diff options
97 files changed, 881 insertions, 1466 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index fdf2ad63..91daa689 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -312,6 +312,13 @@ topics: Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellemc-unity-config.yaml + title: Cinder Dell EMC Unity backend + description: > + Enables a Cinder Dell EMC Unity backend, + configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 7768c4f0..03baf4aa 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -52,9 +52,7 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages @@ -75,3 +73,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 2b25e58e..f945a021 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -48,9 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute @@ -72,3 +69,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index d8f71414..81301349 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -32,9 +32,6 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL @@ -68,3 +65,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index a3bc8fcf..edc03d6c 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -7,9 +7,9 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ - OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml - OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml - OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml @@ -99,9 +99,19 @@ parameter_defaults: Debug: true #NOTE(gfidente): not great but we need this to deploy on ext4 #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ - ExtraConfig: - ceph::profile::params::osd_max_object_name_len: 256 - ceph::profile::params::osd_max_object_namespace_len: 64 + CephAnsibleDisksConfig: + devices: + - /dev/loop3 + journal_size: 512 + journal_collocation: true + CephAnsibleExtraConfig: + ceph_conf_overrides: + global: + osd_pool_default_size: 1 + osd_pool_default_pg_num: 32 + osd_max_object_name_len: 256 + osd_max_object_namespace_len: 64 + CephAnsibleSkipTags: '' #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for # developer and CI testing only. diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index d300f773..584c1e5e 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -8,7 +8,10 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + # TODO: Zaqar doesn't work when containerized + # https://bugs.launchpad.net/tripleo/+bug/1710959 + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 513d3f71..5670c213 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -2,7 +2,7 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index b36bb97a..8d17c223 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -11,6 +11,7 @@ # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} {% set update_steps_max = 6 -%} +{% set upgrade_steps_max = 6 -%} heat_template_version: pike @@ -337,4 +338,20 @@ outputs: with_sequence: count={{deploy_steps_max-1}} loop_control: loop_var: step + upgrade_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/upgrade_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + upgrade_steps_playbook: | + - hosts: overcloud + tasks: + - include: upgrade_steps_tasks.yaml + with_sequence: count={{upgrade_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 09677c64..535b1693 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -92,6 +92,21 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - - name: Stop and disable ceilometer-agent-compute service + - name: Check if openstack-ceilometer-compute is deployed + command: systemctl is-enabled openstack-ceilometer-compute + tags: step2 + ignore_errors: True + register: openstack_ceilometer_compute_enabled + - name: Check if openstack-ceilometer-polling is deployed + command: systemctl is-enabled openstack-ceilometer-polling + tags: step2 + ignore_errors: True + register: openstack_ceilometer_polling_enabled + - name: Stop and disable ceilometer compute agent tags: step2 service: name=openstack-ceilometer-compute state=stopped enabled=no + when: openstack_ceilometer_compute_enabled.rc == 0 + - name: Stop and disable ceilometer polling agent + tags: step2 + service: name=openstack-ceilometer-polling state=stopped enabled=no + when: openstack_ceilometer_polling_enabled.rc == 0 diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index d0bc2669..d78ff7fd 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackUpdateType: + type: string + description: > + Type of update, to differentiate between UPGRADE and UPDATE cases + when StackAction is UPDATE (both are the same stack action). + constraints: + - allowed_values: ['', 'UPGRADE'] + default: '' CephAnsibleWorkflowName: type: string description: Name of the Mistral workflow to execute @@ -38,10 +46,18 @@ parameters: type: string description: Path to the ceph-ansible playbook to execute default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleUpgradePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute on upgrade + default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} + CephAnsibleSkipTags: + type: string + description: List of ceph-ansible tags to skip + default: 'package-install,with_pkg' CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -78,7 +94,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -109,6 +125,8 @@ conditions: yaql: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') + perform_upgrade: + equals: [{get_param: StackUpdateType}, 'UPGRADE'] resources: DockerImageUrlParts: @@ -154,10 +172,16 @@ outputs: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } input: + ansible_skip_tags: {get_param: CephAnsibleSkipTags} ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} - ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + ceph_ansible_playbook: + if: + - perform_upgrade + - {get_param: CephAnsibleUpgradePlaybook} + - {get_param: CephAnsiblePlaybook} config_settings: ceph_common_ansible_vars: + ireallymeanit: 'yes' fsid: { get_param: CephClusterFSID } docker: true ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 19e658cd..2957312b 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -81,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -99,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -106,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-statsd service tags: step2 diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml new file mode 100644 index 00000000..22ee5b56 --- /dev/null +++ b/docker/services/logrotate-crond.yaml @@ -0,0 +1,84 @@ +heat_template_version: pike + +description: > + Containerized logrotate with crond for containerized service logs rotation + +parameters: + DockerCrondImage: + description: image + type: string + DockerCrondConfigImage: + description: The container image to use for the crond config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the crond role. + value: + service_name: logrotate_crond + config_settings: {} + step_config: &step_config | + include ::tripleo::profile::base::logging::logrotate + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: crond + step_config: *step_config + config_image: {get_param: DockerCrondConfigImage} + kolla_config: + /var/lib/kolla/config_files/logrotate-crond.json: + command: /usr/sbin/crond -s -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_4: + logrotate_crond: + image: {get_param: DockerCrondImage} + net: none + pid: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro + - /var/log/containers:/var/log/containers + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 62c25bb2..47414083 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -61,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index c6a80efa..c2117c04 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -76,7 +76,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderBackupImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -102,10 +108,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_backup_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'" + params: + CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage} + CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest + image: {get_param: DockerCinderBackupImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_backup_init_logs: start_order: 0 - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -129,7 +158,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 3c1b7a74..a4f69517 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -69,7 +69,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderVolumeImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -93,10 +99,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_volume_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'" + params: + CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage} + CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest + image: {get_param: DockerCinderVolumeImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_volume_init_logs: start_order: 0 - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -120,7 +149,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 8ba7d723..3de1696d 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -79,7 +79,13 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerMysqlImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 tripleo.mysql.firewall_rules: '104 mysql galera-bundle': @@ -141,7 +147,7 @@ outputs: mysql_data_ownership: start_order: 0 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host user: root # Kolla does only non-recursive chown @@ -151,7 +157,7 @@ outputs: mysql_bootstrap: start_order: 1 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: @@ -196,6 +202,28 @@ outputs: passwords: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_image_tag: + start_order: 2 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'" + params: + MYSQL_IMAGE: {get_param: DockerMysqlImage} + MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest + image: {get_param: DockerMysqlImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: mysql_init_bundle: start_order: 1 @@ -214,7 +242,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' - image: *mysql_image + image: {get_param: DockerMysqlImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 75b6d650..0b8aa046 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -60,7 +60,13 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRedisImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 tripleo.redis.firewall_rules: '108 redis-bundle': @@ -104,6 +110,29 @@ outputs: owner: redis:redis recurse: true docker_config: + step_1: + redis_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'" + params: + REDIS_IMAGE: {get_param: DockerRedisImage} + REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest + image: {get_param: DockerRedisImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: redis_init_bundle: start_order: 2 diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 5ba54f85..2e5c7424 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -92,6 +92,13 @@ outputs: tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory} # disable the use CRL file until we can restart the container when the file expires tripleo::haproxy::crl_file: null + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerHAProxyImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -142,6 +149,30 @@ outputs: perm: '0600' optional: true docker_config: + step_1: + haproxy_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'" + params: + HAPROXY_IMAGE: {get_param: DockerHAProxyImage} + HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest + image: {get_param: DockerHAProxyImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + image: {get_param: DockerHAProxyImage} step_2: haproxy_init_bundle: start_order: 3 @@ -165,7 +196,7 @@ outputs: - ';' - - 'include ::tripleo::profile::base::pacemaker' - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - image: *haproxy_image + image: {get_param: DockerHAProxyImage} volumes: list_concat: - *deployed_cert_mount diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml index 7103ba8b..c88737aa 100644 --- a/docker/services/pacemaker/manila-share.yaml +++ b/docker/services/pacemaker/manila-share.yaml @@ -59,7 +59,13 @@ outputs: config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] - - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image {get_param: DockerManilaShareImage} + - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerManilaShareImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' manila::share::manage_service: false manila::share::enabled: false manila::host: hostgroup @@ -93,10 +99,33 @@ outputs: owner: manila:manila recurse: true docker_config: + step_1: + manila_share_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'" + params: + MANILASHARE_IMAGE: {get_param: DockerManilaShareImage} + MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: manila_share_init_logs: start_order: 0 - image: *manila_share_image + image: {get_param: DockerManilaShareImage} privileged: false user: root volumes: @@ -120,7 +149,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle' - image: *manila_share_image + image: {get_param: DockerManilaShareImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index d8e50afd..ba1abaf9 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -62,7 +62,13 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.rabbitmq.firewall_rules: '109 rabbitmq-bundle': @@ -118,7 +124,7 @@ outputs: step_1: rabbitmq_bootstrap: start_order: 0 - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} net: host privileged: false volumes: @@ -141,6 +147,28 @@ outputs: passwords: - {get_param: RabbitCookie} - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: rabbitmq_init_bundle: start_order: 0 @@ -159,7 +187,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 418c60d2..add78879 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -40,6 +40,18 @@ parameters: type: string default: '' hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -66,6 +78,10 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} step_config: &step_config list_join: - "\n" @@ -85,10 +101,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -115,6 +142,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -143,6 +181,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -155,6 +204,8 @@ outputs: volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 072c6759..b6fb4001 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -57,7 +57,7 @@ resources: type: ../../puppet/services/database/mysql-client.yaml ZaqarBase: - type: ../../puppet/services/zaqar.yaml + type: ../../puppet/services/zaqar-api.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} diff --git a/environments/cinder-dellemc-unity-config.yaml b/environments/cinder-dellemc-unity-config.yaml new file mode 100644 index 00000000..c67c91cb --- /dev/null +++ b/environments/cinder-dellemc-unity-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC Unity backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCUnity: ../puppet/services/cinder-backend-dellemc-unity.yaml + +parameter_defaults: + CinderEnableDellEMCUnityBackend: true + CinderDellEMCUnityBackendName: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: '' + CinderDellEMCUnitySanLogin: 'Admin' + CinderDellEMCUnitySanPassword: '' + CinderDellEMCUnityStorageProtocol: 'iSCSI' + CinderDellEMCUnityIoPorts: '' + CinderDellEMCUnityStoragePoolNames: '' diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index eae809a5..dd1c5455 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder @@ -122,6 +123,7 @@ - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute @@ -149,6 +151,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd @@ -165,6 +168,7 @@ - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp @@ -184,6 +188,7 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone @@ -203,6 +208,7 @@ - OS::TripleO::Services::ContrailWebUI - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -217,6 +223,7 @@ - OS::TripleO::Services::ContrailAnalytics - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -230,6 +237,7 @@ - OS::TripleO::Services::ContrailAnalyticsDatabase - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -243,6 +251,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -256,6 +265,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index e977dff2..e15cc3e3 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -18,11 +18,14 @@ resource_registry: OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml + OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml @@ -33,14 +36,14 @@ resource_registry: OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml - OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml - OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index a47e0d4d..dfa30b08 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -51,6 +51,7 @@ resource_registry: OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed. # OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 834c4f10..81044170 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml index 5e9e15e3..591e2260 100755 --- a/environments/neutron-sriov.yaml +++ b/environments/neutron-sriov.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml parameter_defaults: - NeutronMechanismDrivers: ['openvswitch','sriovnicswitch'] + NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch'] # Add PciPassthroughFilter to the scheduler default filters #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml index e501b69c..f57582c2 100644 --- a/environments/services/zaqar.yaml +++ b/environments/services/zaqar.yaml @@ -1,3 +1,3 @@ resource_registry: - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml index f1c9d516..0f2d0396 100644 --- a/environments/storage/external-ceph.yaml +++ b/environments/storage/external-ceph.yaml @@ -13,7 +13,7 @@ parameter_defaults: # Type: string CephAdminKey: '' - # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. # Mandatory. This parameter must be set by the user. # Type: string CephClientKey: <None> diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index d14ed73f..487857ef 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -235,11 +235,25 @@ case "${REG_METHOD:-}" in if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # Delete the /etc/rhsm/facts directory entirely so that the + # %post script from katello-ca-consumer does not override the + # hostname with $(hostname -f) if there is no fqdn set + fqdn=$(hostname -f) + if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then + rm -rf /etc/rhsm/facts + fi + rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # recreate the facts dir just in case we rm'd it earlier + mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 5bdb0af9..74fb3bb1 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -11,27 +11,3 @@ name: - network/storage_mgmt_v6.yaml - network/tenant_v6.yaml - network/management_v6.yaml - - network/ports/internal_api.yaml - - network/ports/external.yaml - - network/ports/storage.yaml - - network/ports/storage_mgmt.yaml - - network/ports/tenant.yaml - - network/ports/management.yaml - - network/ports/internal_api_v6.yaml - - network/ports/external_v6.yaml - - network/ports/storage_v6.yaml - - network/ports/storage_mgmt_v6.yaml - - network/ports/tenant_v6.yaml - - network/ports/management_v6.yaml - - network/ports/internal_api_from_pool.yaml - - network/ports/external_from_pool.yaml - - network/ports/storage_from_pool.yaml - - network/ports/storage_mgmt_from_pool.yaml - - network/ports/tenant_from_pool.yaml - - network/ports/management_from_pool.yaml - - network/ports/internal_api_from_pool_v6.yaml - - network/ports/external_from_pool_v6.yaml - - network/ports/storage_from_pool_v6.yaml - - network/ports/storage_mgmt_from_pool_v6.yaml - - network/ports/tenant_from_pool_v6.yaml - - network/ports/management_from_pool_v6.yaml diff --git a/network/ports/external.yaml b/network/ports/external.yaml deleted file mode 100644 index 72922093..00000000 --- a/network/ports/external.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the external network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ExternalPort: - type: OS::Neutron::Port - properties: - network: {get_param: ExternalNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: external network IP (for compatibility with external_v6.yaml) - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml deleted file mode 100644 index a14aa90b..00000000 --- a/network/ports/external_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '10.0.0.0/24' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml deleted file mode 100644 index 2aa51267..00000000 --- a/network/ports/external_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '2001:db8:fd00:1000::/64' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml deleted file mode 100644 index 94006437..00000000 --- a/network/ports/internal_api.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: The name of the internal_api network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml deleted file mode 100644 index 6eeca142..00000000 --- a/network/ports/internal_api_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - InternalApiNetName: - description: The name of the internal_api network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: '172.16.2.0/24' - description: Cidr for the internal_api network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml deleted file mode 100644 index 589d72a8..00000000 --- a/network/ports/internal_api_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - InternalApiNetName: - description: The name of the internal_api network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal_api network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml deleted file mode 100644 index 36a3ad07..00000000 --- a/network/ports/internal_api_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: The name of the internal_api network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: internal api network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management.yaml b/network/ports/management.yaml deleted file mode 100644 index 417d0612..00000000 --- a/network/ports/management.yaml +++ /dev/null @@ -1,49 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml deleted file mode 100644 index 4815d163..00000000 --- a/network/ports/management_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: '172.16.4.0/24' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml deleted file mode 100644 index 2a7d3b1d..00000000 --- a/network/ports/management_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: 'fd00:fd00:fd00:6000::/64' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml deleted file mode 100644 index 9de06d9c..00000000 --- a/network/ports/management_v6.yaml +++ /dev/null @@ -1,54 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_v6.yaml b/network/ports/port.j2 index 5a1b5ae3..2088d840 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/port.j2 @@ -1,19 +1,19 @@ heat_template_version: pike description: > - Creates a port on the external network. The IP address will be chosen + Creates a port on the {{network.name}} network. The IP address will be chosen automatically if FixedIPs is empty. parameters: - ExternalNetName: - description: The name of the external network. - default: external + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower|default(network.name|lower)}} type: string PortName: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string @@ -36,31 +36,37 @@ parameters: resources: - ExternalPort: + {{network.name}}Port: type: OS::Neutron::Port properties: - network: {get_param: ExternalNetName} + network: {get_param: {{network.name}}NetName} name: {get_param: PortName} fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} ip_address_uri: - description: external network IP with brackets suitable for a URL +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) value: list_join: - '' - - '[' - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} ip_subnet: - description: IP/Subnet CIDR for the external network IP + description: IP/Subnet CIDR for the {{network.name}} network IP value: list_join: - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml index ded3e798..d0bd45ab 100644 --- a/network/ports/port.network.j2.yaml +++ b/network/ports/port.network.j2.yaml @@ -1,72 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name_lower}} neutron network - default: {{network.name_lower|default(network.name|lower)}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - {{network.name}}Port: - type: OS::Neutron::Port - properties: - network: {get_param: {{network.name}}NetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with IPv6 URLs) - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} - +{% include 'port.j2' %} diff --git a/network/ports/port_from_pool.j2 b/network/ports/port_from_pool.j2 new file mode 100644 index 00000000..14b93692 --- /dev/null +++ b/network/ports/port_from_pool.j2 @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml index 9c08ec76..ff863583 100644 --- a/network/ports/port_from_pool.network.j2.yaml +++ b/network/ports/port_from_pool.network.j2.yaml @@ -1,65 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network, using a map of IPs per role. - Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by - network (lower_name or lower case). For example: - ControllerIPs: - external: - - 1.2.3.4 # First controller - - 1.2.3.5 # Second controller - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name}} neutron network - default: {{network.name_lower}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml - default: {} - type: json - NodeIndex: # First node in the role will get first IP, and so on... - default: 0 - type: number - {{network.name}}NetCidr: - default: {{network.ip_subnet}} - description: Cidr for the {{network.name_lower}} network. - type: string - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} - +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_from_pool_v6.network.j2.yaml b/network/ports/port_from_pool_v6.network.j2.yaml new file mode 100644 index 00000000..689e1ad0 --- /dev/null +++ b/network/ports/port_from_pool_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_v6.network.j2.yaml b/network/ports/port_v6.network.j2.yaml new file mode 100644 index 00000000..59709bde --- /dev/null +++ b/network/ports/port_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port.j2' %} diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml deleted file mode 100644 index 13e51ccf..00000000 --- a/network/ports/storage.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml deleted file mode 100644 index 11aa20c7..00000000 --- a/network/ports/storage_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: '172.16.1.0/24' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml deleted file mode 100644 index 2d2c3055..00000000 --- a/network/ports/storage_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: 'fd00:fd00:fd00:3000::/64' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml deleted file mode 100644 index 0940b849..00000000 --- a/network/ports/storage_mgmt.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: The name of the storage_mgmt network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - storage_mgmt network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml deleted file mode 100644 index 7efbc5ee..00000000 --- a/network/ports/storage_mgmt_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageMgmtNetName: - description: The name of the storage_mgmt network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: '172.16.3.0/24' - description: Cidr for the storage_mgmt network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml deleted file mode 100644 index 07998aba..00000000 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageMgmtNetName: - description: The name of the storage_mgmt network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage_mgmt network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml deleted file mode 100644 index 399590c1..00000000 --- a/network/ports/storage_mgmt_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: The name of the storage_mgmt network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage_mgmt network IP with brackets suitable for a URI - value: - list_join: - - '' - - - '[' - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml deleted file mode 100644 index c7d47c54..00000000 --- a/network/ports/storage_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml deleted file mode 100644 index 6c5eee38..00000000 --- a/network/ports/tenant.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml deleted file mode 100644 index 94c419df..00000000 --- a/network/ports/tenant_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: '172.16.0.0/24' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml deleted file mode 100644 index cc2b619a..00000000 --- a/network/ports/tenant_from_pool_v6.yaml +++ /dev/null @@ -1,51 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: 'fd00:fd00:fd00:5000::/64' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml deleted file mode 100644 index 47d52d8a..00000000 --- a/network/ports/tenant_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2a9f9d76..0f0e9ceb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -195,6 +195,7 @@ resource_registry: OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml + OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml @@ -263,6 +264,7 @@ resource_registry: OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None + OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml new file mode 100644 index 00000000..c8b8bd8f --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-unity.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC Unity backend + +parameters: + CinderEnableDellEMCUnityBackend: + type: boolean + default: true + CinderDellEMCUnityBackendName: + type: string + default: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: + type: string + CinderDellEMCUnitySanLogin: + type: string + default: 'Admin' + CinderDellEMCUnitySanPassword: + type: string + hidden: true + CinderDellEMCUnityStorageProtocol: + type: string + default: 'iSCSI' + CinderDellEMCUnityIoPorts: + type: string + default: '' + CinderDellEMCUnityStoragePoolNames: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellemc_unity + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend} + cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName} + cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp} + cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin} + cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword} + cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol} + cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts} + cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d11ef66a..2cda08eb 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -7,8 +7,9 @@ parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. - type: string - default: '' + The value can be multiple addresses separated by commas. + type: comma_delimited_list + default: [] EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,7 +38,7 @@ parameters: type: json conditions: - insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} outputs: role_data: @@ -48,11 +49,10 @@ outputs: if: - insecure_registry_is_empty - {} - - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} + - tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: - name: Install docker packages on upgrade if missing tags: step3 yum: name=docker state=latest - diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index 642685a8..e0173d88 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -86,7 +86,6 @@ outputs: - - {get_param: HAProxyInternalTLSKeysDirectory} - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" for_each: NETWORK: {get_attr: [HAProxyNetworks, value]} diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index b2766c44..14d171dc 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -71,7 +71,6 @@ outputs: - - {get_param: HAProxyInternalTLSKeysDirectory} - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" metadata_settings: - service: haproxy diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 36866a3a..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 04936c33..3f37cd94 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -162,7 +162,7 @@ outputs: dport: - 16514 - '49152-49215' - - '5900-5999' + - '5900-6923' - if: @@ -170,6 +170,8 @@ outputs: - generate_service_certificates: true tripleo::profile::base::nova::migration::client::libvirt_tls: true + nova::migration::libvirt::listen_address: + get_param: [ServiceNetMap, NovaLibvirtNetwork] nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar-api.yaml index 4a1ad179..82d105ef 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar-api.yaml @@ -87,9 +87,9 @@ resources: outputs: role_data: - description: Shared role data for the Heat services. + description: Shared role data for the Zaqar services. value: - service_name: zaqar + service_name: zaqar_api config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] diff --git a/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml new file mode 100644 index 00000000..52db34b6 --- /dev/null +++ b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The path to the zaqar profile has changed from puppet/services/zaqar.yaml to + puppet/services/zaqar-api.yaml. Make sure to update any references to this + in the resource registry. diff --git a/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml new file mode 100644 index 00000000..f2edb9f7 --- /dev/null +++ b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC Unity cinder driver diff --git a/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml new file mode 100644 index 00000000..04b21fba --- /dev/null +++ b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Workaround systems getting registered as "localhost" during + RHEL registration if they don't have a fqdn set by first + rm'ing the /etc/rhsm/facts directory. When the directory does not + exist, the katello-rshm-consumer which runs when installing + the katello-ca-consumer will not set the hostname.override fact to + "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 939b263c..9d46018a 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b3' +release = '7.0.0.0rc1' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index e4fdfa44..9d1bef08 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -21,6 +21,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index f3978c5b..8e62e8e7 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ce5ab742..9d2c8189 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -44,6 +44,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 0e8a90b7..0216b04a 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -35,6 +35,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index 7c3cd218..9b94710d 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 224d1356..56f54f54 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -34,6 +34,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -44,6 +46,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -108,6 +111,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 10d76dd7..2cfc0cb9 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -27,12 +27,14 @@ - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI @@ -79,6 +81,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/Database.yaml b/roles/Database.yaml index e101fd4f..ffeada05 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -10,12 +10,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index ae848bc8..d5d8ddd7 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -8,12 +8,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index 47e0f920..cd6071c4 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -10,10 +10,12 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SensuClient diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 311e0a7d..1bf58031 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -11,6 +11,7 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel @@ -29,6 +30,7 @@ - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::PacemakerRemote - OS::TripleO::Services::SensuClient diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index ad372be6..e2eacd9e 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -26,6 +26,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index b1c73798..1dbb887f 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -12,10 +12,13 @@ - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhListener - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CACerts - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TrieplO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd @@ -23,6 +26,7 @@ - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Redis diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index a408a21b..a78ba398 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -39,6 +39,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/roles_data.yaml b/roles_data.yaml index 8f670994..313fcaa9 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -37,6 +37,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -47,6 +49,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -111,6 +114,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping @@ -185,6 +189,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient @@ -219,6 +224,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -255,6 +261,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -285,6 +292,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d61d1a2f..4628665b 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -42,6 +42,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder |