBase: + type: ./glance-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Glance API role. @@ -99,66 +64,46 @@ outputs: logging_groups: - glance config_settings: - glance::api::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/glance' - glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::api::registry_host: - str_replace: - template: "'REGISTRY_HOST'" - params: - REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } - glance::api::authtoken::password: {get_param: GlancePassword} - glance::api::enable_proxy_headers_parsing: true - glance::api::debug: {get_param: Debug} - glance::api::workers: {get_param: GlanceWorkers} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_param: GlancePassword} - glance::backend::swift::swift_store_create_container_on_put: true - glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} - glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} - glance_backend: {get_param: GlanceBackend} - glance::db::mysql::password: {get_param: GlancePassword} - glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} - glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} - glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} - glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::registry::db::database_db_max_retries: -1 - glance::registry::db::database_max_retries: -1 - tripleo.glance_api.firewall_rules: - '112 glance_api': - dport: - - 9292 - - 13292 - glance::api::authtoken::project_name: 'service' - glance::api::pipeline: 'keystone' - glance::api::show_image_direct_url: true - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} + map_merge: + - get_attr: [GlanceBase, role_data, config_settings] + - glance::api::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/glance' + glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} + glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::registry_host: + str_replace: + template: "'REGISTRY_HOST'" + params: + REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } + glance::api::authtoken::password: {get_param: GlancePassword} + glance::api::enable_proxy_headers_parsing: true + glance::api::debug: {get_param: Debug} + glance::api::workers: {get_param: GlanceWorkers} + tripleo.glance_api.firewall_rules: + '112 glance_api': + dport: + - 9292 + - 13292 + glance::api::authtoken::project_name: 'service' + glance::api::pipeline: 'keystone' + glance::api::show_image_direct_url: true + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api service_config_settings: - keystone: - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } - glance::keystone::auth::region: {get_param: KeystoneRegion} - glance::keystone::auth::tenant: 'service' + get_attr: [GlanceBase, role_data, service_config_settings] diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml new file mode 100644 index 00000000..cc979af9 --- /dev/null +++ b/puppet/services/glance-base.yaml @@ -0,0 +1,128 @@ +heat_template_version: 2016-10-14 + +description: > + OpenStack Glance Common settings with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephClientUserName: + default: openstack + type: string + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GlanceNfsEnabled: + default: false + description: > + When using GlanceBackend 'file', mount NFS share for image storage. + type: boolean + GlanceNfsShare: + default: '' + description: > + NFS share to mount for image storage (when GlanceNfsEnabled is true) + type: string + GlanceNfsOptions: + default: 'intr,context=system_u:object_r:glance_var_lib_t:s0' + description: > + NFS mount options for image storage (when GlanceNfsEnabled is true) + type: string + GlanceRbdPoolName: + default: images + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Glance common role. + value: + service_name: glance_base + config_settings: + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance::backend::swift::swift_store_create_container_on_put: true + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} + glance_backend: {get_param: GlanceBackend} + glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + glance::notify::rabbitmq::notification_driver: messagingv2 + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 + tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} + tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} + tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions} + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' + mysql: + glance::db::mysql::password: {get_param: GlancePassword} + glance::db::mysql::user: glance + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + glance::db::mysql::dbname: glance + glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 2b7b4345..c45582d4 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -46,6 +46,14 @@ parameters: tag: openstack.glance.registry path: /var/log/glance/registry.log +resources: + GlanceBase: + type: ./glance-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Glance Registry role. @@ -56,40 +64,37 @@ outputs: logging_groups: - glance config_settings: - glance::registry::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/glance' - glance::registry::authtoken::password: {get_param: GlancePassword} - glance::registry::authtoken::project_name: 'service' - glance::registry::pipeline: 'keystone' - glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::registry::debug: {get_param: Debug} - glance::registry::workers: {get_param: GlanceWorkers} - glance::db::mysql::user: glance - glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - glance::db::mysql::dbname: glance - glance::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - glance::registry::db::database_db_max_retries: -1 - glance::registry::db::database_max_retries: -1 - tripleo.glance_registry.firewall_rules: - '112 glance_registry': - dport: - - 9191 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} + map_merge: + - get_attr: [GlanceBase, role_data, config_settings] + + - glance::registry::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/glance' + glance::registry::authtoken::password: {get_param: GlancePassword} + glance::registry::authtoken::project_name: 'service' + glance::registry::pipeline: 'keystone' + glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::debug: {get_param: Debug} + glance::registry::workers: {get_param: GlanceWorkers} + tripleo.glance_registry.firewall_rules: + '112 glance_registry': + dport: + - 9191 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} step_config: | include ::tripleo::profile::base::glance::registry + service_config_settings: + get_attr: [GlanceBase, role_data, config_settings] diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 481a44cb..b3d39e0f 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -41,6 +41,9 @@ parameters: default: tag: openstack.gnocchi.api path: /var/log/gnocchi/app.log + EnableInternalTLS: + type: boolean + default: false resources: @@ -57,6 +60,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -77,16 +81,17 @@ outputs: - 8041 - 13041 gnocchi::api::enabled: true + gnocchi::api::enable_proxy_headers_parsing: true gnocchi::api::service_name: 'httpd' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' - gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS} gnocchi::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} @@ -97,7 +102,12 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} - gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + gnocchi::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} @@ -112,3 +122,11 @@ outputs: gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi::keystone::auth::region: {get_param: KeystoneRegion} gnocchi::keystone::auth::tenant: 'service' + mysql: + gnocchi::db::mysql::password: {get_param: GnocchiPassword} + gnocchi::db::mysql::user: gnocchi + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + gnocchi::db::mysql::dbname: gnocchi + gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 9f114ac4..556baae0 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -56,6 +56,7 @@ outputs: service_name: gnocchi_base config_settings: #Gnocchi engine + gnocchi_redis_password: {get_param: RedisPassword} gnocchi::debug: {get_param: Debug} gnocchi::db::database_connection: list_join: @@ -66,16 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' - gnocchi::storage::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} @@ -94,9 +86,3 @@ outputs: gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' - gnocchi::db::mysql::user: gnocchi - gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - gnocchi::db::mysql::dbname: gnocchi - gnocchi::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 04339f46..983d6c91 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -39,5 +39,9 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] + - tripleo.gnocchi_statsd.firewall_rules: + '140 gnocchi-statsd': + dport: 8125 + proto: 'udp' step_config: | include ::tripleo::profile::base::gnocchi::statsd diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml new file mode 100644 index 00000000..c6d53542 --- /dev/null +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -0,0 +1,51 @@ +heat_template_version: 2016-10-14 + +description: > + HAProxy deployment with TLS enabled, powered by certmonger + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the HAProxy internal TLS via certmonger role. + value: + service_name: haproxy_internal_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::haproxy::use_internal_certificates: true + certificates_specs: + map_merge: + repeat: + template: + haproxy-NETWORK: + service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' + service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' + service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + hostname: "%{hiera('cloud_name_NETWORK')}" + postsave_cmd: "" # TODO + principal: "haproxy/%{hiera('cloud_name_NETWORK')}" + for_each: + NETWORK: + # NOTE(jaosorior) Get unique network names to create + # certificates for those. We skip the tenant network since + # we don't need a certificate for that, and the external + # network will be handled in another template. + yaql: + expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant) + data: + map: + get_param: ServiceNetMap diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml new file mode 100644 index 00000000..1551d16a --- /dev/null +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-10-14 + +description: > + HAProxy deployment with TLS enabled, powered by certmonger + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the HAProxy public TLS via certmonger role. + value: + service_name: haproxy_public_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + certificates_specs: + haproxy-external: + service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' + service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + hostname: "%{hiera('cloud_name_external')}" + postsave_cmd: "" # TODO + principal: "haproxy/%{hiera('cloud_name_external')}" diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 974928c5..675a79ec 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > HAproxy service configured with Puppet @@ -34,20 +34,26 @@ parameters: description: The password for Redis type: string hidden: true - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string +resources: + + HAProxyPublicTLS: + type: OS::TripleO::Services::HAProxyPublicTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + HAProxyInternalTLS: + type: OS::TripleO::Services::HAProxyInternalTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the HAproxy role. @@ -55,14 +61,26 @@ outputs: service_name: haproxy monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: - tripleo.haproxy.firewall_rules: - '107 haproxy stats': - dport: 1993 - tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} - tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} - tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} - tripleo::haproxy::redis_password: {get_param: RedisPassword} - tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} + map_merge: + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] + - tripleo.haproxy.firewall_rules: + '107 haproxy stats': + dport: 1993 + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} + tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} + tripleo::haproxy::redis_password: {get_param: RedisPassword} + tripleo::profile::base::haproxy::certificates_specs: + map_merge: + - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] + - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] step_config: | include ::tripleo::profile::base::haproxy + upgrade_tasks: + - name: Stop haproxy service + tags: step1 + service: name=haproxy state=stopped + - name: Start haproxy service + tags: step4 # Needed at step 4 for mysql + service: name=haproxy state=started diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index a47fec5a..12d4a6a1 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -76,9 +76,11 @@ outputs: include ::tripleo::profile::base::heat::api_cfn service_config_settings: keystone: - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 2ea96fc0..b0cd16dd 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -76,9 +76,11 @@ outputs: include ::tripleo::profile::base::heat::api service_config_settings: keystone: - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 7eb58f56..a2a65d7d 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -77,3 +77,8 @@ outputs: heat::cron::purge_deleted::destination: '/dev/null' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 + service_config_settings: + keystone: + tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' + tripleo::profile::base::keystone::heat_admin_user: 'heat_stack_domain_admin' + tripleo::profile::base::keystone::heat_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 1e7bec23..3f0e4105 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -83,14 +83,7 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} - heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - heat::db::mysql::dbname: heat - heat::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" heat::engine::auth_encryption_key: yaql: expression: $.data.passwords.where($ != '').first() @@ -100,3 +93,16 @@ outputs: - {get_param: [DefaultPasswords, heat_auth_encryption_key]} step_config: | include ::tripleo::profile::base::heat::engine + + service_config_settings: + mysql: + heat::db::mysql::password: {get_param: HeatPassword} + heat::db::mysql::user: heat + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + heat::db::mysql::dbname: heat + heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone: + # This is needed because the keystone profile handles creating the domain + tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 6ea5ec4e..e59dc202 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -24,18 +24,14 @@ parameters: type: json HorizonAllowedHosts: default: '*' - description: A list of IP/Hostname allowed to connect to horizon + description: A list of IP/Hostname for the server Horizon is running on. + Used for header checks. type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string hidden: true default: '' - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. @@ -44,6 +40,10 @@ parameters: default: 'overcloud-horizon' type: string +conditions: + + debug_empty: {equals : [{get_param: Debug}, '']} + outputs: role_data: description: Role data for the Horizon role. @@ -51,33 +51,37 @@ outputs: service_name: horizon monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} config_settings: - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - tripleo.horizon.firewall_rules: - '126 horizon': - dport: - - 80 - - 443 - horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache - horizon::django_session_engine: 'django.contrib.sessions.backends.cache' - horizon::vhost_extra_params: - add_listen: false - priority: 10 - access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} - horizon::django_debug: {get_param: Debug} - horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - horizon::secret_key: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: HorizonSecret} - - {get_param: [DefaultPasswords, horizon_secret]} - memcached_ipv6: {get_param: MemcachedIPv6} + map_merge: + - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + tripleo.horizon.firewall_rules: + '126 horizon': + dport: + - 80 + - 443 + horizon::enable_secure_proxy_ssl_header: true + horizon::disable_password_reveal: true + horizon::enforce_password_check: true + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} + - + if: + - debug_empty + - {} + - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 19e54f5b..c8a2e833 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -73,3 +73,11 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + mysql: + ironic::db::mysql::password: {get_param: IronicPassword} + ironic::db::mysql::user: ironic + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ironic::db::mysql::dbname: ironic + ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 2f242da8..0ff393c6 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -65,12 +65,5 @@ outputs: ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - ironic::db::mysql::password: {get_param: IronicPassword} - ironic::db::mysql::user: ironic - ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - ironic::db::mysql::dbname: ironic - ironic::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 4ac9fc30..f173aa63 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -68,7 +68,7 @@ outputs: list_join: - '' - - 'http://' - - '%{hiera("ironic_conductor_http_host")}:' + - "%{hiera('ironic_conductor_http_host')}:" - {get_param: IronicIPXEPort} ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 2b069d67..b4f1a100 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Keepalived service configured with Puppet @@ -19,19 +19,28 @@ parameters: via parameter_defaults in the resource registry. type: json ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. + default: '' + description: > + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string PublicVirtualInterface: - default: 'br-ex' + default: '' description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string MonitoringSubscriptionKeepalived: default: 'overcloud-keepalived' type: string +conditions: + + control_iface_empty: {equals : [{get_param: ControlVirtualInterface}, '']} + public_iface_empty: {equals : [{get_param: PublicVirtualInterface}, '']} + outputs: role_data: description: Role data for the Keepalived role. @@ -39,7 +48,27 @@ outputs: service_name: keepalived monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} + map_merge: + - tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp + - + if: + - control_iface_empty + - {} + - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + - + if: + - public_iface_empty + - {} + - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived + upgrade_tasks: + - name: Stop keepalived service + tags: step1 + service: name=keepalived state=stopped + - name: Start keepalived service + tags: step4 # Needed at step 4 for mysql + service: name=keepalived state=started + diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 2f01578e..69898718 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KernelPidMax: + default: 1048576 + description: Configures sysctl kernel.pid_max key + type: number outputs: role_data: @@ -39,11 +43,17 @@ outputs: net.netfilter.nf_conntrack_max: value: 500000 # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.all.accept_ra: + value: 0 net.ipv6.conf.default.accept_ra: value: 0 + net.ipv6.conf.all.autoconf: + value: 0 net.ipv6.conf.default.autoconf: value: 0 net.core.netdev_max_backlog: value: 10000 + kernel.pid_max: + value: {get_param: KernelPidMax} step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b7a807fa..e48d7037 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Keystone service configured with Puppet @@ -32,6 +32,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + KeystoneTokenProvider: + description: The keystone token format + type: string + default: 'uuid' + constraints: + - allowed_values: ['uuid', 'fernet'] ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -83,9 +89,9 @@ parameters: KeystoneWorkers: type: string description: Set the number of workers for keystone::wsgi::apache - default: '"%{::processorcount}"' + default: '%{::os_workers}' MonitoringSubscriptionKeystone: - default: 'overcloud-kestone' + default: 'overcloud-keystone' type: string KeystoneCredential0: type: string @@ -93,11 +99,20 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneFernetKey0: + type: string + description: The first Keystone fernet key. Must be a valid key. + KeystoneFernetKey1: + type: string + description: The second Keystone fernet key. Must be a valid key. KeystoneLoggingSource: type: json default: tag: openstack.keystone path: /var/log/keystone/keystone.log + EnableInternalTLS: + type: boolean + default: false resources: @@ -107,6 +122,10 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + +conditions: + keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} outputs: role_data: @@ -130,9 +149,12 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' keystone::admin_token: {get_param: AdminToken} + keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::token_provider: {get_param: KeystoneTokenProvider} + keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]} keystone::enable_proxy_headers_parsing: true keystone::enable_credential_setup: true keystone::credential_keys: @@ -140,8 +162,12 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} + keystone::fernet_keys: + '/etc/keystone/fernet-keys/0': + content: {get_param: KeystoneFernetKey0} + '/etc/keystone/fernet-keys/1': + content: {get_param: KeystoneFernetKey1} keystone::debug: {get_param: Debug} - keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -155,12 +181,6 @@ outputs: keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - keystone::db::mysql::dbname: keystone - keystone::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" keystone::rabbit_heartbeat_timeout_threshold: 60 keystone::cron::token_flush::maxdelay: 3600 keystone::roles::admin::service_tenant: 'service' @@ -170,17 +190,18 @@ outputs: ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' - keystone::wsgi::apache::ssl: false + keystone::enable_ssl: {get_param: EnableInternalTLS} + keystone::wsgi::apache::ssl: {get_param: EnableInternalTLS} keystone::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::servername_admin: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} @@ -195,16 +216,46 @@ outputs: - 13000 - 35357 - 13357 + keystone::admin_bind_host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::public_bind_host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - # NOTE: this applies to all 4 bind IP settings below... - keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} - keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + # NOTE: this applies to all 2 bind IP settings below... keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} step_config: | include ::tripleo::profile::base::keystone + service_config_settings: + mysql: + keystone::db::mysql::password: {get_param: AdminToken} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Stop keystone service (running under httpd) + tags: step2 + service: name=httpd state=stopped + - name: Sync keystone DB + tags: step5 + command: keystone-manage db_sync + - name: Start keystone service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index e051781e..58b423fd 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -70,7 +70,7 @@ parameters: - tag_pattern: '**' type: record_transformer record: - nodename: '${hostname}' + host: '${hostname}' - tag_pattern: 'openstack.**' type: record_transformer diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 9882adc4..b4b3d480 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,6 +51,11 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' + tripleo.manila_api.firewall_rules: + '150 manila': + dport: + - 8786 + - 13786 # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -62,13 +67,15 @@ outputs: step_config: | include ::tripleo::profile::base::manila::api service_config_settings: - keystone: - manila::keystone::auth::tenant: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword} - manila::keystone::auth::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [ManilaBase, role_data, service_config_settings] + - keystone: + manila::keystone::auth::tenant: 'service' + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 89a36d21..0fc39e2a 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -19,9 +19,6 @@ parameters: via parameter_defaults in the resource registry. type: json # CephFS Native backend params: - ManilaCephFSNativeEnableBackend: - type: boolean - default: false ManilaCephFSNativeBackendName: type: string default: cephfsnative @@ -33,7 +30,7 @@ parameters: default: 'cephfs' ManilaCephFSNativeCephFSConfPath: type: string - default: '/etc/ceph/cephfs.conf' + default: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: type: string default: 'manila' @@ -50,7 +47,6 @@ outputs: value: service_name: manila_backend_cephfs config_settings: - manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend} manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml index 5c001c82..c527666e 100644 --- a/puppet/services/manila-backend-generic.yaml +++ b/puppet/services/manila-backend-generic.yaml @@ -4,9 +4,6 @@ description: > Openstack Manila generic backend. parameters: - ManilaGenericEnableBackend: - type: boolean - default: false ManilaGenericBackendName: type: string default: tripleo_generic @@ -73,7 +70,6 @@ outputs: value: service_name: manila_backend_generic config_settings: - manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend} manila::backend::generic::title: {get_param: ManilaGenericBackendName} manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers} manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath} diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml index c95a8da7..e6d2f250 100644 --- a/puppet/services/manila-backend-netapp.yaml +++ b/puppet/services/manila-backend-netapp.yaml @@ -4,9 +4,6 @@ description: > Openstack Manila netapp backend. parameters: - ManilaNetappEnableBackend: - type: boolean - default: false ManilaNetappDriverHandlesShareServers: type: string default: true @@ -88,7 +85,6 @@ outputs: value: service_name: manila_backend_netapp config_settings: - manila_netapp_enable_backend: {get_param: ManilaNetappEnableBackend} manila::backend::netapp::title: {get_param: ManilaNetappBackendName} manila::backend::netapp::netapp_login: {get_param: ManilaNetappLogin} manila::backend::netapp::driver_handles_share_servers: {get_param: ManilaNetappDriverHandlesShareServers} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index f4ec88c1..844bd3a3 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -40,6 +40,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true outputs: role_data: @@ -52,11 +56,23 @@ outputs: manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} manila::rabbit_port: {get_param: RabbitClientPort} manila::debug: {get_param: Debug} - manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - manila::db::mysql::dbname: manila manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 - manila::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + service_config_settings: + mysql: + manila::db::mysql::password: {get_param: ManilaPassword} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + manila::db::mysql::dbname: manila + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 28addd68..d96b677b 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -54,18 +54,8 @@ outputs: - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::compute::nova::nova_admin_password: {get_param: NovaPassword} manila::compute::nova::nova_admin_tenant_name: 'service' - manila::db::mysql::password: {get_param: ManilaPassword} manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} - manila::sql_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://manila:' - - {get_param: ManilaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/manila' step_config: | include ::tripleo::profile::base::manila::scheduler diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index e42d2fae..49c69fc1 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -21,6 +21,10 @@ parameters: MonitoringSubscriptionManilaShare: default: 'overcloud-manila-share' type: string + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true resources: ManilaBase: @@ -40,5 +44,11 @@ outputs: map_merge: - get_attr: [ManilaBase, role_data, config_settings] - manila::volume::cinder::cinder_admin_tenant_name: 'service' + manila::keystone::authtoken::password: {get_param: ManilaPassword} + manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + manila::keystone::authtoken::project_name: 'service' + service_config_settings: + get_attr: [ManilaBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::manila::share diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml new file mode 100644 index 00000000..44d30358 --- /dev/null +++ b/puppet/services/mistral-api.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Mistral API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MistralWorkers: + default: 1 + description: The number of workers for the mistral-api. + type: number + +resources: + MistralBase: + type: ./mistral-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Mistral API role. + value: + service_name: mistral_api + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + - mistral::api::api_workers: {get_param: MistralWorkers} + mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + tripleo.mistral_api.firewall_rules: + '133 mistral': + dport: + - 8989 + - 13989 + service_config_settings: + get_attr: [MistralBase, role_data, service_config_settings] + step_config: | + include ::tripleo::profile::base::mistral::api diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml new file mode 100644 index 00000000..a11624c0 --- /dev/null +++ b/puppet/services/mistral-base.yaml @@ -0,0 +1,93 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Mistral base service. Shared for all Mistral services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + MistralPassword: + description: The password for the Mistral service and db account, used by the Mistral services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Shared role data for the Mistral services. + value: + service_name: mistral_base + config_settings: + mistral::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://mistral:' + - {get_param: MistralPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/mistral' + mistral::rabbit_userid: {get_param: RabbitUserName} + mistral::rabbit_password: {get_param: RabbitPassword} + mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + mistral::rabbit_port: {get_param: RabbitClientPort} + mistral::debug: {get_param: Debug} + mistral::keystone_password: {get_param: MistralPassword} + mistral::keystone_tenant: 'service' + mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} + mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + service_config_settings: + keystone: + mistral::keystone::auth::tenant: 'service' + mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]} + mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]} + mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]} + mistral::keystone::auth::password: {get_param: MistralPassword} + mistral::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + mistral::db::mysql::user: mistral + mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + mistral::db::mysql::dbname: mistral + mistral::db::mysql::password: {get_param: MistralPassword} + mistral::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml new file mode 100644 index 00000000..10af670d --- /dev/null +++ b/puppet/services/mistral-engine.yaml @@ -0,0 +1,38 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Mistral Engine service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + MistralBase: + type: ./mistral-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Mistral Engine role. + value: + service_name: mistral_engine + config_settings: + get_attr: [MistralBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::mistral::engine diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml new file mode 100644 index 00000000..7afaf0db --- /dev/null +++ b/puppet/services/mistral-executor.yaml @@ -0,0 +1,38 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Mistral API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + MistralBase: + type: ./mistral-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Mistral Executor role. + value: + service_name: mistral_executor + config_settings: + get_attr: [MistralBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::mistral::executor diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index d7350d07..ea23b8b6 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -43,7 +43,19 @@ parameters: description: The RabbitMQ vhost used for monitoring purposes. type: string default: '/sensu' - + SensuRedactVariables: + description: Variables from Sensu configuration, which have to be redacted. + type: comma_delimited_list + default: + - password + - passwd + - pass + - api_key + - api_token + - access_key + - secret_key + - private_key + - secret outputs: role_data: @@ -61,8 +73,7 @@ outputs: sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL} sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName} sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost} - #sensu::redis_host: {get_param: MonitoringRedisHost} - #sensu::redis_password: {get_param: MonitoringRedisPassword} + sensu::redact: {get_param: SensuRedactVariables} sensu::sensu_plugin_provider: 'yum' sensu::sensu_plugin_name: 'rubygem-sensu-plugin' sensu::version: 'present' diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index 3f37e750..a26c7458 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -18,6 +18,13 @@ parameters: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + AdminPassword: + description: Keystone admin user password + type: string + KeystoneRegion: + default: 'regionOne' + description: Keystone region for endpoint + type: string SensuClientCustomConfig: default: {} description: Hash containing custom sensu-client variables. @@ -44,6 +51,14 @@ outputs: - sensu::api: false sensu::client: true sensu::server: false - sensu::client_custom: {get_param: SensuClientCustomConfig} + sensu::client_custom: + map_merge: + - {get_param: SensuClientCustomConfig} + - openstack: + username: 'admin' + password: {get_param: AdminPassword} + auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + tenant_name: 'admin' + region: {get_param: KeystoneRegion} step_config: | include ::tripleo::profile::base::monitoring::sensu diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 8cfa20bd..5fd9d7a2 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -37,13 +37,6 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string - NeutronL3HA: - default: false - description: | - Whether to enable HA for virtual routers. While the default value is - 'false', L3 HA will be automatically enabled if the number of nodes hosting - controller configurations and DVR is disabled. - type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -64,13 +57,30 @@ parameters: default: tag: openstack.neutron.api path: /var/log/neutron/server.log - ControllerCount: + + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Ocata cycle. + NeutronL3HA: + default: '' + type: string description: | - Under normal conditions, this should not be overridden manually and is - set at deployment time. The default value is present to allow the - template to be used in environments that do not override it. - default: 1 - type: number + Whether to enable HA for virtual routers. When not set, L3 HA will be + automatically enabled if the number of nodes hosting controller + configurations and DVR is disabled. Valid values are 'true' or 'false' + This parameter is being deprecated in Newton and is scheduled to be + removed in Ocata. Future releases will enable L3 HA by default if it is + appropriate for the deployment type. Alternate mechanisms will be + available to override. + +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. If you have concerns regarding deprecated + parameters, please contact the TripleO development team on IRC or the + OpenStack mailing list. + parameters: + - NeutronL3HA resources: @@ -81,18 +91,6 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} -conditions: - - auto_enable_l3_ha: - and: - - not: - equals: - - get_param: ControllerCount - - 1 - - equals: - - get_param: NeutronEnableDVR - - false - outputs: role_data: description: Role data for the Neutron Server agent service. @@ -119,7 +117,7 @@ outputs: neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} + neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } @@ -129,23 +127,11 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - neutron::db::mysql::password: {get_param: NeutronPassword} - neutron::db::mysql::user: neutron - neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - neutron::db::mysql::dbname: ovs_neutron - neutron::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '106 vrrp': - proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): @@ -153,6 +139,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server service_config_settings: @@ -163,3 +150,11 @@ outputs: neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron::keystone::auth::password: {get_param: NeutronPassword} neutron::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + neutron::db::mysql::password: {get_param: NeutronPassword} + neutron::db::mysql::user: neutron + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + neutron::db::mysql::dbname: ovs_neutron + neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 32d50d41..3d03c313 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -33,7 +33,7 @@ parameters: from neutron.core_plugins namespace. type: string NeutronServicePlugins: - default: "router,qos" + default: "router,qos,trunk" description: | Comma-separated list of service plugin entrypoints to be loaded from the neutron.service_plugins namespace. @@ -50,16 +50,13 @@ parameters: to false may result in configuration remnants after updates/upgrades. NeutronGlobalPhysnetMtu: type: number - default: 1496 + default: 1500 description: | MTU of the underlying physical network. Neutron uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay - protocol overhead from this value. The default value of 1496 is - currently in effect to compensate for some additional overhead when - deploying with some network configurations (e.g. network isolation over - single network interfaces) + protocol overhead from this value. ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -87,16 +84,12 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron::core_plugin: {get_param: NeutronCorePlugin} - neutron::service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} + neutron::service_plugins: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 - neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::host: '%{::fqdn}' neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 9e223374..dfa8c062 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Neutron L3 agent configured with Puppet @@ -43,6 +43,10 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -63,9 +67,15 @@ outputs: - neutron config_settings: map_merge: - - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} + tripleo.neutron_l3.firewall_rules: + '106 neutron_l3 vrrp': + proto: vrrp + - + if: + - external_network_bridge_empty + - {} - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::router_delete_namespaces: True - neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 8be4c6d6..c87de285 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -72,6 +72,6 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' - neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' + neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cbe65638..e2b90b7b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -94,21 +94,9 @@ outputs: - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} - neutron::agents::ml2::ovs::bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron::agents::ml2::ovs::tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron::agents::ml2::ovs::extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} + neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings} + neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -117,5 +105,11 @@ outputs: # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} + tripleo.neutron_ovs_agent.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index cc772c9d..fdfa1c03 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -22,7 +22,7 @@ parameters: description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - - allowed_pattern: "[0-9,-]+" + - allowed_pattern: "'[0-9,-]+'" NeutronDpdkMemoryChannels: description: Number of memory channels to be used for DPDK type: string diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 17e8bca1..88b5064c 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -33,7 +33,7 @@ parameters: default: 'datacentre' description: If set, flat networks to configure in neutron plugins. NeutronPluginExtensions: - default: "qos,port_security,trunk" + default: "qos,port_security" description: | Comma-separated list of extensions enabled for the Neutron plugin. type: comma_delimited_list @@ -83,46 +83,14 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron::plugins::ml2::type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron::plugins::ml2::flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron::plugins::ml2::extension_drivers: - str_replace: - template: PLUGIN_EXTENSIONS - params: - PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} - neutron::plugins::ml2::network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron::plugins::ml2::tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron::plugins::ml2::vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron::plugins::ml2::tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} + - neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers} + neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks} + neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions} + neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} + neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} + neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml index 4e294965..098c9d05 100644 --- a/puppet/services/neutron-plugin-opencontrail.yaml +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -59,7 +59,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions,/usr/lib/python2.7/site-packages/neutron_lbaas/extensions neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 44f7f242..0ab066d7 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -25,6 +25,7 @@ parameters: All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. + Example "tenant0:ens2f0,tenant1:ens2f1" type: comma_delimited_list default: "" NeutronExcludeDevices: @@ -40,8 +41,8 @@ parameters: NeutronSriovNumVFs: description: > Provide the list of VFs to be reserved for each SR-IOV interface. - Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>" - Example "eth1:4096","eth2:128" + Format "<interface_name1>:<numvfs1>,<interface_name2>:<numvfs2>" + Example "eth1:4096,eth2:128" type: comma_delimited_list default: "" diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 25ae0176..50e4c996 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova API service configured with Puppet @@ -51,8 +51,22 @@ parameters: default: tag: openstack.nova.api path: /var/log/nova/nova-api.log + EnableInternalTLS: + type: boolean + default: false + +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + NovaBase: type: ./nova-base.yaml properties: @@ -71,40 +85,55 @@ outputs: - nova config_settings: map_merge: - - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - nova::cron::archive_deleted_rows::hour: '*/12' + nova::cron::archive_deleted_rows::destination: '/dev/null' + tripleo.nova_api.firewall_rules: + '113 nova_api': + dport: + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::api::enabled: true + nova::api::default_floating_pool: 'public' + nova::api::sync_db_api: true + nova::api::enable_proxy_headers_parsing: true + nova::api::api_bind_address: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::service_name: 'httpd' + nova::wsgi::apache::ssl: {get_param: EnableInternalTLS} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + nova::api::instance_name_template: {get_param: InstanceNameTemplate} + nova_enable_db_purge: {get_param: NovaEnableDBPurge} + - + if: + - nova_workers_zero + - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - nova::api::metadata_workers: {get_param: NovaWorkers} - nova::cron::archive_deleted_rows::hour: '"*/12"' - nova::cron::archive_deleted_rows::destination: '"/dev/null"' - tripleo.nova_api.firewall_rules: - '113 nova_api': - dport: - - 6080 - - 13080 - - 8773 - - 3773 - - 8774 - - 13774 - - 8775 - nova::keystone::authtoken::project_name: 'service' - nova::keystone::authtoken::password: {get_param: NovaPassword} - nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - nova::api::enabled: true - nova::api::default_floating_pool: 'public' - nova::api::sync_db_api: true - nova::api::enable_proxy_headers_parsing: true - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} - nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - nova::api::instance_name_template: {get_param: InstanceNameTemplate} - nova_enable_db_purge: {get_param: NovaEnableDBPurge} - + nova::wsgi::apache::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -115,3 +144,18 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + nova::db::mysql::password: {get_param: NovaPassword} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_param: NovaPassword} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 24a63bb4..20bf2e42 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova base service. Shared for all Nova services. @@ -66,6 +66,9 @@ parameters: type: string description: Nova Compute upgrade level default: '' +conditions: + + compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} outputs: role_data: @@ -73,71 +76,50 @@ outputs: value: service_name: nova_base config_settings: - nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_userid: {get_param: RabbitUserName} - nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - nova::rabbit_port: {get_param: RabbitClientPort} - nova::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova' - nova::api_database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova_api:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova_api' - nova::db::mysql::password: {get_param: NovaPassword} - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_param: NovaPassword} - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::debug: {get_param: Debug} - nova::purge_config: {get_param: EnableConfigPurge} - nova::network::neutron::neutron_project_name: 'service' - nova::network::neutron::neutron_username: 'neutron' - nova::network::neutron::dhcp_domain: '' - nova::network::neutron::neutron_password: {get_param: NeutronPassword} - nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} - nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - nova::rabbit_heartbeat_timeout_threshold: 60 - nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' - nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. - nova::notify_on_state_change: 'vm_and_task_state' - nova::notification_driver: messagingv2 - nova::network::neutron::neutron_auth_type: 'v3password' - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::database_db_max_retries: -1 - nova::db::database_max_retries: -1 - nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - nova::use_ipv6: {get_param: NovaIPv6} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} - nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + map_merge: + - nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova' + nova::api_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_api' + nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '%{::fqdn}' + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + - + if: + - compute_upgrade_level_empty + - {} + - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7f2510e..908b676e 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -52,7 +52,7 @@ parameters: For different formats, refer to the nova.conf documentation for pci_passthrough_whitelist configuration type: json - default: '' + default: {} NovaVcpuPinSet: description: > A list or range of physical CPU cores to reserve for virtual machine @@ -97,11 +97,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::compute::libvirt::manage_libvirt_services: false - nova::compute::pci_passthrough: - str_replace: - template: "'JSON_PARAM'" - params: - JSON_PARAM: {get_param: NovaPCIPassthrough} + nova::compute::pci_passthrough: {get_param: NovaPCIPassthrough} nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} # we manage migration in nova common puppet profile @@ -117,7 +113,7 @@ outputs: - '.' - - 'client' - {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 2671cdd3..a10d9560 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova Conductor service configured with Puppet @@ -31,6 +31,9 @@ parameters: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + resources: NovaBase: type: ./nova-base.yaml @@ -50,7 +53,11 @@ outputs: - nova config_settings: map_merge: - - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [NovaBase, role_data, config_settings] + - + if: + - nova_workers_zero + - {} - nova::conductor::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::conductor diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index b5ca2437..70774bac 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -50,6 +50,13 @@ outputs: tripleo::profile::base::nova::libvirt_enabled: true nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + tripleo.nova_libvirt.firewall_rules: + '200 nova_libvirt': + dport: + - 16509 + - 16514 + - '49152-49215' + - '5900-5999' step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 92373c56..40931da6 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova API service configured with Puppet @@ -23,12 +23,20 @@ parameters: description: Number of workers for Nova API service. type: number +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + outputs: role_data: description: Role data for the Nova Metadata service. value: service_name: nova_metadata config_settings: - nova::api::metadata_workers: {get_param: NovaWorkers} - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + map_merge: + - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - + if: + - nova_workers_zero + - {} + - nova::api::metadata_workers: {get_param: NovaWorkers} step_config: "" diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index d89e3e11..d4e5fff6 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -58,7 +58,7 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - - nova::scheduler::filter::ram_allocation_ratio: '1.0' + - nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 85d59ae6..e6b0703f 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -57,5 +57,10 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} + tripleo.nova_vnc_proxy.firewall_rules: + '137 nova_vnc_proxy': + dport: + - 6080 + - 13080 step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index d2ee036e..253d63ef 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -8,10 +8,6 @@ parameters: default: 8081 description: Set opendaylight service port type: number - EnableOpenDaylightOnController: - default: false - description: Whether to install OpenDaylight on control nodes. - type: boolean OpenDaylightUsername: default: 'admin' description: The username for the opendaylight server. @@ -33,14 +29,6 @@ parameters: description: List of features to install with ODL type: comma_delimited_list default: ["odl-netvirt-openstack","odl-netvirt-ui"] - OpenDaylightConnectionProtocol: - description: L7 protocol used for REST access - type: string - default: 'http' - OpenDaylightCheckURL: - description: URL postfix to verify ODL has finished starting up - type: string - default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' OpenDaylightApiVirtualIP: type: string default: '' @@ -66,15 +54,11 @@ outputs: service_name: opendaylight_api config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} - odl_on_controller: {get_param: EnableOpenDaylightOnController} - opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} - opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} - opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]} + opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} step_config: | include tripleo::profile::base::neutron::opendaylight - include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 8bcb72f7..63d12fe2 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -19,6 +28,11 @@ parameters: OpenDaylightApiVirtualIP: type: string default: '' + OpenDaylightProviderMappings: + description: Mappings between logical networks and physical interfaces. + Required for VLAN deployments. For example physnet1 -> eth1. + type: comma_delimited_list + default: "datacentre:br-ex" EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -41,7 +55,21 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::plugins::ovs::opendaylight::provider_mappings: + str_replace: + template: MAPPINGS + params: + MAPPINGS: {get_param: OpenDaylightProviderMappings} + tripleo.opendaylight_ovs.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 11b9bf8f..d91a0181 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -41,5 +41,6 @@ outputs: - get_attr: [CinderVolumeBase, role_data, config_settings] - cinder::volume::manage_service: false cinder::volume::enabled: false + cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml index 64ae2e91..982b6064 100644 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -22,7 +22,7 @@ parameters: resources: MongoDbBase: - type: ../../database/mongodb-base.yaml + type: ../../database/mongodb.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index 7deaf0ca..f2905903 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -40,7 +40,7 @@ outputs: - tripleo::profile::pacemaker::database::mysql::bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index d9156e67..196754eb 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -21,7 +21,7 @@ parameters: resources: RedisBase: - type: ../../database/redis-base.yaml + type: ../../database/redis.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 52104a71..e4115d64 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -38,7 +38,5 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true - enable_keepalived: false - tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml new file mode 100644 index 00000000..a8bd5e8a --- /dev/null +++ b/puppet/services/panko-api.yaml @@ -0,0 +1,84 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionPankoApi: + default: 'overcloud-ceilometer-panko-api' + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + PankoBase: + type: ./panko-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + +outputs: + role_data: + description: Role data for the Panko API service. + value: + service_name: panko_api + monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} + config_settings: + map_merge: + - get_attr: [PankoBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} + panko::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + panko::api::service_name: 'httpd' + panko::api::enable_proxy_headers_parsing: true + tripleo.panko_api.firewall_rules: + '140 panko-api': + dport: + - 8779 + - 13779 + panko::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} + service_config_settings: + get_attr: [PankoBase, role_data, service_config_settings] + step_config: | + include tripleo::profile::base::panko::api diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml new file mode 100644 index 00000000..af9c5353 --- /dev/null +++ b/puppet/services/panko-base.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + PankoPassword: + description: The password for the panko services. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Panko role. + value: + service_name: panko_base + config_settings: + panko::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://panko:' + - {get_param: PankoPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/panko' + panko::debug: {get_param: Debug} + panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::project_name: 'service' + panko::keystone::authtoken::password: {get_param: PankoPassword} + panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + panko::auth::auth_password: {get_param: PankoPassword} + panko::auth::auth_region: 'regionOne' + panko::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} + panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} + panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} + panko::keystone::auth::password: {get_param: PankoPassword} + panko::keystone::auth::region: {get_param: KeystoneRegion} + panko::keystone::auth::tenant: 'service' + mysql: + panko::db::mysql::user: panko + panko::db::mysql::password: {get_param: PankoPassword} + panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + panko::db::mysql::dbname: panko + panko::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 52300a2f..08f3f6bc 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -38,6 +38,13 @@ parameters: type: string default: '' hidden: true + RabbitHAQueues: + description: + The number of HA queues to be configured in rabbit. The default is 0 which will + be automatically overridden to CEIL(N/2) where N is the number of nodes running + rabbitmq. + default: 0 + type: number MonitoringSubscriptionRabbitmq: default: 'overcloud-rabbitmq' type: string @@ -64,15 +71,18 @@ outputs: rabbitmq::port: '5672' rabbitmq::package_source: undef rabbitmq::repos_ensure: false + rabbitmq::tcp_keepalive: true rabbitmq_environment: + NODE_PORT: '' + NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: inet_dist_listen_min: '25672' inet_dist_listen_max: '25672' rabbitmq_config_variables: - tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' + queue_master_locator: '<<"min-masters">>' loopback_users: '[]' rabbitmq::erlang_cookie: yaql: @@ -87,6 +97,15 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} step_config: | include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + tags: step6 + service: name=rabbitmq-server state=started + diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 4f139b5f..54e63df4 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -82,3 +82,11 @@ outputs: sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara::keystone::auth::password: {get_param: SaharaPassword } sahara::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c3986b77..4072a150 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -44,6 +44,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + SaharaPlugins: + default: ["ambari","cdh","mapr","vanilla","spark","storm"] + description: Sahara enabled plugin list + type: comma_delimited_list outputs: role_data: @@ -60,13 +64,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -76,13 +73,7 @@ outputs: sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true - sahara::plugins: - - ambari - - cdh - - mapr - - vanilla - - spark - - storm + sahara::plugins: {get_param: SaharaPlugins} sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' sahara::db::database_db_max_retries: -1 diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7b5fa40c..97f87061 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -42,6 +42,11 @@ resources: LoggingConfiguration: type: OS::TripleO::LoggingConfiguration + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + outputs: role_data: description: Combined Role data for this set of services. @@ -54,8 +59,8 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} logging_sources: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some @@ -78,8 +83,9 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} @@ -93,17 +99,23 @@ outputs: groups: - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] - yaql: - expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} service_config_settings: yaql: - expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) - data: {get_attr: [ServiceChain, role_data]} + expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + upgrade_tasks: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 8b990bcd..94db9e41 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Swift Proxy service configured with Puppet @@ -41,6 +41,26 @@ parameters: MonitoringSubscriptionSwiftProxy: default: 'overcloud-swift-proxy' type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -66,6 +86,12 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} + swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} + swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} + swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -75,20 +101,36 @@ outputs: - admin - swiftoperator - ResellerAdmin + swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index e151d185..5c70b6ab 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -38,7 +38,10 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json - + SwiftUseLocalDir: + default: true + description: 'Use a local directory for Swift storage services when building rings' + type: boolean outputs: role_data: @@ -48,18 +51,18 @@ outputs: config_settings: tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild} tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas} + tripleo::profile::base::swift::ringbuilder::part_power: {get_param: SwiftPartPower} + tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-' tripleo::profile::base::swift::ringbuilder::raw_disks: yaql: expression: $.data.raw_disk_lists.flatten() data: raw_disk_lists: - - [':%PORT%/d1'] + - {if: [{get_param: SwiftUseLocalDir}, [':%PORT%/d1'], []]} - repeat: template: ':%PORT%/DEVICE' for_each: DEVICE: {get_param: SwiftRawDisks} - swift::ringbuilder::part_power: {get_param: SwiftPartPower} - swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} step_config: | include ::tripleo::profile::base::swift::ringbuilder diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 7fbb8d90..cffe78f5 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -86,7 +86,7 @@ outputs: swift::storage::all::account_pipeline: - healthcheck - account-server - swift::storage::disks: {get_param: SwiftRawDisks} + swift::storage::disks::args: {get_param: SwiftRawDisks} swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]} step_config: | include ::tripleo::profile::base::swift::storage diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f..7eb39905 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 124f5fe8..69912fa5 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,3 +32,7 @@ outputs: tripleo::packages::enable_install: {get_param: EnablePackageInstall} step_config: | include ::tripleo::packages + upgrade_tasks: + - name: Update all packages + tags: step3 + yum: name=* state=latest diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml deleted file mode 100644 index a9d757ee..00000000 --- a/puppet/services/vip-hosts.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - If the deployer doesn't have a DNS server for the overcloud nodes. This will - populate the node-names and IPs for the VIPs of the overcloud. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: role data for the VIP hosts role - value: - service_name: vip_hosts - config_settings: - tripleo::vip_hosts::hosts_spec: - external: - name: "%{hiera('cloud_name_external')}" - ip: "%{hiera('public_virtual_ip')}" - ensure: present - comment: FQDN of the external VIP - internal_api: - name: "%{hiera('cloud_name_internal_api')}" - ip: "%{hiera('internal_api_virtual_ip')}" - ensure: present - comment: FQDN of the internal api VIP - storage: - name: "%{hiera('cloud_name_storage')}" - ip: "%{hiera('storage_virtual_ip')}" - ensure: present - comment: FQDN of the storage VIP - storage_mgmt: - name: "%{hiera('cloud_name_storage_mgmt')}" - ip: "%{hiera('storage_mgmt_virtual_ip')}" - ensure: present - comment: FQDN of the storage mgmt VIP - ctlplane: - name: "%{hiera('cloud_name_ctlplane')}" - ip: "%{hiera('controller_virtual_ip')}" - ensure: present - comment: FQDN of the ctlplane VIP - step_config: | - include ::tripleo::vip_hosts diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml new file mode 100644 index 00000000..77240c3c --- /dev/null +++ b/puppet/services/zaqar.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Zaqar service. Shared for all Heat services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ZaqarPassword: + description: The password for Zaqar + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + service_name: zaqar + config_settings: + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + service_config_settings: + keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::zaqar diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml new file mode 100644 index 00000000..c67e10b3 --- /dev/null +++ b/puppet/upgrade_config.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade for via ansible by applying a step related tag' + +parameters: + UpgradeStepConfig: + type: json + description: Config (ansible yaml) that will be used to step through the deployment. + default: '' + + step: + type: string + description: Step number of the upgrade + +resources: + + AnsibleConfig: + type: OS::Heat::Value + properties: + value: + str_replace: + template: CONFIG + params: + CONFIG: + - hosts: localhost + connection: local + tasks: {get_param: UpgradeStepConfig} + + AnsibleUpgradeConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: ansible + options: + tags: + str_replace: + template: "stepSTEP" + params: + STEP: {get_param: step} + inputs: + - name: role + config: {get_attr: [AnsibleConfig, value]} + +outputs: + OS::stack_id: + description: The software config which runs ansible with tags + value: {get_resource: AnsibleUpgradeConfigImpl} + upgrade_config: + description: The configuration file used for upgrade + value: {get_attr: [AnsibleConfig, value]} diff --git a/requirements.txt b/requirements.txt index 4e46b891..9c4a708a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ pbr>=0.5.21,<1.0 +Jinja2>=2.8 # BSD License (3 clause) diff --git a/roles_data.yaml b/roles_data.yaml index fe98d827..81ddf9ca 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -73,12 +73,12 @@ - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd - - OS::Tripleo::Services::ManilaApi - - OS::Tripleo::Services::ManilaScheduler - - OS::Tripleo::Services::ManilaBackendGeneric - - OS::Tripleo::Services::ManilaBackendNetapp - - OS::Tripleo::Services::ManilaBackendCephFs - - OS::Tripleo::Services::ManilaShare + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhNotifier @@ -90,10 +90,13 @@ - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylight + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar - name: Compute CountDefault: 1 @@ -119,12 +122,11 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: BlockStorage ServicesDefault: - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone @@ -133,7 +135,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: ObjectStorage ServicesDefault: @@ -148,7 +149,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: CephStorage ServicesDefault: @@ -156,9 +156,9 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh new file mode 100755 index 00000000..f456b316 --- /dev/null +++ b/scripts/hosts-config.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -eux +set -o pipefail + +write_entries() { + local file="$1" + local entries="$2" + + # Don't do anything if the file isn't there + if [ ! -f "$file" ]; then + return + fi + + if grep -q "^# HEAT_HOSTS_START" "$file"; then + temp=$(mktemp) + awk -v v="$entries" '/^# HEAT_HOSTS_START/ { + print $0 + print v + f=1 + }f &&!/^# HEAT_HOSTS_END$/{next}/^# HEAT_HOSTS_END$/{f=0}!f' "$file" > "$temp" + echo "INFO: Updating hosts file $file, check below for changes" + diff "$file" "$temp" || true + cat "$temp" > "$file" + else + echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file" + echo "$entries" >> "$file" + echo -ne "# HEAT_HOSTS_END\n\n" >> "$file" + fi + +} + +if [ ! -z "$hosts" ]; then + for tmpl in /etc/cloud/templates/hosts.*.tmpl ; do + write_entries "$tmpl" "$hosts" + done + write_entries "/etc/hosts" "$hosts" +else + echo "No hosts in Heat, nothing written." +fi diff --git a/tools/process-templates.py b/tools/process-templates.py new file mode 100755 index 00000000..a15b00e2 --- /dev/null +++ b/tools/process-templates.py @@ -0,0 +1,125 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import jinja2 +import os +import sys +import yaml + + +def parse_opts(argv): + parser = argparse.ArgumentParser( + description='Configure host network interfaces using a JSON' + ' config file format.') + parser.add_argument('-p', '--base_path', metavar='BASE_PATH', + help="""base path of templates to process.""", + default='.') + parser.add_argument('-r', '--roles-data', metavar='ROLES_DATA', + help="""relative path to the roles_data.yaml file.""", + default='roles_data.yaml') + parser.add_argument('--safe', + action='store_true', + help="""Enable safe mode (do not overwrite files).""", + default=False) + opts = parser.parse_args(argv[1:]) + + return opts + + +def _j2_render_to_file(j2_template, j2_data, outfile_name=None, + overwrite=True): + yaml_f = outfile_name or j2_template.replace('.j2.yaml', '.yaml') + print('rendering j2 template to file: %s' % outfile_name) + + if not overwrite and os.path.exists(outfile_name): + print('ERROR: path already exists for file: %s' % outfile_name) + sys.exit(1) + + try: + # Render the j2 template + template = jinja2.Environment().from_string(j2_template) + r_template = template.render(**j2_data) + except jinja2.exceptions.TemplateError as ex: + error_msg = ("Error rendering template %s : %s" + % (yaml_f, six.text_type(ex))) + print(error_msg) + raise Exception(error_msg) + with open(outfile_name, 'w') as out_f: + out_f.write(r_template) + + +def process_templates(template_path, role_data_path, overwrite): + + with open(role_data_path) as role_data_file: + role_data = yaml.safe_load(role_data_file) + + j2_excludes_path = os.path.join(template_path, 'j2_excludes.yaml') + with open(j2_excludes_path) as role_data_file: + j2_excludes = yaml.safe_load(role_data_file) + + role_names = [r.get('name') for r in role_data] + r_map = {} + for r in role_data: + r_map[r.get('name')] = r + excl_templates = ['%s/%s' % (template_path, e) + for e in j2_excludes.get('name')] + + if os.path.isdir(template_path): + for subdir, dirs, files in os.walk(template_path): + for f in files: + file_path = os.path.join(subdir, f) + # We do two templating passes here: + # 1. *.role.j2.yaml - we template just the role name + # and create multiple files (one per role) + # 2. *.j2.yaml - we template with all roles_data, + # and create one file common to all roles + if f.endswith('.role.j2.yaml'): + print("jinja2 rendering role template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering roles %s" % "," + .join(role_names)) + for role in role_names: + j2_data = {'role': role} + # (dprince) For the undercloud installer we don't + # want to have heat check nova/glance API's + if r_map[role].get('disable_constraints', False): + j2_data['disable_constraints'] = True + out_f = "-".join( + [role.lower(), + os.path.basename(f).replace('.role.j2.yaml', + '.yaml')]) + out_f_path = os.path.join(subdir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path, overwrite) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): + print("jinja2 rendering normal template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + j2_data = {'roles': role_data} + out_f = file_path.replace('.j2.yaml', '.yaml') + _j2_render_to_file(template_data, j2_data, out_f, + overwrite) + + else: + print('Unexpected argument %s' % template_path) + +opts = parse_opts(sys.argv) + +role_data_path = os.path.join(opts.base_path, opts.roles_data) + +process_templates(opts.base_path, role_data_path, (not opts.safe)) diff --git a/tools/yaml-nic-config-2-script.py b/tools/yaml-nic-config-2-script.py new file mode 100755 index 00000000..b8f07e4f --- /dev/null +++ b/tools/yaml-nic-config-2-script.py @@ -0,0 +1,219 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import collections +import copy +import os +import sys +import traceback +import yaml +import six +import re + + +#convert comments into 'comments<num>: ...' YAML +def to_commented_yaml(filename): + out_str = '' + last_non_comment_spaces = '' + with open(filename, 'r') as f: + comment_count = 0 + for line in f: + char_count = 0 + spaces = '' + for char in line: + char_count += 1 + if char == ' ': + spaces+=' ' + next; + elif char == '#': + comment_count += 1 + comment = line[char_count:-1] + out_str += "%scomment%i_%i: '%s'\n" % (last_non_comment_spaces, comment_count, len(spaces), comment) + break; + else: + last_non_comment_spaces = spaces + out_str += line + + #inline comments check + m = re.match(".*:.*#(.*)", line) + if m: + comment_count += 1 + out_str += "%s inline_comment%i: '%s'\n" % (last_non_comment_spaces, comment_count, m.group(1)) + break; + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + +#convert back to normal #commented YAML +def to_normal_yaml(filename): + + with open(filename, 'r') as f: + data = f.read() + + out_str = '' + next_line_break = False + for line in data.split('\n'): + m = re.match(" +comment[0-9]+_([0-9]+): '(.*)'.*", line) #normal comments + i = re.match(" +inline_comment[0-9]+: '(.*)'.*", line) #inline comments + if m: + if next_line_break: + out_str += '\n' + next_line_break = False + for x in range(0, int(m.group(1))): + out_str += " " + out_str += "#%s\n" % m.group(2) + elif i: + out_str += " #%s\n" % i.group(1) + next_line_break = False + else: + if next_line_break: + out_str += '\n' + out_str += line + next_line_break = True + + if next_line_break: + out_str += '\n' + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + + +class description(six.text_type): + pass + +# FIXME: Some of this duplicates code from build_endpoint_map.py, we should +# refactor to share the common code +class TemplateDumper(yaml.SafeDumper): + def represent_ordered_dict(self, data): + return self.represent_dict(data.items()) + + def description_presenter(self, data): + if '\n' in data: + style = '>' + else: + style = '' + return self.represent_scalar( + yaml.resolver.BaseResolver.DEFAULT_SCALAR_TAG, data, style=style) + + +# We load mappings into OrderedDict to preserve their order +class TemplateLoader(yaml.SafeLoader): + def construct_mapping(self, node): + self.flatten_mapping(node) + return collections.OrderedDict(self.construct_pairs(node)) + + +TemplateDumper.add_representer(description, + TemplateDumper.description_presenter) + +TemplateDumper.add_representer(collections.OrderedDict, + TemplateDumper.represent_ordered_dict) + + +TemplateLoader.add_constructor(yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, + TemplateLoader.construct_mapping) + +def write_template(template, filename=None): + with open(filename, 'w') as f: + yaml.dump(template, f, TemplateDumper, width=120, default_flow_style=False) + +def exit_usage(): + print('Usage %s <yaml file>' % sys.argv[0]) + sys.exit(1) + +def convert(filename): + print('Converting %s' % filename) + try: + tpl = yaml.load(open(filename).read(), Loader=TemplateLoader) + except Exception: + print(traceback.format_exc()) + return 0 + + # Check which path we need for run-os-net-config.sh because we have + # nic config templates in the top-level and network/config + script_paths = ['network/scripts/run-os-net-config.sh', + '../../scripts/run-os-net-config.sh'] + script_path = None + for p in script_paths: + check_path = os.path.join(os.path.dirname(filename), p) + if os.path.isfile(check_path): + print("Found %s, using %s" % (check_path, p)) + script_path = p + if script_path is None: + print("Error couldn't find run-os-net-config.sh relative to filename") + exit_usage() + + for r in six.iteritems(tpl.get('resources', {})): + if (r[1].get('type') == 'OS::Heat::StructuredConfig' and + r[1].get('properties', {}).get('group') == 'os-apply-config' and + r[1].get('properties', {}).get('config', {}).get('os_net_config')): + #print("match %s" % r[0]) + new_r = collections.OrderedDict() + new_r['type'] = 'OS::Heat::SoftwareConfig' + new_r['properties'] = collections.OrderedDict() + new_r['properties']['group'] = 'script' + old_net_config = r[1].get( + 'properties', {}).get('config', {}).get('os_net_config') + new_config = {'str_replace': collections.OrderedDict()} + new_config['str_replace']['template'] = {'get_file': script_path} + new_config['str_replace']['params'] = {'$network_config': old_net_config} + new_r['properties']['config'] = new_config + tpl['resources'][r[0]] = new_r + else: + print("No match %s" % r[0]) + return 0 + + # Preserve typical HOT template key ordering + od_result = collections.OrderedDict() + # Need to bump the HOT version so str_replace supports serializing to json + od_result['heat_template_version'] = "2016-10-14" + if tpl.get('description'): + od_result['description'] = description(tpl['description']) + od_result['parameters'] = tpl['parameters'] + od_result['resources'] = tpl['resources'] + od_result['outputs'] = tpl['outputs'] + #print('Result:') + #print('%s' % yaml.dump(od_result, Dumper=TemplateDumper, width=120, default_flow_style=False)) + #print('---') + #replace = raw_input( + #"Replace file %s? Answer y/n" % filename).lower() == 'y' + #if replace: + #print("Replace %s" % filename) + write_template(od_result, filename) + #else: + # print("NOT replacing %s" % filename) + # return 0 + return 1 + +if len(sys.argv) < 2: + exit_usage() + +path_args = sys.argv[1:] +exit_val = 0 +num_converted = 0 + +for base_path in path_args: + if os.path.isfile(base_path) and base_path.endswith('.yaml'): + to_commented_yaml(base_path) + num_converted += convert(base_path) + to_normal_yaml(base_path) + else: + print('Unexpected argument %s' % base_path) + exit_usage() +if num_converted == 0: + exit_val = 1 +sys.exit(exit_val) @@ -11,4 +11,9 @@ deps = -r{toxinidir}/requirements.txt commands = {posargs} [testenv:pep8] -commands = python ./tools/yaml-validate.py . +commands = + python ./tools/process-templates.py + python ./tools/yaml-validate.py . + +[testenv:templates] +commands = python ./tools/process-templates.py |