diff options
43 files changed, 1102 insertions, 151 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 8f9e9627..4532549f 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -17,8 +17,6 @@ parameters: type: string DockerLibvirtImage: type: string - DockerNeutronAgentImage: - type: string DockerOpenvswitchImage: type: string DockerOvsVswitchdImage: @@ -33,17 +31,12 @@ parameters: default: "/etc/nova/nova.conf" NeutronOpenvswitchAgentConfig: type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/ml2_conf.ini" - NeutronAgentConfig: - type: string default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" - NeutronAgentPluginVolume: + NeutronOpenvswitchAgentPluginVolume: type: string - description: The neutron agent plugin to mount into the neutron-agents container default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronAgentOvsVolume: + NeutronOpenvswitchAgentOvsVolume: type: string - description: The neutron agent ovs agents to mount into the neutron-agents container default: " " resources: @@ -99,7 +92,6 @@ resources: - name: libvirt_config - name: nova_config - name: neutron_openvswitch_agent_config - - name: neutron_agent_config config: | #!/bin/python import json @@ -112,13 +104,11 @@ resources: libvirt_config = os.getenv('libvirt_config').split(',') nova_config = os.getenv('nova_config').split(',') neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') - neutron_agent_config = os.getenv('neutron_agent_config').split(',') # Command, Config_files, Owner, Perms services = {'nova-libvirt': ['/usr/sbin/libvirtd', libvirt_config, 'root', libvirt_perms], 'nova-compute': ['/usr/bin/nova-compute', nova_config, 'nova', file_perms], 'neutron-openvswitch-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_openvswitch_agent_config, 'neutron', file_perms], - 'neutron-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_agent_config, 'neutron', file_perms], 'ovs-vswitchd': ['/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log'], 'ovsdb-server': ['/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log'] } @@ -171,7 +161,6 @@ resources: libvirt_config: {get_param: LibvirtConfig} nova_config: {get_param: NovaConfig} neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - neutron_agent_config: {get_param: NeutronAgentConfig} NovaComputeContainersDeploymentOVS: type: OS::Heat::StructuredDeployments @@ -291,27 +280,7 @@ resources: properties: group: docker-compose config: - openvswitch: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/neutron/neutron.conf:/etc/kolla/neutron-openvswitch-agent/:ro - - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro - - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - neutronagent: + neutronovsagent: image: list_join: - '/' @@ -326,10 +295,11 @@ resources: - list_join: - "," - [ "/run:/run", "/lib/modules:/lib/modules:ro", - "/var/lib/etc-data/json-config/neutron-agent.json:/var/lib/kolla/config_files/config.json", + "/var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json", "/var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro", - {get_param: NeutronAgentPluginVolume}, - {get_param: NeutronAgentOvsVolume} ] + "/var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro", + {get_param: NeutronOpenvswitchAgentPluginVolume}, + {get_param: NeutronOpenvswitchAgentOvsVolume} ] environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index 963c7eee..bb458a68 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -73,3 +73,22 @@ chmod 0640 /etc/systemd/system/heat-docker-agents.service # Disable NetworkManager and let the ifup/down scripts work properly. /usr/bin/systemctl disable NetworkManager /usr/bin/systemctl stop NetworkManager + +# Atomic's root partition & logical volume defaults to 3G. In order to launch +# larger VMs, we need to enlarge the root logical volume and scale down the +# docker_pool logical volume. We are allocating 80% of the disk space for +# vm data and the remaining 20% for docker images. +ATOMIC_ROOT='/dev/mapper/atomicos-root' +ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'` + +growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' ) +pvresize "${ROOT_DEVICE}" +lvresize -l +80%FREE "${ATOMIC_ROOT}" +xfs_growfs "${ATOMIC_ROOT}" + +cat <<EOF > /etc/sysconfig/docker-storage-setup +GROWPART=true +AUTO_EXTEND_POOL=yes +POOL_AUTOEXTEND_PERCENT=30 +POOL_AUTOEXTEND_THRESHOLD=70 +EOF diff --git a/environments/docker-network-isolation.yaml b/environments/docker-network-isolation.yaml index 257d03dc..87c81d0b 100644 --- a/environments/docker-network-isolation.yaml +++ b/environments/docker-network-isolation.yaml @@ -1,4 +1,4 @@ parameter_defaults: - NeutronAgentConfig: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/openvswitch_agent.ini" - NeutronAgentPluginVolume: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro" - NeutronAgentOvsVolume: "/var/lib/etc-data/neutron/conf.d/neutron-openvswitch-agent:/etc/neutron/conf.d/neutron-openvswitch-agent:ro" + NeutronOpenvswitchAgentConfig: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/openvswitch_agent.ini" + NeutronOpenvswitchAgentPluginVolume: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro" + NeutronOpenvswitchAgentOvsVolume: "/var/lib/etc-data/neutron/conf.d/neutron-openvswitch-agent:/etc/neutron/conf.d/neutron-openvswitch-agent:ro" diff --git a/environments/docker.yaml b/environments/docker.yaml index 7c6dc407..be21d842 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -14,9 +14,9 @@ parameter_defaults: DockerNamespaceIsRegistry: false # Compute Node Images DockerComputeImage: centos-binary-nova-compute:latest + DockerAgentImage: heat-docker-agents:latest DockerComputeDataImage: centos-binary-data:latest DockerLibvirtImage: centos-binary-nova-libvirt:latest - DockerNeutronAgentImage: centos-binary-neutron-agents:latest DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 5794c6b4..d6328c06 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -24,6 +24,9 @@ parameter_defaults: KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + KeystoneV3Admin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneV3Internal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystoneV3Public: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} @@ -36,6 +39,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/environments/external-loadbalancer-vip-v6.yaml b/environments/external-loadbalancer-vip-v6.yaml new file mode 100644 index 00000000..5a2ef505 --- /dev/null +++ b/environments/external-loadbalancer-vip-v6.yaml @@ -0,0 +1,38 @@ +resource_registry: + OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external_v6.yaml + OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service_v6.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml + OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml + OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool_v6.yaml + # OVS doesn't support IPv6 endpoints for tunneling yet, so this remains IPv4 for now. + OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + +parameter_defaults: + # When using an external loadbalancer set the following in parameter_defaults + # to control your VIPs (currently one per network) + # NOTE: we will eventually move to one VIP per service + # + ControlPlaneIP: 192.0.2.251 + ExternalNetworkVip: 2001:db8:fd00:1000:0000:0000:0000:0005 + InternalApiNetworkVip: fd00:fd00:fd00:2000:0000:0000:0000:0005 + StorageNetworkVip: fd00:fd00:fd00:3000:0000:0000:0000:0005 + StorageMgmtNetworkVip: fd00:fd00:fd00:4000:0000:0000:0000:0005 + ServiceVips: + redis: fd00:fd00:fd00:2000:0000:0000:0000:0006 + ControllerIPs: + external: + - 2001:db8:fd00:1000:0000:0000:0000:0007 + internal_api: + - fd00:fd00:fd00:2000:0000:0000:0000:0007 + storage: + - fd00:fd00:fd00:3000:0000:0000:0000:0007 + storage_mgmt: + - fd00:fd00:fd00:4000:0000:0000:0000:0007 + tenant: + - 172.16.0.253 + EnableLoadBalancer: false diff --git a/environments/ips-from-pool-all.yaml b/environments/ips-from-pool-all.yaml new file mode 100644 index 00000000..f660d501 --- /dev/null +++ b/environments/ips-from-pool-all.yaml @@ -0,0 +1,75 @@ +# Environment file demonstrating how to pre-assign IPs to all node types +resource_registry: + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool.yaml + OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml + OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml + OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + + OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml + OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_from_pool.yaml + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml + OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + + OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml + OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml + OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml + OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml + + OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml + OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml + OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml + OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml + + OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml + OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml + OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml + OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml + +parameter_defaults: + ControllerIPs: + # Each controller will get an IP from the lists below, first controller, first IP + external: + - 10.0.0.251 + internal_api: + - 172.16.2.251 + storage: + - 172.16.1.251 + storage_mgmt: + - 172.16.3.251 + tenant: + - 172.16.0.251 + NovaComputeIPs: + # Each compute will get an IP from the lists below, first compute, first IP + internal_api: + - 172.16.2.252 + storage: + - 172.16.1.252 + tenant: + - 172.16.0.252 + CephStorageIPs: + # Each ceph node will get an IP from the lists below, first node, first IP + storage: + - 172.16.1.253 + storage_mgmt: + - 172.16.3.253 + SwiftStorageIPs: + # Each swift node will get an IP from the lists below, first node, first IP + internal_api: + - 172.16.2.254 + storage: + - 172.16.1.254 + storage_mgmt: + - 172.16.3.254 + BlockStorageIPs: + # Each cinder node will get an IP from the lists below, first node, first IP + internal_api: + - 172.16.2.250 + storage: + - 172.16.1.250 + storage_mgmt: + - 172.16.3.250 diff --git a/environments/major-upgrade-script-delivery.yaml b/environments/major-upgrade-pacemaker-init.yaml index ba128d84..d98a9cdd 100644 --- a/environments/major-upgrade-script-delivery.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -2,7 +2,7 @@ parameter_defaults: UpgradeLevelNovaCompute: liberty resource_registry: - OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_script_delivery.yaml + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml OS::TripleO::ControllerPostDeployment: OS::Heat::None OS::TripleO::ComputePostDeployment: OS::Heat::None diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml index d1d0818e..599a08b1 100644 --- a/environments/network-isolation-v6.yaml +++ b/environments/network-isolation-v6.yaml @@ -43,9 +43,13 @@ resource_registry: OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. CorosyncIPv6: True # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. MongoDbIPv6: True # Enable various IPv6 features in Nova. NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: true diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh new file mode 100644 index 00000000..07666245 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_block_storage.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# +# This runs an upgrade of Cinder Block Storage nodes. +# +set -eu + +yum -y install python-zaqarclient # needed for os-collect-config +yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh new file mode 100644 index 00000000..de42b16d --- /dev/null +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# +# This delivers the ceph-storage upgrade script to be invoked as part of the tripleo +# major upgrade workflow. +# +set -eu + +UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh + +cat > $UPGRADE_SCRIPT << ENDOFCAT +### DO NOT MODIFY THIS FILE +### This file is automatically delivered to the ceph-storage nodes as part of the +### tripleo upgrades workflow + + +function systemctl_ceph { + action=\$1 + systemctl \$action ceph +} + +# "so that mirrors aren't rebalanced as if the OSD died" - gfidente +ceph osd set noout + +systemctl_ceph stop +yum -y install python-zaqarclient # needed for os-collect-config +yum -y update +systemctl_ceph start + +ceph osd unset noout + +ENDOFCAT + +# ensure the permissions are OK +chmod 0755 $UPGRADE_SCRIPT + diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 0f6d091e..931f4f42 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -14,17 +14,18 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT function systemctl_swift { - action=$1 + action=\$1 for S in openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ - openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy; do - systemctl $action $S + openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object; do + systemctl \$action \$S done } systemctl_swift stop +yum -y install python-zaqarclient # needed for os-collect-config yum -y update systemctl_swift start diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index b867d107..4af3186c 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -50,6 +50,20 @@ resources: config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} + BlockStorageUpgradeConfig: + type: OS::Heat::SoftwareConfig + depends_on: ControllerPacemakerUpgradeDeployment_Step1 + properties: + group: script + config: {get_file: major_upgrade_block_storage.sh} + + BlockStorageUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: blockstorage_servers} + config: {get_resource: BlockStorageUpgradeConfig} + input_values: {get_param: input_values} + ControllerPacemakerUpgradeConfig_Step2: type: OS::Heat::SoftwareConfig properties: @@ -63,7 +77,7 @@ resources: ControllerPacemakerUpgradeDeployment_Step2: type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step1 + depends_on: BlockStorageUpgradeDeployment properties: servers: {get_param: controller_servers} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.yaml new file mode 100644 index 00000000..f662bc3d --- /dev/null +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.yaml @@ -0,0 +1,128 @@ +heat_template_version: 2014-10-16 +description: 'Upgrade for Pacemaker deployments' + +parameters: + + controller_servers: + type: json + compute_servers: + type: json + blockstorage_servers: + type: json + objectstorage_servers: + type: json + cephstorage_servers: + type: json + input_values: + type: json + description: input values for the software deployments + + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' + +resources: + + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - get_param: UpgradeInitCommand + + UpgradeInitControllerDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: controller_servers} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + UpgradeInitComputeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: compute_servers} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + UpgradeInitBlockStorageDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: blockstorage_servers} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + UpgradeInitObjectStorageDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: objectstorage_servers} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + UpgradeInitCephStorageDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: cephstorage_servers} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + # TODO(jistr): for Mitaka->Newton upgrades and further we can use + # map_merge with input_values instead of feeding params into scripts + # via str_replace on bash snippets + + ComputeDeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' + params: + UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - get_file: major_upgrade_compute.sh + + ComputeDeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: compute_servers} + config: {get_resource: ComputeDeliverUpgradeScriptConfig} + input_values: {get_param: input_values} + + ObjectStorageDeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: major_upgrade_object_storage.sh} + + ObjectStorageDeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: objectstorage_servers} + config: {get_resource: ObjectStorageDeliverUpgradeScriptConfig} + input_values: {get_param: input_values} + + CephStorageDeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: major_upgrade_ceph_storage.sh} + + CephStorageDeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: cephstorage_servers} + config: {get_resource: CephStorageDeliverUpgradeScriptConfig} + input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_script_delivery.yaml b/extraconfig/tasks/major_upgrade_script_delivery.yaml deleted file mode 100644 index f7faa7fc..00000000 --- a/extraconfig/tasks/major_upgrade_script_delivery.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: 2014-10-16 -description: 'Upgrade for Pacemaker deployments' - -parameters: - - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json - input_values: - type: json - description: input values for the software deployments - - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' - -resources: - # TODO(jistr): for Mitaka->Newton upgrades and further we can use - # map_merge with input_values instead of feeding params into scripts - # via str_replace on bash snippets - - ComputeDeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' - params: - UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - - get_file: major_upgrade_compute.sh - - ComputeDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: compute_servers} - config: {get_resource: ComputeDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - - - ObjectStoreDeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: major_upgrade_object_storage.sh} - - ObjectStoreDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: objectstorage_servers} - config: {get_resource: ObjectStoreDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index ee3216e4..0808763e 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -39,10 +39,23 @@ function echo_error { } function systemctl_swift { + services=( openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ + openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ + openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy ) action=$1 - for S in openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ - openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ - openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy; do - systemctl $action $S + case $action in + stop) + services=$(systemctl | grep swift | grep running | awk '{print $1}') + ;; + start) + enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage') + if [[ $enable_swift_storage != "true" ]]; then + services=( openstack-swift-proxy ) + fi + ;; + *) services=() ;; # for safetly, should never happen + esac + for S in ${services[@]}; do + systemctl $action $S done } diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml new file mode 100644 index 00000000..bf0c036d --- /dev/null +++ b/network/ports/external_from_pool_v6.yaml @@ -0,0 +1,54 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a network mapped list of IPs. This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + ExternalNetName: + description: Name of the external network + default: external + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + ExternalNetCidr: + default: '2001:db8:fd00:1000::/64' + description: Cidr for the external network. + type: string + +outputs: + ip_address: + description: external network IP + value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: external network IP (for compatibility with IPv6) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) + description: IP/Subnet CIDR for the external network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} + - '/' + - {get_param: [ExternalNetCidr, -2]} + - {get_param: [ExternalNetCidr, -1]} diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml new file mode 100644 index 00000000..2dd0a0ee --- /dev/null +++ b/network/ports/from_service_v6.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a service mapped list of IPv6 IPs + +parameters: + ServiceName: + description: Name of the service to lookup + default: '' + type: string + NetworkName: # Here for compatability with ctlplane_vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane + type: string + PortName: # Here for compatability with ctlplane_vip.yaml + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with ctlplane_vip.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatability with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + ServiceVips: + default: {} + type: json + +outputs: + ip_address: + description: network IP + value: {get_param: [ServiceVips, {get_param: ServiceName}]} + ip_address_uri: + description: network IP (with brackets for use in URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [ServiceVips, {get_param: ServiceName}]} + - ']' diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml new file mode 100644 index 00000000..34c17ab2 --- /dev/null +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -0,0 +1,54 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a network mapped list of IPs. This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + InternalApiNetName: + description: Name of the internal API network + default: internal_api + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + InternalApiNetCidr: + default: 'fd00:fd00:fd00:2000::/64' + description: Cidr for the internal API network. + type: string + +outputs: + ip_address: + description: internal API network IP + value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: internal API network IP (for compatibility with internal_api_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) + description: IP/Subnet CIDR for the internal API network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} + - '/' + - {get_param: [InternalApiNetCidr, -2]} + - {get_param: [InternalApiNetCidr, -1]} diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml new file mode 100644 index 00000000..f6d67fe8 --- /dev/null +++ b/network/ports/net_vip_map_external_v6.yaml @@ -0,0 +1,95 @@ +heat_template_version: 2015-04-30 + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlPlaneIP: + default: '' + type: string + ExternalNetworkVip: + default: '' + type: string + InternalApiNetworkVip: + default: '' + type: string + StorageNetworkVip: + default: '' + type: string + StorageMgmtNetworkVip: + default: '' + type: string + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string + ExternalIp: + default: '' + type: string + ExternalIpUri: + default: '' + type: string + InternalApiIp: + default: '' + type: string + InternalApiIpUri: + default: '' + type: string + StorageIp: + default: '' + type: string + StorageIpUri: + default: '' + type: string + StorageMgmtIp: + default: '' + type: string + StorageMgmtIpUri: + default: '' + type: string + TenantIp: + default: '' + type: string + TenantIpUri: + default: '' + type: string + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlPlaneIP} + external: {get_param: ExternalNetworkVip} + internal_api: {get_param: InternalApiNetworkVip} + storage: {get_param: StorageNetworkVip} + storage_mgmt: {get_param: StorageMgmtNetworkVip} + net_ip_uri_map: + description: > + A Hash containing a mapping of netowrk names to assigned IPs for a + specific machine with brackets around IPv6 addresses for use in URLs. + value: + ctlplane: {get_param: ControlPlaneIP} + external: + list_join: + - '' + - - '[' + - {get_param: ExternalNetworkVip} + - ']' + internal_api: + list_join: + - '' + - - '[' + - {get_param: InternalApiNetworkVip} + - ']' + storage: + list_join: + - '' + - - '[' + - {get_param: StorageNetworkVip} + - ']' + storage_mgmt: + list_join: + - '' + - - '[' + - {get_param: StorageMgmtNetworkVip} + - ']' diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml new file mode 100644 index 00000000..966d96ae --- /dev/null +++ b/network/ports/storage_from_pool_v6.yaml @@ -0,0 +1,54 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a network mapped list of IPs. This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + StorageNetName: + description: Name of the storage network + default: storage + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + StorageNetCidr: + default: 'fd00:fd00:fd00:3000::/64' + description: Cidr for the storage network. + type: string + +outputs: + ip_address: + description: storage network IP + value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: storage network IP (for compatibility with storage_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) + description: IP/Subnet CIDR for the storage network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} + - '/' + - {get_param: [StorageNetCidr, -2]} + - {get_param: [StorageNetCidr, -1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml new file mode 100644 index 00000000..890da75c --- /dev/null +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -0,0 +1,54 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a network mapped list of IPs This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + StorageMgmtNetName: + description: Name of the storage MGMT network + default: storage_mgmt + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + StorageMgmtNetCidr: + default: 'fd00:fd00:fd00:4000::/64' + description: Cidr for the storage MGMT network. + type: string + +outputs: + ip_address: + description: storage MGMT network IP + value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) + description: IP/Subnet CIDR for the storage MGMT network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} + - '/' + - {get_param: [StorageMgmtNetCidr, -2]} + - {get_param: [StorageMgmtNetCidr, -1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml new file mode 100644 index 00000000..b2bcd426 --- /dev/null +++ b/network/ports/tenant_from_pool_v6.yaml @@ -0,0 +1,53 @@ +heat_template_version: 2015-04-30 + +description: > + Returns an IP from a network mapped list of IPs + +parameters: + TenantNetName: + description: Name of the tenant network + default: tenant + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + TenantNetCidr: + default: 'fd00:fd00:fd00:5000::/64' + description: Cidr for the tenant network. + type: string + +outputs: + ip_address: + description: tenant network IP + value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: tenant network IP (for compatibility with tenant_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) + description: IP/Subnet CIDR for the tenant network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} + - '/' + - {get_param: [TenantNetCidr, -2]} + - {get_param: [TenantNetCidr, -1]} diff --git a/overcloud.yaml b/overcloud.yaml index 343b1bc2..0e986dab 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -303,6 +303,14 @@ parameters: default: 16384 description: Configures RabbitMQ FD limit type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RedisPassword: + description: The password for Redis + type: string + hidden: true SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -366,7 +374,7 @@ parameters: type: string hidden: true CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string ControllerCount: @@ -478,7 +486,7 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true InstanceNameTemplate: @@ -983,6 +991,8 @@ resources: RabbitClientUseSSL: {get_param: RabbitClientUseSSL} RabbitClientPort: {get_param: RabbitClientPort} RabbitFDLimit: {get_param: RabbitFDLimit} + RabbitIPv6: {get_param: RabbitIPv6} + RedisPassword: {get_param: RedisPassword} SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} @@ -1078,6 +1088,7 @@ resources: NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} NovaComputeLibvirtVifDriver: {get_param: NovaComputeLibvirtVifDriver} NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} + NovaIPv6: {get_param: NovaIPv6} NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]} NovaPassword: {get_param: NovaPassword} NovaOVSBridge: {get_param: NovaOVSBridge} @@ -1102,6 +1113,7 @@ resources: CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: NovaComputeSchedulerHints} + NodeIndex: '%index%' BlockStorage: type: OS::Heat::ResourceGroup @@ -1143,6 +1155,7 @@ resources: CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: BlockStorageSchedulerHints} + NodeIndex: '%index%' ObjectStorage: type: OS::Heat::ResourceGroup @@ -1175,6 +1188,7 @@ resources: CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ObjectStorageSchedulerHints} + NodeIndex: '%index%' CephStorage: type: OS::Heat::ResourceGroup @@ -1202,6 +1216,7 @@ resources: CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: CephStorageSchedulerHints} + NodeIndex: '%index%' ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 96198c3f..dc2f98ed 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -39,6 +39,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -50,15 +53,25 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_ipv6: {get_param: CephIPv6} ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' - {get_param: ceph_mon_names} - ceph::profile::params::mon_host: + ceph_mon_host: list_join: - ',' - {get_param: ceph_mon_ips} + ceph_mon_host_v6: + str_replace: + template: "'[IPS_LIST]'" + params: + IPS_LIST: + list_join: + - '],[' + - {get_param: ceph_mon_ips} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::mon_key: {get_param: ceph_mon_key} # We should use a separated key for the non-admin clients diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 88120b9c..d2988926 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -62,6 +62,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + CephStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -90,6 +93,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: CephStorage: @@ -135,31 +141,43 @@ resources: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::CephStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::CephStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::CephStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::CephStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::CephStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::CephStorage::Net::SoftwareConfig diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 09c4d3e3..888f3cf8 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -9,7 +9,7 @@ parameters: description: Whether to enable or not the Iscsi backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: @@ -38,6 +38,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + BlockStorageIPs: + default: {} + type: json Flavor: description: Flavor for block storage nodes to request when deploying. type: string @@ -141,6 +144,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -187,31 +193,43 @@ resources: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::BlockStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::BlockStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::BlockStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::BlockStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::BlockStorage::Net::SoftwareConfig diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 58ca71e7..ee5bced6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -195,6 +195,9 @@ parameters: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts type: string + NodeIndex: + type: number + default: 0 NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -207,6 +210,9 @@ parameters: NovaCompute specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json + NovaComputeIPs: + default: {} + type: json NovaComputeLibvirtType: type: string default: kvm @@ -218,6 +224,10 @@ parameters: default: false description: Whether to enable or not the Rbd backend for Nova type: boolean + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean NovaPassword: description: The password for the nova service account, used by nova-api. type: string @@ -378,31 +388,43 @@ resources: type: OS::TripleO::Compute::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::Compute::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::Compute::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::Compute::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::Compute::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::Compute::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap @@ -478,6 +500,7 @@ resources: raw_data: {get_file: hieradata/compute.yaml} mapped_data: cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} + nova::use_ipv6: {get_input: nova_ipv6} nova::debug: {get_input: debug} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -567,10 +590,18 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + nova_ipv6: {get_param: NovaIPv6} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} - nova_vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value + nova_vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova_ovs_bridge: {get_param: NovaOVSBridge} nova_security_group_api: {get_param: NovaSecurityGroupAPI} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 494347ff..a873ce8a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -32,6 +32,10 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean CinderApiVirtualIP: type: string default: '' @@ -57,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: @@ -234,7 +238,7 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: @@ -613,6 +617,14 @@ parameters: default: 16384 description: Configures RabbitMQ FD limit type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -1135,12 +1147,14 @@ resources: ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} + ceilometer_store_events: {get_param: CeilometerStoreEvents} ceilometer_coordination_url: list_join: - '' - - 'redis://' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/?password=' + - {get_param: RedisPassword} ceilometer_dsn: list_join: - '' @@ -1180,6 +1194,7 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} + rabbit_ipv6: {get_param: RabbitIPv6} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} # We need to force this into quotes or hiera will return integer causing @@ -1232,6 +1247,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1285,7 +1301,7 @@ resources: mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::mon::public_addr: {get_input: ceph_public_ip} + ceph::profile::params::public_addr: {get_input: ceph_public_ip} database: raw_data: {get_file: hieradata/database.yaml} object: @@ -1400,9 +1416,11 @@ resources: heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone keystone::admin_token: {get_input: admin_token} + keystone::roles::admin::password: {get_input: admin_password} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} keystone_signing_certificate: {get_input: keystone_signing_certificate} @@ -1526,6 +1544,7 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1597,8 +1616,12 @@ resources: rabbitmq::file_limit: {get_input: rabbit_fd_limit} rabbitmq::default_user: {get_input: rabbit_username} rabbitmq::default_pass: {get_input: rabbit_password} + rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index ebd6c251..312d49a0 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -41,6 +41,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -54,7 +57,9 @@ resources: mapped_data: ceph_storage_count: {get_param: ceph_storage_count} enable_external_ceph: true - ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph_ipv6: {get_param: CephIPv6} + ceph_mon_host: {get_param: ceph_external_mon_ips} + ceph_mon_host_v6: {get_param: ceph_external_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::client_keys: str_replace: @@ -72,6 +77,7 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 905f196d..9b6981bb 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-12 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Dell Storage Center configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index c73608f1..36db334e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-06 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Eqlx configuration diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 7a5e54d8..98cec364 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -31,6 +31,8 @@ sysctl_settings: value: 0 net.ipv6.conf.default.autoconf: value: 0 + net.core.netdev_max_backlog: + value: 10000 nova::rabbit_heartbeat_timeout_threshold: 60 neutron::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 572eef9f..865210c9 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -7,7 +7,6 @@ nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::vnc_enabled: true -nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index f97bda11..288d224f 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,5 @@ # Hiera data here applies to all controller nodes + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -29,6 +30,9 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' +# keystone +keystone::roles::admin::email: 'root@localhost' + # service tenant glance::api::keystone_tenant: 'service' glance::registry::keystone_tenant: 'service' @@ -100,6 +104,7 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL' cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::cron::db_purge::destination: '/dev/null' cinder::host: hostgroup +cinder_user_enabled_backends: [] # heat heat::engine::configure_delegated_roles: false @@ -109,6 +114,9 @@ heat::cron::purge_deleted::age: 30 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' +heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml index f4cd78a9..8640c0a7 100644 --- a/puppet/hieradata/volume.yaml +++ b/puppet/hieradata/volume.yaml @@ -9,4 +9,6 @@ cinder::config::cinder_config: DEFAULT/swift_catalog_info: value: 'object-store:swift:internalURL' +cinder_user_enabled_backends: [] + volume_classes: []
\ No newline at end of file diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 0db5b45a..fd7faff1 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -40,6 +40,14 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) { } -> Class['ceph::profile::osd'] } +if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') +} else { + $mon_host = hiera('ceph_mon_host') +} +class { '::ceph::profile::params': + mon_host => $mon_host, +} include ::ceph::conf include ::ceph::profile::client include ::ceph::profile::osd diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 7925f50a..b7f65f53 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,14 +53,17 @@ include ::nova include ::nova::config include ::nova::compute -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; -} - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client @@ -82,7 +85,42 @@ if hiera('cinder_enable_nfs_backend', false) { package {'nfs-utils': } -> Service['nova-compute'] } -include ::nova::compute::libvirt +if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' +} else { + $vncserver_listen = '0.0.0.0' +} +class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, +} + +# TUNNELLED mode provides a security enhancement when using shared storage but is not +# supported when not using shared storage. +# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 +if $rbd_ephemeral_storage { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED' +} else { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE' +} + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # In future versions of Nova, the live/block migration flags will be deprecated [1]. + # Tunnelling (encryption) will be handled via a single _new_ Nova + # config attribute 'live_migration_tunnelled'[2], thus + # avoiding users to have to supply libvirt flags. + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + # [1] https://review.openstack.org/#/c/263436/ + # [2] https://review.openstack.org/#/c/263434/ + 'libvirt/block_migration_flag': value => $block_migration_flag; + 'libvirt/live_migration_flag': value => $live_migration_flag; +} + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { file {'/etc/libvirt/qemu.conf': ensure => present, @@ -146,6 +184,9 @@ else { } } +neutron_config { + 'DEFAULT/host': value => $fqdn; +} include ::ceilometer include ::ceilometer::config @@ -159,7 +200,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('compute_classes') diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index e9483e6a..9e5c556a 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -48,14 +48,24 @@ if hiera('step') >= 2 { include ::mongodb::globals include ::mongodb::server - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and + # without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongo_node_string = join($mongo_node_ips_with_port, ',') $mongodb_replset = hiera('mongodb::server::replset') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" if downcase(hiera('bootstrap_nodeid')) == $::hostname { mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } } @@ -117,13 +127,23 @@ if hiera('step') >= 2 { $rabbit_nodes = hiera('rabbit_node_ips') if count($rabbit_nodes) > 1 { + + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': config_cluster => true, cluster_nodes => $rabbit_nodes, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } rabbitmq_policy { 'ha-all@/': pattern => '^(?!amq\.).*', @@ -141,8 +161,15 @@ if hiera('step') >= 2 { $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -168,6 +195,14 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -509,7 +544,7 @@ if hiera('step') >= 3 { $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } # swift proxy @@ -603,7 +638,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -628,6 +663,23 @@ if hiera('step') >= 4 { if $heat_enable_db_purge { include ::heat::cron::purge_deleted } + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + include ::keystone::roles::admin + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 8980afaf..38639a52 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -100,12 +100,21 @@ if hiera('step') >= 1 { # avoid races where non-master nodes attempt to start without # config (eg. binding on 0.0.0.0) # The module ignores erlang_cookie if cluster_config is false + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': service_manage => false, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } -> file { '/var/lib/rabbitmq/.erlang.cookie': ensure => file, @@ -192,8 +201,19 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { # NOTE(gfidente): the following vars are needed on all nodes so they - # need to stay out of pacemaker_master conditional - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # need to stay out of pacemaker_master conditional. + # The addresses mangling will hopefully go away when we'll be able to + # configure the connection string via hostnames, until then, we need to pass + # the list of IPv6 addresses *with* port and without the brackets as 'members' + # argument for the 'mongodb_replset' resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongodb_replset = hiera('mongodb::server::replset') if $pacemaker_master { @@ -422,7 +442,7 @@ if hiera('step') >= 2 { before => Mongodb_replset[$mongodb_replset], } mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } @@ -517,8 +537,15 @@ MYSQL_HOST=localhost\n", $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -544,6 +571,14 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -950,7 +985,7 @@ if hiera('step') >= 3 { $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } class { '::sahara': @@ -1097,7 +1132,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -1816,6 +1851,16 @@ if hiera('step') >= 5 { class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::apache::params::service_name], } + include ::heat::keystone::domain + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + + } else { + # On non-master controller we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } } } #END STEP 5 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 1ac66904..ae074589 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -50,7 +50,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('object_classes') diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 72cd36c3..134dc43b 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -44,7 +44,7 @@ if $cinder_enable_iscsi { $cinder_enabled_backends = any2array($cinder_iscsi_backend) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } $snmpd_user = hiera('snmpd_readonly_user_name') @@ -54,7 +54,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('volume_classes') diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3b04be83..c26aca77 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -83,6 +83,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + SwiftStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -111,6 +114,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -156,31 +162,43 @@ resources: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::SwiftStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::SwiftStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::SwiftStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::SwiftStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::ObjectStorage::Net::SoftwareConfig |