diff options
70 files changed, 634 insertions, 98 deletions
@@ -124,3 +124,7 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | congress | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ +| cephmds | | | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| manila | | | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index f35a0804..03065c6a 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -65,6 +65,7 @@ - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml new file mode 100644 index 00000000..0c07a1b0 --- /dev/null +++ b/ci/environments/multinode-core.yaml @@ -0,0 +1,37 @@ +heat_template_version: ocata + +description: > + OpenStack Core Service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: string + default: '' + +resources: + +outputs: + role_data: + description: Role data for the multinode firewall configuration + value: + service_name: multinode_core + config_settings: + tripleo.core.firewall_rules: + '999 core': + proto: 'udp' + dport: + - 4789 diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 212f6a23..0609dd5f 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -15,6 +15,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 56d04de5..6710fef7 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -1,12 +1,10 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::Core: multinode-core.yaml parameter_defaults: ControllerServices: - OS::TripleO::Services::CACerts - - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -30,6 +28,7 @@ parameter_defaults: - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 72e25704..e09ca705 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -1,6 +1,6 @@ resource_registry: - OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml @@ -19,6 +19,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index bf4721e2..3207d133 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -1,6 +1,6 @@ resource_registry: - OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml @@ -15,6 +15,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 9167010c..1dc8b13d 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -1,6 +1,6 @@ resource_registry: - OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml @@ -17,6 +17,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 87b10ca1..dc05ab4e 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -1,16 +1,35 @@ resource_registry: - OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml - OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml - OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml - OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml + OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml OS::TripleO::Services::SwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: OS::Heat::None OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml + # These enable Pacemaker + OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml + OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml + OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + parameter_defaults: ControllerServices: + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephRgw - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -19,6 +38,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent @@ -28,6 +48,10 @@ parameter_defaults: - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare - OS::TripleO::Services::Memcached - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor @@ -40,10 +64,6 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephOSD - - OS::TripleO::Services::CephClient - - OS::TripleO::Services::CephRgw - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml index a188fd1c..ebdfea14 100644 --- a/ci/pingtests/scenario004-multinode.yaml +++ b/ci/pingtests/scenario004-multinode.yaml @@ -118,6 +118,18 @@ resources: ram: 512 vcpus: 1 + manila_share_type: + type: OS::Manila::ShareType + properties: + name: default + driver_handles_share_servers: false + + manila_share: + type: OS::Manila::Share + properties: + share_protocol: CEPHFS + size: 1 + outputs: server1_private_ip: description: IP address of server1 in private network diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index a4a3d665..e699841f 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -94,7 +94,9 @@ rm -f /etc/httpd/conf.d/ssl.conf # Set up FreeIPA ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \ -p $DirectoryManagerPassword -a $AdminPassword \ - --hostname `hostname -f` + --hostname `hostname -f` \ + --ip-address=$FreeIPAIP \ + --setup-dns --auto-forwarders --auto-reverse # Authenticate echo $AdminPassword | kinit admin diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 9795a00f..04da5565 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -41,6 +41,7 @@ - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/environments/deployed-server-pacemaker-environment.yaml b/environments/deployed-server-pacemaker-environment.yaml new file mode 100644 index 00000000..85fa7d2f --- /dev/null +++ b/environments/deployed-server-pacemaker-environment.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Tasks::ControllerDeployedServerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml index 47b2003d..3a606336 100644 --- a/environments/low-memory-usage.yaml +++ b/environments/low-memory-usage.yaml @@ -11,8 +11,8 @@ parameter_defaults: SwiftWorkers: 1 GnocchiMetricdWorkers: 1 - ApacheMaxRequestWorkers: 32 - ApacheServerLimit: 32 + ApacheMaxRequestWorkers: 100 + ApacheServerLimit: 100 ControllerExtraConfig: 'nova::network::neutron::neutron_url_timeout': '60' diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 4283b212..9e3cddba 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -1,2 +1,15 @@ resource_registry: OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml +parameter_defaults: + UpgradeLevelNovaCompute: auto + UpgradeInitCommonCommand: | + #!/bin/bash + # Newton to Ocata, we need to remove old hiera hook data and + # install ansible heat agents and ansible-pacemaker + set -eu + yum install -y python-heat-agent-* + yum install -y ansible-pacemaker + rm -f /usr/libexec/os-apply-config/templates/etc/puppet/hiera.yaml + rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles + rm -f /etc/puppet/hieradata/*.yaml + diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml new file mode 100644 index 00000000..f09fb20e --- /dev/null +++ b/environments/major-upgrade-converge.yaml @@ -0,0 +1,7 @@ +# Use this to reset any mappings only used for upgrades after the +# update of all nodes is completed +resource_registry: + OS::TripleO::PostDeploySteps: ../puppet/post.yaml +parameter_defaults: + UpgradeLevelNovaCompute: '' + UpgradeInitCommonCommand: '' diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index e08b2b27..ed7292b7 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -10,4 +10,4 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight_v2' - NeutronServicePlugins: 'odl-router_v2' + NeutronServicePlugins: 'odl-router_v2,trunk' diff --git a/extraconfig/tasks/run_puppet.sh b/extraconfig/tasks/run_puppet.sh new file mode 100755 index 00000000..b7771e33 --- /dev/null +++ b/extraconfig/tasks/run_puppet.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +function run_puppet { + set -eux + local manifest="$1" + local role="$2" + local step="$3" + local rc=0 + + export FACTER_deploy_config_name="${role}Deployment_Step${step}" + if [ -e "/etc/puppet/hieradata/heat_config_${FACTER_deploy_config_name}.json" ]; then + set +e + puppet apply --detailed-exitcodes "${manifest}" + rc=$? + echo "puppet apply exited with exit code $rc" + else + echo "Step${step} doesn't exist for ${role}" + fi + set -e + + if [ $rc -eq 2 -o $rc -eq 0 ]; then + set +xu + return 0 + fi + set +xu + return $rc +} diff --git a/extraconfig/tasks/swift-ring-deploy.yaml b/extraconfig/tasks/swift-ring-deploy.yaml new file mode 100644 index 00000000..d17f78ae --- /dev/null +++ b/extraconfig/tasks/swift-ring-deploy.yaml @@ -0,0 +1,31 @@ +heat_template_version: ocata + +parameters: + servers: + type: json + SwiftRingGetTempurl: + default: '' + description: A temporary Swift URL to download rings from. + type: string + +resources: + SwiftRingDeployConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: swift_ring_get_tempurl + config: | + #!/bin/sh + pushd / + curl --insecure --silent "${swift_ring_get_tempurl}" | tar xz || true + popd + + SwiftRingDeploy: + type: OS::Heat::SoftwareDeployments + properties: + name: SwiftRingDeploy + config: {get_resource: SwiftRingDeployConfig} + servers: {get_param: servers} + input_values: + swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl} diff --git a/extraconfig/tasks/swift-ring-update.yaml b/extraconfig/tasks/swift-ring-update.yaml new file mode 100644 index 00000000..440c6883 --- /dev/null +++ b/extraconfig/tasks/swift-ring-update.yaml @@ -0,0 +1,42 @@ +heat_template_version: ocata + +parameters: + servers: + type: json + SwiftRingPutTempurl: + default: '' + description: A temporary Swift URL to upload rings to. + type: string + +resources: + SwiftRingUpdateConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: swift_ring_put_tempurl + config: | + #!/bin/sh + TMP_DATA=$(mktemp -d) + function cleanup { + rm -Rf "$TMP_DATA" + } + trap cleanup EXIT + # sanity check in case rings are not consistent within cluster + swift-recon --md5 | grep -q "doesn't match" && exit 1 + pushd ${TMP_DATA} + tar -cvzf swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/* + resp=`curl --insecure --silent -X PUT "${swift_ring_put_tempurl}" --write-out "%{http_code}" --data-binary @swift-rings.tar.gz` + popd + if [ "$resp" != "201" ]; then + exit 1 + fi + + SwiftRingUpdate: + type: OS::Heat::SoftwareDeployments + properties: + name: SwiftRingUpdate + config: {get_resource: SwiftRingUpdateConfig} + servers: {get_param: servers} + input_values: + swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl} diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index 27ba33a8..c2565410 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -15,9 +15,13 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT set -eu NOVA_COMPUTE="" -if systemctl show 'openstack-nova-compute' --property ActiveState | grep '\bactive\b'; then +if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then NOVA_COMPUTE="true" fi +SWIFT_STORAGE="" +if hiera -c /etc/puppet/hiera.yaml service_names | grep swift_storage ; then + SWIFT_STORAGE="true" +fi DEBUG="true" SCRIPT_NAME=$(basename $0) @@ -34,19 +38,27 @@ $(declare -f special_case_ovs_upgrade_if_needed) special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config -systemctl_swift stop +if [[ -n \$SWIFT_STORAGE ]]; then + systemctl_swift stop +fi yum -y update -systemctl_swift start - +if [[ -n \$SWIFT_STORAGE ]]; then + systemctl_swift start +fi # Due to bug#1640177 we need to restart compute agent if [[ -n \$NOVA_COMPUTE ]]; then echo "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute fi -# Apply puppet manifest to converge just right after the \$ROLE upgrade -puppet apply /root/${ROLE}_puppet_config.pp - +# Apply puppet manifest to converge just right after the ${ROLE} upgrade +$(declare -f run_puppet) +for step in 1 2 3 4 5 6; do + if ! run_puppet /root/${ROLE}_puppet_config.pp ${ROLE} \${step}; then + echo "Puppet failure at step \${step}" + exit 1 + fi +done ENDOFCAT # ensure the permissions are OK diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a6b32ddb..1360d0be 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -2,7 +2,7 @@ resource_registry: OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment OS::TripleO::PostDeploySteps: puppet/post.yaml - OS::TripleO::PostUpgradeSteps: puppet/post.yaml + OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml OS::TripleO::DefaultPasswords: default_passwords.yaml @@ -11,6 +11,9 @@ resource_registry: OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml + OS::TripleO::Tasks::SwiftRingDeploy: extraconfig/tasks/swift-ring-deploy.yaml + OS::TripleO::Tasks::SwiftRingUpdate: extraconfig/tasks/swift-ring-update.yaml + {% for role in roles %} OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml @@ -66,8 +69,10 @@ resource_registry: OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml - OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None - OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None +{% for role in roles %} + OS::TripleO::Tasks::{{role.name}}PrePuppet: OS::Heat::None + OS::TripleO::Tasks::{{role.name}}PostPuppet: OS::Heat::None +{% endfor %} # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when @@ -218,7 +223,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml - OS::TripleO::Services::PankoApi: OS::Heat::None + OS::TripleO::Services::PankoApi: puppet/services/panko-api.yaml OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None OS::TripleO::Services::MistralExecutor: OS::Heat::None @@ -242,6 +247,7 @@ resource_registry: OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None OS::TripleO::Services::OctaviaWorker: OS::Heat::None + OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml parameter_defaults: EnablePackageInstall: false diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index e92de45f..a5218dbe 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -115,6 +115,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' resources: BlockStorage: @@ -360,6 +368,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 892f91ef..0867e17f 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -121,6 +121,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' resources: CephStorage: @@ -366,6 +374,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 62adcd33..1a0294af 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -133,6 +133,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' resources: @@ -383,6 +391,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index d3268ee2..825006ba 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -147,6 +147,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' parameter_groups: - label: deprecated @@ -417,6 +425,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 3362a01f..6f2dd684 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -79,6 +79,7 @@ resources: AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} ROLE_NAME: {{role.name}} - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh + - get_file: ../extraconfig/tasks/run_puppet.sh - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh {{role.name}}DeliverUpgradeScriptDeployment: diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 1633134d..172484dc 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -115,6 +115,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' resources: @@ -360,6 +368,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index cb08f872..581c4f0d 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -23,13 +23,18 @@ properties: StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} - {% if role.name == 'Controller' %} - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet + {{role.name}}PrePuppet: + type: OS::TripleO::Tasks::{{role.name}}PrePuppet properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} + + {% if role.name in ['Controller', 'ObjectStorage'] %} + {{role.name}}SwiftRingDeploy: + type: OS::TripleO::Tasks::SwiftRingDeploy + properties: + servers: {get_param: [servers, {{role.name}}]} {% endif %} # Step through a series of configuration steps @@ -75,14 +80,23 @@ properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name == 'Controller' %} - ControllerPostPuppet: + {{role.name}}PostPuppet: depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostPuppet + - {{role.name}}ExtraConfigPost + type: OS::TripleO::Tasks::{{role.name}}PostPuppet properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} + + {% if role.name in ['Controller', 'ObjectStorage'] %} + {{role.name}}SwiftRingUpdate: + type: OS::TripleO::Tasks::SwiftRingUpdate + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: [servers, {{role.name}}]} {% endif %} {% endfor %} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 2f070da2..2e1bd6f1 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -137,7 +137,14 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' - + UpgradeInitCommonCommand: + type: string + description: | + Common commands required by the upgrades process. This should not + normally be modified by the operator and is set and unset in the + major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml + environment files. + default: '' resources: {{role}}: @@ -386,6 +393,7 @@ resources: - - "#!/bin/bash\n\n" - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand + - get_param: UpgradeInitCommonCommand # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 9c2d8c5c..e5c11535 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,8 +19,21 @@ environment to set per service parameters. Config Settings --------------- -Each service may define a config_settings output variable which returns -Hiera settings to be configured. +Each service may define three ways in which to output variables to configure Hiera +settings on the nodes. + + * config_settings: the hiera keys will be pushed on all roles of which the service + is a part of. + + * global_config_settings: the hiera keys will be distributed to all roles + + * service_config_settings: Takes an extra key to wire in values that are + defined for a service that need to be consumed by some other service. + For example: + service_config_settings: + haproxy: + foo: bar + This will set the hiera key 'foo' on all roles where haproxy is included. Deployment Steps ---------------- diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index f5ca329e..c2c2d023 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,8 +69,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 239b6ca9..ffc4c83a 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -105,8 +105,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 17588dc6..874c6893 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -93,10 +93,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ceilometer_backend: {get_param: CeilometerBackend} - ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo ceilometer::db::sync_db: false ceilometer::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index a5d7fcf1..88e7edb7 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1b82f55c..6855a838 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/congress' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' congress::keystone::auth::tenant: 'service' congress::keystone::auth::password: {get_param: CongressPassword} congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} @@ -88,3 +87,11 @@ outputs: step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop congress service + tags: step2 + service: name=openstack-congress-server state=stopped diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml new file mode 100644 index 00000000..1415391c --- /dev/null +++ b/puppet/services/database/mysql-client.yaml @@ -0,0 +1,30 @@ +heat_template_version: ocata + +description: > + Mysql client settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base:database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + step_config: | + include ::tripleo::profile::base::database::mysql::client diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8c4042d9..808f1353 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -34,6 +34,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + NovaPassword: + description: The password for the nova db account + type: string + hidden: true resources: @@ -94,6 +98,8 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + metadata_settings: + get_attr: [MySQLTLS, role_data, metadata_settings] upgrade_tasks: - name: Check for galera root password tags: step0 @@ -104,6 +110,15 @@ outputs: - name: Start service tags: step4 service: name=mariadb state=started - metadata_settings: - get_attr: [MySQLTLS, role_data, metadata_settings] - + - name: Setup cell_v2 (create cell0 database) + tags: step4 + mysql_db: + name: nova_cell0 + state: present + - name: Setup cell_v2 (grant access to the nova DB user) + tags: step4 + mysql_user: + str_replace: + template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present" + params: + PASSWORD: {get_param: NovaPassword} diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 002342b6..bb10140e 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -90,8 +90,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ec2_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - if: - nova_workers_zero diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c4f97d54..d26d96aa 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -91,8 +91,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 8fddae4b..c6310056 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' gnocchi::db::sync::extra_opts: '--skip-storage' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index e85b7537..f7ec9a41 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -111,8 +111,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index ad7ef6ea..d186b047 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,8 +60,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b2374ec4..9c4cc60f 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -193,8 +193,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 2a9745a2..c183bc08 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 4d020498..e1030346 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,8 +65,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 48e53f4c..4d671e15 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -127,8 +127,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -136,8 +135,6 @@ outputs: neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} - - neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index 868b2bc6..e3a4da99 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -26,6 +26,16 @@ parameters: description: Tunnel encapsulation type type: string default: geneve + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name + type: comma_delimited_list + default: "datacentre:br-ex" outputs: @@ -37,6 +47,7 @@ outputs: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} tripleo.neutron_compute_plugin_ovn.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index ad1dcfb0..f948dd07 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 18c790e6..0adefecd 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -58,6 +58,10 @@ parameters: default: 'public' description: Default pool for floating IP addresses type: string + NovaDbSyncTimeout: + default: 300 + description: Timeout for Nova db sync + type: number conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -178,3 +182,86 @@ outputs: # https://bugs.launchpad.net/nova/+bug/1661360 # metadata_settings: # get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: update nova api + tags: step2 + yum: name=openstack-nova-api state=latest + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell0 + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell_and_hosts + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 26d05cc9..ceacb0b2 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -121,7 +121,6 @@ parameters: Endpoint interface to be used for the placement API. default: 'internal' - conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} @@ -151,6 +150,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::api_database_connection: list_join: - '' @@ -160,6 +160,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::placement_database_connection: list_join: - '' @@ -169,6 +170,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7484da2..9923e833 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -75,6 +75,10 @@ parameters: default: tag: openstack.nova.compute path: /var/log/nova/nova-compute.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto resources: NovaBase: @@ -146,3 +150,19 @@ outputs: tripleo.collectd.plugins.nova_compute: - virt collectd::plugins::virt::connection: "qemu:///system" + upgrade_tasks: + - name: Stop nova-compute service + tags: step2 + service: name=openstack-nova-compute state=stopped + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step3 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} + - name: Start nova-compute service + tags: step6 + service: name=openstack-nova-compute state=started diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index b96bf6e6..7b086536 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -30,6 +30,10 @@ parameters: default: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -61,3 +65,19 @@ outputs: - nova::conductor::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::conductor + upgrade_tasks: + - name: Stop nova_conductor service + tags: step2 + service: name=openstack-nova-conductor state=stopped + - name: update nova conductor + tags: step2 + yum: name=openstack-nova-conductor state=latest + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step3 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 79969ded..b5a1312a 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -48,3 +48,7 @@ outputs: get_attr: [NovaBase, role_data, config_settings] step_config: | include tripleo::profile::base::nova::consoleauth + upgrade_tasks: + - name: Stop nova_consoleauth service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5564c1b3..9389c801 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -122,3 +122,8 @@ outputs: - name: Stop nova_placement service (running under httpd) tags: step2 service: name=httpd state=stopped + # The nova placement API isn't installed in newton images, so install + # it on upgrade + - name: Install nova-placement packages on upgrade + tags: step3 + yum: name=openstack-nova-placement-api state=latest diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 353a75ac..0e0b9d1e 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -63,3 +63,10 @@ outputs: nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | include tripleo::profile::base::nova::scheduler + upgrade_tasks: + - name: Stop nova_scheduler service + tags: step2 + service: name=openstack-nova-scheduler state=stopped + - name: update nova scheduler + tags: step2 + yum: name=openstack-nova-scheduler state=latest diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index bf244943..f6cf9649 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -64,3 +64,7 @@ outputs: - 13080 step_config: | include tripleo::profile::base::nova::vncproxy + upgrade_tasks: + - name: Stop nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 37ba1f73..909a3030 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -66,8 +66,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/octavia' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' octavia::keystone::authtoken::password: {get_param: OctaviaPassword} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 2c2586af..998e64ee 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,8 +46,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index e2084186..224989be 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 5cf09a6d..6ceb9f19 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/tacker' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tacker::keystone::auth::tenant: 'service' tacker::keystone::auth::password: {get_param: TackerPassword} @@ -89,3 +88,10 @@ outputs: step_config: | include ::tripleo::profile::base::tacker + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running" + shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop tacker service + tags: step2 + service: name=openstack-tacker-server state=stopped diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 88ab90cb..b14d7bcc 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -22,8 +22,10 @@ parameters: via parameter_defaults in the resource registry. type: json NtpServer: - default: [] - description: NTP servers + default: ['pool.ntp.org'] + description: NTP servers list. Defaulted to pool.ntp.org in order to + have a sane default for Pacemaker deployments when + not configuring this parameter by default. type: comma_delimited_list outputs: diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index c37cc033..2cfd43f4 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -41,7 +41,7 @@ resources: - {get_param: SkipUpgradeConfigTags} tags: str_replace: - template: "stepSTEP" + template: "common,stepSTEP" params: STEP: {get_param: step} modulepath: /usr/share/ansible-modules diff --git a/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml new file mode 100644 index 00000000..78fdbb59 --- /dev/null +++ b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml @@ -0,0 +1,6 @@ +--- +issues: + - We add a default NTP server to the Overcloud + for all Pacemaker and non-Pacemaker deployments, + also useful for keeping time diff controlled for + Keystone and Ceph. diff --git a/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml new file mode 100644 index 00000000..e560fe95 --- /dev/null +++ b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml @@ -0,0 +1,12 @@ +--- +features: + - With the composable HA work landed it is now possible + to split pacemaker-managed services like galera, rabbit, + redis, haproxy and any A/P resource, off to dedicated + nodes. These services can be split off to separate nodes + either via the normal Pacemaker service (which has a limit + of 16 maximum number of nodes) or via the newer PacemakerRemote + service (but not both on the same node). Note that until + https://bugzilla.redhat.com/show_bug.cgi?id=1417936 is fixed, + PacemakerRemote should only be used for Cinder A/P resources + and Manila A/P resources. diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml new file mode 100644 index 00000000..edcc1250 --- /dev/null +++ b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The environments/puppet-pacemaker.yaml file is now deprecated and the HA + deployment is now the default. In order to get the non-HA deployment use + environments/nonha-arch.yaml explicitly. diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst index 9767dad2..43c77709 100644 --- a/releasenotes/source/index.rst +++ b/releasenotes/source/index.rst @@ -9,6 +9,7 @@ Contents :maxdepth: 2 unreleased + ocata Indices and tables diff --git a/releasenotes/source/ocata.rst b/releasenotes/source/ocata.rst new file mode 100644 index 00000000..ebe62f42 --- /dev/null +++ b/releasenotes/source/ocata.rst @@ -0,0 +1,6 @@ +=================================== + Ocata Series Release Notes +=================================== + +.. release-notes:: + :branch: origin/stable/ocata diff --git a/roles_data.yaml b/roles_data.yaml index 31b12986..9e3b0a18 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -17,6 +17,10 @@ # disable_constraints: (boolean) optional, whether to disable Nova and Glance # constraints for each role specified in the templates. # +# disable_upgrade_deployment: (boolean) optional, whether to run the +# ansible upgrade steps for all services that are deployed on the role. If set +# to True, the operator will drive the upgrade for this role's nodes. +# # upgrade_batch_size: (number): batch size for upgrades where tasks are # specified by services to run in batches vs all nodes at once. # This defaults to 1, but larger batches may be specified here. @@ -47,6 +51,7 @@ - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 0eacbc60..1d0dba02 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -62,14 +62,12 @@ def validate_mysql_connection(settings): return items == ['EndpointMap', 'MysqlInternal', 'protocol'] def client_bind_address(item): - return 'bind_address' in item + return 'read_default_file' in item and \ + 'read_default_group' in item def validate_mysql_uri(key, items): # Only consider a connection if it targets mysql - # TODO(owalsh): skip nova mysql uris,temporary workaround for - # tripleo/+bug/1662344 - if not key.startswith('nova') and \ - key.endswith('connection') and \ + if key.endswith('connection') and \ search(items, mysql_protocol, no_op): # Assume the "bind_address" option is one of # the token that made up the uri |