diff options
143 files changed, 1252 insertions, 1391 deletions
diff --git a/all-nodes-validation.yaml b/all-nodes-validation.yaml index 65d01d0f..eea3e40a 100644 --- a/all-nodes-validation.yaml +++ b/all-nodes-validation.yaml @@ -10,6 +10,10 @@ parameters: default: '' description: A string containing a space separated list of IP addresses used to ping test each available network interface. type: string + ValidateFqdn: + default: false + description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts. + type: boolean resources: AllNodesValidationsImpl: @@ -19,6 +23,8 @@ resources: inputs: - name: ping_test_ips default: {get_param: PingTestIps} + - name: validate_fqdn + default: {get_param: ValidateFqdn} config: {get_file: ./validation-scripts/all-nodes.sh} outputs: diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 00000000..4f9b4254 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,2 @@ +# This is a cross-platform list tracking distribution packages needed by tests; +# see http://docs.openstack.org/infra/bindep/ for additional information. diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index e5c1b411..2251cc0c 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -54,6 +54,7 @@ parameter_defaults: - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Horizon ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh index 7266ca57..c86e771c 100644 --- a/deployed-server/deployed-server-bootstrap-centos.sh +++ b/deployed-server/deployed-server-bootstrap-centos.sh @@ -8,7 +8,8 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/deployed-server/deployed-server-bootstrap-rhel.sh b/deployed-server/deployed-server-bootstrap-rhel.sh index 36ff0077..10b4999b 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.sh +++ b/deployed-server/deployed-server-bootstrap-rhel.sh @@ -8,6 +8,7 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index 6c196f97..d0cc4dff 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -63,7 +63,7 @@ for role in $OVERCLOUD_ROLES; do rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) done - stacks=$(openstack stack resource list $rg_stack -c physical_resource_id -f value) + stacks=$(openstack stack resource list $rg_stack -c resource_name -c physical_resource_id -f json | jq -r "sort_by(.resource_name) | .[] | .physical_resource_id") i=0 diff --git a/environments/deployed-server-environment.j2.yaml b/environments/deployed-server-environment.j2.yaml new file mode 100644 index 00000000..327934da --- /dev/null +++ b/environments/deployed-server-environment.j2.yaml @@ -0,0 +1,11 @@ +resource_registry: + OS::TripleO::Server: ../deployed-server/deployed-server.yaml + OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None + +{% for role in roles %} + # Default nic config mappings + OS::TripleO::{{role.name}}::Net::SoftwareConfig: ../net-config-static.yaml +{% endfor %} + + OS::TripleO::ControllerDeployedServer::Net::SoftwareConfig: ../net-config-static-bridge.yaml diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml deleted file mode 100644 index 7bc1bd9b..00000000 --- a/environments/deployed-server-environment.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resource_registry: - OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port - OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 77fa5a49..3738072c 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -25,4 +26,6 @@ parameter_defaults: - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd - OS::TripleO::Services::CephOSD diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 9e3cddba..3bc9faa2 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -1,15 +1,16 @@ resource_registry: OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml parameter_defaults: + EnableConfigPurge: true UpgradeLevelNovaCompute: auto UpgradeInitCommonCommand: | #!/bin/bash # Newton to Ocata, we need to remove old hiera hook data and # install ansible heat agents and ansible-pacemaker set -eu + yum install -y openstack-heat-agents yum install -y python-heat-agent-* yum install -y ansible-pacemaker rm -f /usr/libexec/os-apply-config/templates/etc/puppet/hiera.yaml rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles rm -f /etc/puppet/hieradata/*.yaml - diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml index f09fb20e..4e8bf46b 100644 --- a/environments/major-upgrade-converge.yaml +++ b/environments/major-upgrade-converge.yaml @@ -3,5 +3,6 @@ resource_registry: OS::TripleO::PostDeploySteps: ../puppet/post.yaml parameter_defaults: + EnableConfigPurge: false UpgradeLevelNovaCompute: '' UpgradeInitCommonCommand: '' diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml index 75959a0b..cc27d4f0 100644 --- a/environments/net-bond-with-vlans-no-external.yaml +++ b/environments/net-bond-with-vlans-no-external.yaml @@ -20,7 +20,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -# NOTE: with no external interface we should be able to use the -# default Neutron l3_agent.ini setting for the external bridge (br-ex) -# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-bond-with-vlans-v6.yaml b/environments/net-bond-with-vlans-v6.yaml index 73dda3d9..dc6fdfe3 100644 --- a/environments/net-bond-with-vlans-v6.yaml +++ b/environments/net-bond-with-vlans-v6.yaml @@ -12,9 +12,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-v6.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-bond-with-vlans.yaml b/environments/net-bond-with-vlans.yaml index de8f8f74..38c31cac 100644 --- a/environments/net-bond-with-vlans.yaml +++ b/environments/net-bond-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-linux-bridge-with-vlans.yaml b/environments/net-single-nic-linux-bridge-with-vlans.yaml index fd80bb9b..f34cfb92 100644 --- a/environments/net-single-nic-linux-bridge-with-vlans.yaml +++ b/environments/net-single-nic-linux-bridge-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml index c7594b32..65d38137 100644 --- a/environments/net-single-nic-with-vlans-no-external.yaml +++ b/environments/net-single-nic-with-vlans-no-external.yaml @@ -19,7 +19,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -# NOTE: with no external interface we should be able to use the -# default Neutron l3_agent.ini setting for the external bridge (br-ex) -# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-v6.yaml b/environments/net-single-nic-with-vlans-v6.yaml index 8210bad3..966e5fe9 100644 --- a/environments/net-single-nic-with-vlans-v6.yaml +++ b/environments/net-single-nic-with-vlans-v6.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-v6.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans.yaml b/environments/net-single-nic-with-vlans.yaml index a61bc6e1..b087b3e4 100644 --- a/environments/net-single-nic-with-vlans.yaml +++ b/environments/net-single-nic-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index 796eb806..210b6b03 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -48,8 +48,6 @@ parameter_defaults: # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes DnsServers: ["8.8.8.8","8.8.4.4"] - # Set to empty string to enable multiple external networks or VLANs - NeutronExternalNetworkBridge: "''" # List of Neutron network types for tenant networks (will be used in order) NeutronNetworkType: 'vxlan,vlan' # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. diff --git a/environments/neutron-ml2-bigswitch.yaml b/environments/neutron-ml2-bigswitch.yaml index 750d3c4e..8a4a144c 100644 --- a/environments/neutron-ml2-bigswitch.yaml +++ b/environments/neutron-ml2-bigswitch.yaml @@ -3,12 +3,17 @@ resource_registry: OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml + OS::TripleO::NeutronBigswitchAgent: ../puppet/services/neutron-bigswitch-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None parameter_defaults: # Required to fill in: NeutronBigswitchRestproxyServers: NeutronBigswitchRestproxyServerAuth: - NeutronMechanismDrivers: bsn_ml2 + NeutronMechanismDrivers: openvswitch,bsn_ml2 + NeutronServicePlugins: bsn_l3,bsn_service_plugin + KeystoneNotificationDriver: messaging # Optional: # NeutronBigswitchRestproxyAutoSyncOnFailure: @@ -19,3 +24,9 @@ parameter_defaults: # NeutronBigswitchAgentEnabled: # NeutronBigswitchLLDPEnabled: + ControllerExtraConfig: + neutron::agents::l3::enabled: false + neutron::agents::dhcp::enable_force_metadata: true + neutron::agents::dhcp::enable_isolated_metadata: true + neutron::agents::dhcp::enable_metadata_network: false + neutron::server::l3_ha: false diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml index 94cd8d5d..fb1ea6a7 100644 --- a/environments/services/disable-ceilometer-api.yaml +++ b/environments/services/disable-ceilometer-api.yaml @@ -1,2 +1,5 @@ resource_registry: OS::TripleO::Services::CeilometerApi: OS::Heat::None + +parameter_defaults: + CeilometerApiEndpoint: false diff --git a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml index c388358a..24557517 100644 --- a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml @@ -21,3 +21,7 @@ parameter_defaults: rhel_reg_type: "" rhel_reg_method: "" rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms" + rhel_reg_http_proxy_host: "" + rhel_reg_http_proxy_port: "" + rhel_reg_http_proxy_username: "" + rhel_reg_http_proxy_password: "" diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fdf2e957..e8316c53 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -45,6 +45,14 @@ parameters: type: string rhel_reg_sat_repo: type: string + rhel_reg_http_proxy_host: + type: string + rhel_reg_http_proxy_port: + type: string + rhel_reg_http_proxy_username: + type: string + rhel_reg_http_proxy_password: + type: string resources: @@ -71,6 +79,10 @@ resources: - name: REG_TYPE - name: REG_METHOD - name: REG_SAT_REPO + - name: REG_HTTP_PROXY_HOST + - name: REG_HTTP_PROXY_PORT + - name: REG_HTTP_PROXY_USERNAME + - name: REG_HTTP_PROXY_PASSWORD config: {get_file: scripts/rhel-registration} RHELRegistrationDeployment: @@ -99,6 +111,10 @@ resources: REG_TYPE: {get_param: rhel_reg_type} REG_METHOD: {get_param: rhel_reg_method} REG_SAT_REPO: {get_param: rhel_reg_sat_repo} + REG_HTTP_PROXY_HOST: {get_param: rhel_reg_http_proxy_host} + REG_HTTP_PROXY_PORT: {get_param: rhel_reg_http_proxy_port} + REG_HTTP_PROXY_USERNAME: {get_param: rhel_reg_http_proxy_username} + REG_HTTP_PROXY_PASSWORD: {get_param: rhel_reg_http_proxy_password} RHELUnregistration: type: OS::Heat::SoftwareConfig diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 2650a967..bff8b23b 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -11,12 +11,20 @@ if [ -e $OK ] ; then exit 0 fi -retryCount=0 +retry_max_count=10 opts= +config_opts= attach_opts= sat5_opts= repos="repos --enable rhel-7-server-rpms" satellite_repo=${REG_SAT_REPO} +proxy_host= +proxy_port= +proxy_url= +proxy_username= +proxy_password= + +# process variables.. if [ -n "${REG_AUTO_ATTACH:-}" ]; then opts="$opts --auto-attach" @@ -97,28 +105,93 @@ if [ -n "${REG_TYPE:-}" ]; then opts="$opts --type=$REG_TYPE" fi -function retry() { - if [[ $retryCount < 3 ]]; then - $@ - if ! [[ $? == 0 ]]; then - retryCount=$(echo $retryCount + 1 | bc) - echo "WARN: Failed to connect when running '$@', retrying..." - retry $@ +# Proxy settings (host and port) +if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then + proxy_host="${REG_HTTP_PROXY_HOST}" +fi + +if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then + proxy_port="${REG_HTTP_PROXY_PORT}" +fi + +# Proxy settings (user and password) +if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then + proxy_username="${REG_HTTP_PROXY_USERNAME}" +fi + +if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then + proxy_password="${REG_HTTP_PROXY_PASSWORD}" +fi + +# Sanity Checks for proxy host/port/user/password +if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then + if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then + # Good both values are not empty + proxy_url="http://${proxy_host}:${proxy_port}" + config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}" + sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}" + echo "RHSM Proxy set to: ${proxy_url}" + if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then + if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then + config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}" + sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}" + else + echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..." + proxy_username= ; proxy_password= + fi + else + if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then + echo "Warning: REG_HTTP_PROXY_USERNAME cannot be null with non-empty REG_HTTP_PROXY_PASSWORD! Skipping..." + proxy_username= ; proxy_password= + fi + fi else - retryCount=0 + echo "Warning: REG_HTTP_PROXY_PORT cannot be null with non-empty REG_HTTP_PROXY_HOST! Skipping..." + proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password= fi - else - echo "ERROR: Failed to connect after 3 attempts when running '$@'" - exit 1 - fi +else + if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then + echo "Warning: REG_HTTP_PROXY_HOST cannot be null with non-empty REG_HTTP_PROXY_PORT! Skipping..." + proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password= + fi +fi + +function retry() { + # Inhibit -e since we want to retry without exiting.. + set +e + # Retry delay (seconds) + retry_delay=2.0 + retry_count=0 + mycli="$@" + while [ $retry_count -lt ${retry_max_count} ] + do + echo "INFO: Sleeping ${retry_delay} ..." + sleep ${retry_delay} + echo "INFO: Executing '${mycli}' ..." + ${mycli} + if [ $? -eq 0 ]; then + echo "INFO: Ran '${mycli}' successfully, not retrying..." + break + else + echo "WARN: Failed to connect when running '${mycli}', retrying (attempt #$retry_count )..." + retry_count=$(echo $retry_count + 1 | bc) + fi + done + + if [ $retry_count -ge ${retry_max_count} ]; then + echo "ERROR: Failed to connect after ${retry_max_count} attempts when running '${mycli}'" + exit 1 + fi + # Re-enable -e when exiting retry() + set -e } function detect_satellite_version { ping_api=$REG_SAT_URL/katello/api/ping - if curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then + if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then echo Satellite 6 detected at $REG_SAT_URL satellite_version=6 - elif curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 detected at $REG_SAT_URL satellite_version=5 else @@ -127,6 +200,27 @@ function detect_satellite_version { fi } +if [ "x${proxy_url}" != "x" ];then + # Config subscription-manager for proxy + subscription-manager config ${config_opts} + + # Config yum for proxy.. + sed -i -e '/^proxy=/d' /etc/yum.conf + echo "proxy=${proxy_url}" >> /etc/yum.conf + + # Handle optional username/password + if [ -n "${proxy_username}" ]; then + sed -i -e '/^proxy_username=/d' /etc/yum.conf + echo "proxy_username=${proxy_username}" >> /etc/yum.conf + fi + + if [ -n "${proxy_password}" ]; then + sed -i -e '/^proxy_password=/d' /etc/yum.conf + echo "proxy_password=${proxy_password}" >> /etc/yum.conf + fi + +fi + case "${REG_METHOD:-}" in portal) retry subscription-manager register $opts @@ -140,7 +234,7 @@ case "${REG_METHOD:-}" in detect_satellite_version if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" - curl --retry 3 --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos @@ -149,7 +243,7 @@ case "${REG_METHOD:-}" in retry subscription-manager repos --disable ${satellite_repo} else pushd /usr/share/rhn/ - curl --retry 3 --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi diff --git a/extraconfig/tasks/aodh_data_migration.sh b/extraconfig/tasks/aodh_data_migration.sh deleted file mode 100644 index d4c29673..00000000 --- a/extraconfig/tasks/aodh_data_migration.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# -# This delivers the aodh data migration script to be invoked as part of the tripleo -# major upgrade workflow to migrate all the alarm data from mongodb to mysql. -# This needs to run post controller node upgrades so new aodh mysql db configured and -# running. -# -set -eu - -#Get existing mongodb connection -MONGO_DB_CONNECTION="$(crudini --get /etc/ceilometer/ceilometer.conf database connection)" - -# Get the aodh database string from hiera data -MYSQL_DB_CONNECTION="$(crudini --get /etc/aodh/aodh.conf database connection)" - -#Run migration -/usr/bin/aodh-data-migration --nosql-conn $MONGO_DB_CONNECTION --sql-conn $MYSQL_DB_CONNECTION - - diff --git a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml deleted file mode 100644 index cf5d7a84..00000000 --- a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: ocata - -description: > - Software-config for ceilometer configuration under httpd during upgrades - -parameters: - servers: - type: json - input_values: - type: json - description: input values for the software deployments -resources: - CeilometerWsgiMitakaNewtonPreUpgradeConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - config: - get_file: mitaka_to_newton_ceilometer_wsgi_upgrade.pp - - CeilometerWsgiMitakaNewtonUpgradeConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\nset -e\n\n" - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - "disable_standalone_ceilometer_api\n\n" - - CeilometerWsgiMitakaNewtonPostUpgradeConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: | - #!/bin/bash - set -e - /usr/bin/systemctl reload httpd - - CeilometerWsgiMitakaNewtonPreUpgradeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - name: CeilometerWsgiMitakaNewtonPreUpgradeDeployment - servers: {get_param: [servers, Controller]} - config: {get_resource: CeilometerWsgiMitakaNewtonPreUpgradeConfig} - - CeilometerWsgiMitakaNewtonUpgradeConfigDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: CeilometerWsgiMitakaNewtonPreUpgradeDeployment - properties: - name: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment - servers: {get_param: [servers, Controller]} - config: {get_resource: CeilometerWsgiMitakaNewtonUpgradeConfig} - - CeilometerWsgiMitakaNewtonPostUpgradeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment - properties: - name: CeilometerWsgiMitakaNewtonPostUpgradeDeployment - servers: {get_param: [servers, Controller]} - config: {get_resource: CeilometerWsgiMitakaNewtonPostUpgradeConfig} diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh deleted file mode 100755 index 8bdff5e7..00000000 --- a/extraconfig/tasks/major_upgrade_check.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash - -set -eu - -check_cluster() -{ - if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then - echo_error "ERROR: upgrade cannot start with some cluster nodes being offline" - exit 1 - fi -} - -check_pcsd() -{ - if pcs status 2>&1 | grep -E 'Offline'; then - echo_error "ERROR: upgrade cannot start with some pcsd daemon offline" - exit 1 - fi -} - -mysql_need_update() -{ - # Shall we upgrade mysql data directory during the stack upgrade? - if [ "$mariadb_do_major_upgrade" = "auto" ]; then - ret=$(is_mysql_upgrade_needed) - if [ $ret = "1" ]; then - DO_MYSQL_UPGRADE=1 - else - DO_MYSQL_UPGRADE=0 - fi - echo "mysql upgrade required: $DO_MYSQL_UPGRADE" - elif [ "$mariadb_do_major_upgrade" = "no" ]; then - DO_MYSQL_UPGRADE=0 - else - DO_MYSQL_UPGRADE=1 - fi -} - -check_disk_for_mysql_dump() -{ - # Where to backup current database if mysql need to be upgraded - MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp - MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup - # Spare disk ratio for extra safety - MYSQL_BACKUP_SIZE_RATIO=1.2 - - mysql_need_update - - if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - - if [ -d "$MYSQL_BACKUP_DIR" ]; then - echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously" - exit 1 - fi - mkdir "$MYSQL_BACKUP_DIR" - if [ $? -ne 0 ]; then - echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR" - exit 1 - fi - - # the /root/.my.cnf is needed because we set the mysql root - # password from liberty onwards - backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction" - # While not ideal, this step allows us to calculate exactly how much space the dump - # will need. Our main goal here is avoiding any chance of corruption due to disk space - # exhaustion - backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c) - database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }') - free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1) - - # we need at least space for a new mysql database + dump of the existing one, - # times a small factor for additional safety room - # note: bash doesn't do floating point math or floats in if statements, - # so use python to apply the ratio and cast it back to integer - required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))") - if [ $required_space -ge $free_space ]; then - echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)" - exit 1 - fi - fi - fi -} - -check_python_rpm() -{ - # If for some reason rpm-python are missing we want to error out early enough - if ! rpm -q rpm-python &> /dev/null; then - echo_error "ERROR: upgrade cannot start without rpm-python installed" - exit 1 - fi -} - -check_clean_cluster() -{ - if pcs status | grep -q Stopped:; then - echo_error "ERROR: upgrade cannot start with stopped resources on the cluster. Make sure that all the resources are up and running." - exit 1 - fi -} - -check_galera_root_password() -{ - # BZ: 1357112 - if [ ! -e /root/.my.cnf ]; then - echo_error "ERROR: upgrade cannot be started, the galera password is missing. The overcloud needs update." - exit 1 - fi -} diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh deleted file mode 100755 index 080831ab..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -set -eu - -check_cluster -check_pcsd -if [[ -n $(is_bootstrap_node) ]]; then - check_clean_cluster -fi -check_python_rpm -check_galera_root_password -check_disk_for_mysql_dump - -# We want to disable fencing during the cluster --stop as it might fence -# nodes where a service fails to stop, which could be fatal during an upgrade -# procedure. So we remember the stonith state. If it was enabled we reenable it -# at the end of this script -if [[ -n $(is_bootstrap_node) ]]; then - STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') - # We create this empty file if stonith was set to true so we can reenable stonith in step2 - rm -f /var/tmp/stonith-true - if [ $STONITH_STATE == "true" ]; then - touch /var/tmp/stonith-true - fi - pcs property set stonith-enabled=false -fi - -# Migrate to HA NG and fix up rabbitmq queues -# We fix up the rabbitmq ha queues after the migration because it will -# restart the rabbitmq resource. Doing it after the migration means no other -# services will be restart as there are no other constraints -if [[ -n $(is_bootstrap_node) ]]; then - migrate_full_to_ng_ha - rabbitmq_newton_ocata_upgrade -fi - diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh deleted file mode 100755 index 6bfe1239..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/bin/bash - -set -eu - -cluster_sync_timeout=1800 - -# After migrating the cluster to HA-NG the services not under pacemaker's control -# are still up and running. We need to stop them explicitely otherwise during the yum -# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which -# is going to take a long time because rabbit is down. By having the service stopped -# systemctl try-restart is a noop - -for service in $(services_to_migrate); do - manage_systemd_service stop "${service%%-clone}" - # So the reason for not reusing check_resource_systemd is that - # I have observed systemctl is-active returning unknown with at least - # one service that was stopped (See LP 1627254) - timeout=600 - tstart=$(date +%s) - tend=$(( $tstart + $timeout )) - check_interval=3 - while (( $(date +%s) < $tend )); do - if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then - echo "$service still active, sleeping $check_interval seconds." - sleep $check_interval - else - # we do not care if it is inactive, unknown or failed as long as it is - # not running - break - fi - - done -done - -# In case the mysql package is updated, the database on disk must be -# upgraded as well. This typically needs to happen during major -# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) -# -# Because in-place upgrades are not supported across 2+ major versions -# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle -# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 -# -# The default is to determine automatically if upgrade is needed based -# on mysql package versionning, but this can be overriden manually -# to support specific upgrade scenario - -# Calling this function will set the DO_MYSQL_UPGRADE variable which is used -# later -mysql_need_update - -if [[ -n $(is_bootstrap_node) ]]; then - if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" - cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" - fi - - pcs resource disable redis - check_resource redis stopped 600 - pcs resource disable rabbitmq - check_resource rabbitmq stopped 600 - pcs resource disable galera - check_resource galera stopped 600 - pcs resource disable openstack-cinder-volume - check_resource openstack-cinder-volume stopped 600 - # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: - # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do - pcs resource disable $vip - check_resource $vip stopped 60 - done - pcs cluster stop --all -fi - - -# Swift isn't controlled by pacemaker -systemctl_swift stop - -tstart=$(date +%s) -while systemctl is-active pacemaker; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_sync_timeout )) ; then - echo_error "ERROR: cluster shutdown timed out" - exit 1 - fi -done - -# The reason we do an sql dump *and* we move the old dir out of -# the way is because it gives us an extra level of safety in case -# something goes wrong during the upgrade. Once the restore is -# successful we go ahead and remove it. If the directory exists -# we bail out as it means the upgrade process had issues in the last -# run. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then - echo_error "ERROR: mysql backup dir already exist" - exit 1 - fi - mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR -fi - -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -special_case_ovs_upgrade_if_needed - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y -q update - -# We need to ensure at least those two configuration settings, otherwise -# mariadb 10.1+ won't activate galera replication. -# wsrep_cluster_address must only be set though, its value does not -# matter because it's overriden by the galera resource agent. -cat >> /etc/my.cnf.d/galera.cnf <<EOF -[mysqld] -wsrep_on = ON -wsrep_cluster_address = gcomm://localhost -EOF - -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - # Scripts run via heat have no HOME variable set and this confuses - # mysqladmin - export HOME=/root - - mkdir /var/lib/mysql || /bin/true - chown mysql:mysql /var/lib/mysql - chmod 0755 /var/lib/mysql - restorecon -R /var/lib/mysql/ - mysql_install_db --datadir=/var/lib/mysql --user=mysql - chown -R mysql:mysql /var/lib/mysql/ - - if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - mysqld_safe --wsrep-new-cluster & - # We have a populated /root/.my.cnf with root/password here so - # we need to temporarily rename it because the newly created - # db is empty and no root password is set - mv /root/.my.cnf /root/.my.cnf.temporary - timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' - mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" - mv /root/.my.cnf.temporary /root/.my.cnf - mysqladmin -u root shutdown - # The import was successful so we may remove the folder - rm -r "$MYSQL_BACKUP_DIR" - fi -fi - -# If we reached here without error we can safely blow away the origin -# mysql dir from every controller - -# TODO: What if the upgrade fails on the bootstrap node, but not on -# this controller. Data may be lost. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR -fi - -# Let's reset the stonith back to true if it was true, before starting the cluster -if [[ -n $(is_bootstrap_node) ]]; then - if [ -f /var/tmp/stonith-true ]; then - pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true - fi - rm -f /var/tmp/stonith-true -fi - -# Pin messages sent to compute nodes to kilo, these will be upgraded later -crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" -# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 -# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 -crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit -# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 -# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists -crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" -# LP: 1615035, required only for M/N upgrade. -crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager -# LP: 1627450, required only for M/N upgrade -crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler - -crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm - diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh deleted file mode 100755 index a3cbd945..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -set -eu - -cluster_form_timeout=600 -cluster_settle_timeout=1800 -galera_sync_timeout=600 - -if [[ -n $(is_bootstrap_node) ]]; then - pcs cluster start --all - - tstart=$(date +%s) - while pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_form_timeout )) ; then - echo_error "ERROR: timed out forming the cluster" - exit 1 - fi - done - - if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then - echo_error "ERROR: timed out waiting for cluster to finish transition" - exit 1 - fi - - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do - pcs resource enable $vip - check_resource_pacemaker $vip started 60 - done -fi - -start_or_enable_service galera -check_resource galera started 600 -start_or_enable_service redis -check_resource redis started 600 -# We need mongod which is now a systemd service up and running before calling -# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes -# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely -# we should be good. -# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm -systemctl start mongod -check_resource mongod started 600 - -if [[ -n $(is_bootstrap_node) ]]; then - tstart=$(date +%s) - while ! clustercheck; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > galera_sync_timeout )) ; then - echo_error "ERROR galera sync timed out" - exit 1 - fi - done - - # Run all the db syncs - # TODO: check if this can be triggered in puppet and removed from here - ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types - cinder-manage db sync - glance-manage db_sync - heat-manage --config-file /etc/heat/heat.conf db_sync - keystone-manage db_sync - neutron-db-manage upgrade heads - nova-manage db sync - nova-manage api_db sync - nova-manage db online_data_migrations - sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head -fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh deleted file mode 100755 index d2cb9553..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -eu - -start_or_enable_service rabbitmq -check_resource rabbitmq started 600 -start_or_enable_service redis -check_resource redis started 600 -start_or_enable_service openstack-cinder-volume -check_resource openstack-cinder-volume started 600 - -# start httpd so keystone is available for gnocchi -# upgrade to run. -systemctl start httpd - -# Swift isn't controled by pacemaker -systemctl_swift start diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh deleted file mode 100755 index fa95f1f8..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -eu - -if [[ -n $(is_bootstrap_node) ]]; then - # run gnocchi upgrade - gnocchi-upgrade -fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh deleted file mode 100755 index d569084d..00000000 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eu - -# We need to start the systemd services we explicitely stopped at step _1.sh -# FIXME: Should we let puppet during the convergence step do the service enabling or -# should we add it here? -services=$(services_to_migrate) -if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then - services=${services%%openstack-sahara*} -fi -for service in $services; do - manage_systemd_service start "${service%%-clone}" - check_resource_systemd "${service%%-clone}" started 600 -done diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml deleted file mode 100644 index 74d3be71..00000000 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ /dev/null @@ -1,175 +0,0 @@ -heat_template_version: ocata -description: 'Upgrade for Pacemaker deployments' - -parameters: - servers: - type: json - input_values: - type: json - description: input values for the software deployments - - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' - MySqlMajorUpgrade: - type: string - description: Can be auto,yes,no and influences if the major upgrade should do or detect an automatic mysql upgrade - constraints: - - allowed_values: ['auto', 'yes', 'no'] - default: 'auto' - KeepSaharaServicesOnUpgrade: - type: boolean - default: true - description: Whether to keep Sahara services when upgrading controller nodes from mitaka to newton - - -resources: - # TODO(jistr): for Mitaka->Newton upgrades and further we can use - # map_merge with input_values instead of feeding params into scripts - # via str_replace on bash snippets - - ControllerPacemakerUpgradeConfig_Step1: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' - params: - UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - - str_replace: - template: | - #!/bin/bash - mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' - params: - MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_check.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_1.sh - - ControllerPacemakerUpgradeDeployment_Step1: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} - input_values: {get_param: input_values} - - ControllerPacemakerUpgradeConfig_Step2: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' - params: - UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - - str_replace: - template: | - #!/bin/bash - mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' - params: - MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_check.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_2.sh - - ControllerPacemakerUpgradeDeployment_Step2: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step1 - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} - input_values: {get_param: input_values} - - ControllerPacemakerUpgradeConfig_Step3: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_3.sh - - ControllerPacemakerUpgradeDeployment_Step3: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step2 - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step3} - input_values: {get_param: input_values} - - ControllerPacemakerUpgradeConfig_Step4: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_4.sh - - ControllerPacemakerUpgradeDeployment_Step4: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step3 - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step4} - input_values: {get_param: input_values} - - ControllerPacemakerUpgradeConfig_Step5: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_5.sh - - ControllerPacemakerUpgradeDeployment_Step5: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step4 - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step5} - input_values: {get_param: input_values} - - ControllerPacemakerUpgradeConfig_Step6: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - keep_sahara_services_on_upgrade='KEEP_SAHARA_SERVICES_ON_UPGRADE' - params: - KEEP_SAHARA_SERVICES_ON_UPGRADE: {get_param: KeepSaharaServicesOnUpgrade} - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_6.sh - - ControllerPacemakerUpgradeDeployment_Step6: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step5 - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step6} - input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh deleted file mode 100644 index ae22a1e7..00000000 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/bash - -# Special pieces of upgrade migration logic go into this -# file. E.g. Pacemaker cluster transitions for existing deployments, -# matching changes to overcloud_controller_pacemaker.pp (Puppet -# handles deployment, this file handles migrations). -# -# This file shouldn't execute any action on its own, all logic should -# be wrapped into bash functions. Upgrade scripts will source this -# file and call the functions defined in this file where appropriate. -# -# The migration functions should be idempotent. If the migration has -# been already applied, it should be possible to call the function -# again without damaging the deployment or failing the upgrade. - -# If the major version of mysql is going to change after the major -# upgrade, the database must be upgraded on disk to avoid failures -# due to internal incompatibilities between major mysql versions -# https://bugs.launchpad.net/tripleo/+bug/1587449 -# This function detects whether a database upgrade is required -# after a mysql package upgrade. It returns 0 when no major upgrade -# has to take place, 1 otherwise. -function is_mysql_upgrade_needed { - # The name of the package which provides mysql might differ - # after the upgrade. Consider the generic package name, which - # should capture the major version change (e.g. 5.5 -> 10.1) - local name="mariadb" - local output - local ret - set +e - output=$(yum -q check-update $name) - ret=$? - set -e - if [ $ret -ne 100 ]; then - # no updates so we exit - echo "0" - return - fi - - local currentepoch=$(rpm -q --qf "%{epoch}" $name) - local currentversion=$(rpm -q --qf "%{version}" $name | cut -d. -f-2) - local currentrelease=$(rpm -q --qf "%{release}" $name) - local newoutput=$(repoquery -a --pkgnarrow=updates --qf "%{epoch} %{version} %{release}\n" $name) - local newepoch=$(echo "$newoutput" | awk '{ print $1 }') - local newversion=$(echo "$newoutput" | awk '{ print $2 }' | cut -d. -f-2) - local newrelease=$(echo "$newoutput" | awk '{ print $3 }') - - # With this we trigger the dump restore/path if we change either epoch or - # version in the package If only the release tag changes we do not do it - # FIXME: we could refine this by trying to parse the mariadb version - # into X.Y.Z and trigger the update only if X and/or Y change. - output=$(python -c "import rpm; rc = rpm.labelCompare((\"$currentepoch\", \"$currentversion\", None), (\"$newepoch\", \"$newversion\", None)); print rc") - if [ "$output" != "-1" ]; then - echo "0" - return - fi - echo "1" -} - -# This function returns the list of services to be migrated away from pacemaker -# and to systemd. The reason to have these services in a separate function is because -# this list is needed in three different places: major_upgrade_controller_pacemaker_{1,2} -# and in the function to migrate the cluster from full HA to HA NG -function services_to_migrate { - # The following PCMK resources the ones the we are going to delete - PCMK_RESOURCE_TODELETE=" - httpd-clone - memcached-clone - mongod-clone - neutron-dhcp-agent-clone - neutron-l3-agent-clone - neutron-metadata-agent-clone - neutron-netns-cleanup-clone - neutron-openvswitch-agent-clone - neutron-ovs-cleanup-clone - neutron-server-clone - openstack-aodh-evaluator-clone - openstack-aodh-listener-clone - openstack-aodh-notifier-clone - openstack-ceilometer-central-clone - openstack-ceilometer-collector-clone - openstack-ceilometer-notification-clone - openstack-cinder-api-clone - openstack-cinder-scheduler-clone - openstack-glance-api-clone - openstack-gnocchi-metricd-clone - openstack-gnocchi-statsd-clone - openstack-heat-api-cfn-clone - openstack-heat-api-clone - openstack-heat-api-cloudwatch-clone - openstack-heat-engine-clone - openstack-nova-api-clone - openstack-nova-conductor-clone - openstack-nova-consoleauth-clone - openstack-nova-novncproxy-clone - openstack-nova-scheduler-clone - openstack-sahara-api-clone - openstack-sahara-engine-clone - " - echo $PCMK_RESOURCE_TODELETE -} - -# This function will migrate a mitaka system where all the resources are managed -# via pacemaker to a newton setup where only a few services will be managed by pacemaker -# On a high-level it will operate as follows: -# 1. Set the cluster in maintenance-mode so no start/stop action will actually take place -# during the conversion -# 2. Remove all the colocation constraints and then the ordering constraints, except the -# ones related to haproxy/VIPs which exist in Newton as well -# 3. Take the cluster out of maintenance-mode -# 4. Remove all the resources that won't be managed by pacemaker in newton. The -# outcome will be -# that they are stopped and removed from pacemakers control -# 5. Do a resource cleanup to make sure the cluster is in a clean state -function migrate_full_to_ng_ha { - if [[ -n $(pcmk_running) ]]; then - pcs property set maintenance-mode=true - - # First we go through all the colocation constraints (except the ones - # we want to keep, i.e. the haproxy/ip ones) and we remove those - COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) - for constraint in $COL_CONSTRAINTS; do - log_debug "Deleting colocation constraint $constraint from CIB" - pcs constraint remove "$constraint" - done - - # Now we kill all the ordering constraints (except the haproxy/ip ones) - ORD_CONSTRAINTS=$(pcs config show | sed -n '/^Ordering Constraints:/,/^Colocation Constraints:$/p' | grep -v "Ordering Constraints:" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) - for constraint in $ORD_CONSTRAINTS; do - log_debug "Deleting ordering constraint $constraint from CIB" - pcs constraint remove "$constraint" - done - # At this stage all the pacemaker resources are removed from the CIB. - # Once we remove the maintenance-mode those systemd resources will keep - # on running. They shall be systemd enabled via the puppet converge - # step later on - pcs property set maintenance-mode=false - - # At this stage there are no constraints whatsoever except the haproxy/ip ones - # which we want to keep. We now disable and then delete each resource - # that will move to systemd. - # We want the systemd resources be stopped before doing "yum update", - # that way "systemctl try-restart <service>" is no-op because the - # service was down already - PCS_STATUS_OUTPUT="$(pcs status)" - for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do - if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then - log_debug "Deleting $resource from the CIB" - if ! pcs resource disable "$resource" --wait=600; then - echo_error "ERROR: resource $resource failed to be disabled" - exit 1 - fi - pcs resource delete --force "$resource" - else - log_debug "Service $resource not found as a pacemaker resource, not trying to delete." - fi - done - - # We need to do a pcs resource cleanup here + crm_resource --wait to - # make sure the cluster is in a clean state before we stop everything, - # upgrade and restart everything - pcs resource cleanup - # We are making sure here that the cluster is stable before proceeding - if ! timeout -k 10 600 crm_resource --wait; then - echo_error "ERROR: cluster remained unstable after resource cleanup for more than 600 seconds, exiting." - exit 1 - fi - fi -} - -function disable_standalone_ceilometer_api { - if [[ -n $(is_bootstrap_node) ]]; then - if [[ -n $(is_pacemaker_managed openstack-ceilometer-api) ]]; then - # Disable pacemaker resources for ceilometer-api - manage_pacemaker_service disable openstack-ceilometer-api - check_resource_pacemaker openstack-ceilometer-api stopped 600 - pcs resource delete openstack-ceilometer-api --wait=600 - fi - fi -} - - -# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton -# In newton we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" -# In ocata we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" -# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) -# Note that changing an attribute like this makes the rabbitmq resource restart -function rabbitmq_newton_ocata_upgrade { - if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then - # Number of controller is obtained by counting how many hostnames we - # have in controller_node_names hiera key - nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) - nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) - if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then - echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" - exit 1 - fi - pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 - fi -} diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml deleted file mode 100644 index 45933fb7..00000000 --- a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml +++ /dev/null @@ -1,25 +0,0 @@ -heat_template_version: ocata - -description: > - Software-config for performing aodh data migration - -parameters: - servers: - type: json - input_values: - type: json - description: input values for the software deployments -resources: - - AodhMysqlMigrationScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: aodh_data_migration.sh} - - AodhMysqlMigrationScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: AodhMysqlMigrationScriptConfig} - input_values: {get_param: input_values} diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp deleted file mode 100644 index a8d43663..00000000 --- a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This puppet manifest is to be used only during a Mitaka->Newton upgrade -# It configures ceilometer to be run under httpd but it makes sure to not -# restart any services. This snippet needs to be called before init as a -# pre upgrade migration. - -Service <| - tag == 'ceilometer-service' -|> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', -} - -if $::hostname == downcase(hiera('bootstrap_nodeid')) { - $pacemaker_master = true - $sync_db = true -} else { - $pacemaker_master = false - $sync_db = false -} - -include ::tripleo::packages - - -if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') -} else { - $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') -} -$mongodb_replset = hiera('mongodb::server::replset') -$mongo_node_string = join($mongo_node_ips_with_port, ',') -$database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - -$rabbit_hosts = hiera('rabbitmq_node_ips', undef) -$rabbit_port = hiera('ceilometer::rabbit_port', 5672) -$rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") - -class { '::ceilometer' : - rabbit_hosts => $rabbit_endpoints, -} - -class {'::ceilometer::db': - database_connection => $database_connection, -} - -if $sync_db { - include ::ceilometer::db::sync -} - -include ::ceilometer::config - -class { '::ceilometer::api': - enabled => true, - service_name => 'httpd', - keystone_password => hiera('ceilometer::keystone::auth::password'), - identity_uri => hiera('ceilometer::keystone::authtoken::auth_url'), - auth_uri => hiera('ceilometer::keystone::authtoken::auth_uri'), - keystone_tenant => hiera('ceilometer::keystone::authtoken::project_name'), -} - -class { '::apache' : - service_enable => false, - service_manage => true, - service_restart => '/bin/true', - purge_configs => false, - purge_vhost_dir => false, -} - -# To ensure existing ports are not overridden -class { '::aodh::wsgi::apache': - servername => $::hostname, - ssl => false, -} -class { '::gnocchi::wsgi::apache': - servername => $::hostname, - ssl => false, -} - -class { '::keystone::wsgi::apache': - servername => $::hostname, - ssl => false, -} -class { '::ceilometer::wsgi::apache': - servername => $::hostname, - ssl => false, -} diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index aae4a2de..4480f74d 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -299,9 +299,10 @@ function systemctl_swift { } # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +# Update condition and add --notriggerun for +bug/1669714 function special_case_ovs_upgrade_if_needed { - if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" + if rpm -qa | grep "^openvswitch-2.5.0-14" || rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart" ; then + echo "Manual upgrade of openvswitch - ovs-2.5.0-14 or restart in postun detected" rm -rf OVS_UPGRADE mkdir OVS_UPGRADE && pushd OVS_UPGRADE echo "Attempting to downloading latest openvswitch with yumdownloader" @@ -310,8 +311,8 @@ function special_case_ovs_upgrade_if_needed { if rpm -U --test $pkg 2>&1 | grep "already installed" ; then echo "Looks like newer version of $pkg is already installed, skipping" else - echo "Updating $pkg with nopostun option" - rpm -U --replacepkgs --nopostun $pkg + echo "Updating $pkg with --nopostun --notriggerun" + rpm -U --replacepkgs --nopostun --notriggerun $pkg fi done popd diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index c2565410..a5a312dc 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -28,37 +28,43 @@ SCRIPT_NAME=$(basename $0) $(declare -f log_debug) $(declare -f manage_systemd_service) $(declare -f systemctl_swift) +$(declare -f special_case_ovs_upgrade_if_needed) # pin nova messaging +-1 for the nova-compute service if [[ -n \$NOVA_COMPUTE ]]; then crudini --set /etc/nova/nova.conf upgrade_levels compute auto fi -$(declare -f special_case_ovs_upgrade_if_needed) special_case_ovs_upgrade_if_needed -yum -y install python-zaqarclient # needed for os-collect-config if [[ -n \$SWIFT_STORAGE ]]; then systemctl_swift stop fi + yum -y update + if [[ -n \$SWIFT_STORAGE ]]; then systemctl_swift start fi # Due to bug#1640177 we need to restart compute agent if [[ -n \$NOVA_COMPUTE ]]; then - echo "Restarting openstack ceilometer agent compute" + log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade $(declare -f run_puppet) for step in 1 2 3 4 5 6; do + log_debug "Running puppet step \$step for ${ROLE}" if ! run_puppet /root/${ROLE}_puppet_config.pp ${ROLE} \${step}; then - echo "Puppet failure at step \${step}" + log_debug "Puppet failure at step \${step}" exit 1 fi + log_debug "Completed puppet step \$step" done + +log_debug "TripleO upgrade run completed." + ENDOFCAT # ensure the permissions are OK diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index c66dd01f..ad368278 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -47,7 +47,10 @@ if [[ "$list_updates" == "" ]]; then exit 0 fi -pacemaker_status=$(systemctl is-active pacemaker || :) +pacemaker_status="" +if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then + pacemaker_status=$(systemctl is-active pacemaker) +fi # Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455 # and https://bugs.launchpad.net/tripleo/+bug/1634851 @@ -67,7 +70,7 @@ if [[ "$pacemaker_status" == "active" && \ fi fi -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +# special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714 special_case_ovs_upgrade_if_needed if [[ "$pacemaker_status" == "active" ]] ; then @@ -97,17 +100,6 @@ return_code=$? echo "$result" echo "yum return code: $return_code" -# Writes any changes caused by alterations to os-net-config and bounces the -# interfaces *before* restarting the cluster. -os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes -RETVAL=$? -if [[ $RETVAL == 2 ]]; then - echo "os-net-config: interface configuration files updated successfully" -elif [[ $RETVAL != 0 ]]; then - echo "ERROR: os-net-config configuration failed" - exit $RETVAL -fi - if [[ "$pacemaker_status" == "active" ]] ; then echo "Starting cluster node" pcs cluster start @@ -124,15 +116,19 @@ if [[ "$pacemaker_status" == "active" ]] ; then fi done - tstart=$(date +%s) - while ! clustercheck; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > galera_sync_timeout )) ; then - echo "ERROR galera sync timed out" - exit 1 - fi - done + RETVAL=$( pcs resource show galera-master | grep wsrep_cluster_address | grep -q `crm_node -n` ; echo $? ) + + if [[ $RETVAL -eq 0 && -e /etc/sysconfig/clustercheck ]]; then + tstart=$(date +%s) + while ! clustercheck; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > galera_sync_timeout )) ; then + echo "ERROR galera sync timed out" + exit 1 + fi + done + fi echo "Waiting for pacemaker cluster to settle" if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 5b2ca4a2..927f1d0c 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -243,6 +243,12 @@ resources: NetIpMap: {get_attr: [VipMap, net_ip_map]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMapData: + type: OS::Heat::Value + properties: + type: json + value: {get_attr: [EndpointMap, endpoint_map]} + # Jinja loop for Role in roles_data.yaml {% for role in roles %} # Resources generated for {{role.name}} Role @@ -561,12 +567,24 @@ resources: PingTestIps: list_join: - ' ' - - - {get_attr: [{{primary_role_name}}, resource.0.external_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.internal_api_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.storage_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.storage_mgmt_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.tenant_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.management_ip_address]} + - - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, external_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, internal_api_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, storage_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, storage_mgmt_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, tenant_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, management_ip_address]} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow @@ -622,7 +640,7 @@ outputs: value: true KeystoneURL: description: URL for the Overcloud Keystone service - value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} + value: {get_attr: [EndpointMapData, value, KeystonePublic, uri]} KeystoneAdminVip: description: Keystone Admin VIP endpoint value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} @@ -631,7 +649,7 @@ outputs: Mapping of the resources with the needed info for their endpoints. This includes the protocol used, the IP, port and also a full representation of the URI. - value: {get_attr: [EndpointMap, endpoint_map]} + value: {get_attr: [EndpointMapData, value]} HostsEntry: description: | The content that should be appended to your /etc/hosts if you want to get diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index a5218dbe..51f9abac 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -448,6 +448,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: name: UpdateDeployment config: {get_resource: UpdateConfig} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 0867e17f..d7d7f478 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -460,6 +460,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: config: {get_resource: UpdateConfig} server: {get_resource: CephStorage} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 1a0294af..ebdd762d 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -483,6 +483,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: name: UpdateDeployment config: {get_resource: UpdateConfig} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 825006ba..2f4f583c 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -523,6 +523,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: name: UpdateDeployment config: {get_resource: UpdateConfig} diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 3daf3fd3..b6d1239a 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -53,41 +53,40 @@ resources: NetworkMidoNetConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - midonet_data: - mapped_data: - enable_zookeeper_on_controller: {get_param: EnableZookeeperOnController} - enable_cassandra_on_controller: {get_param: EnableCassandraOnController} - midonet_tunnelzone_name: {get_param: TunnelZoneName} - midonet_tunnelzone_type: {get_param: TunnelZoneType} - midonet_libvirt_qemu_data: | - user = "root" - group = "root" - cgroup_device_acl = [ - "/dev/null", "/dev/full", "/dev/zero", - "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", "/dev/kqemu", - "/dev/rtc","/dev/hpet", "/dev/vfio/vfio", - "/dev/net/tun" - ] - tripleo::cluster::cassandra::storage_port: {get_param: CassandraStoragePort} - tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort} - tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort} - tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift} - tripleo::haproxy::midonet_api: true - # Missed Neutron Puppet data - neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver' - neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver' - neutron::plugins::midonet::midonet_api_port: 8081 - neutron::params::midonet_server_package: 'python-networking-midonet' + datafiles: + midonet_data: + mapped_data: + enable_zookeeper_on_controller: {get_param: EnableZookeeperOnController} + enable_cassandra_on_controller: {get_param: EnableCassandraOnController} + midonet_tunnelzone_name: {get_param: TunnelZoneName} + midonet_tunnelzone_type: {get_param: TunnelZoneType} + midonet_libvirt_qemu_data: | + user = "root" + group = "root" + cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc","/dev/hpet", "/dev/vfio/vfio", + "/dev/net/tun" + ] + tripleo::cluster::cassandra::storage_port: {get_param: CassandraStoragePort} + tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort} + tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort} + tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift} + tripleo::haproxy::midonet_api: true + # Missed Neutron Puppet data + neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver' + neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver' + neutron::plugins::midonet::midonet_api_port: 8081 + neutron::params::midonet_server_package: 'python-networking-midonet' - # Make sure the l3 agent does not run - l3_agent_service: false - neutron::agents::l3::manage_service: false - neutron::agents::l3::enabled: false + # Make sure the l3 agent does not run + l3_agent_service: false + neutron::agents::l3::manage_service: false + neutron::agents::l3::enabled: false NetworkMidonetDeploymentControllers: diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 9b900bc4..b05fa636 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -101,31 +101,30 @@ resources: NetworkCiscoConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - neutron_cisco_data: - mapped_data: - neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip} - neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username} - neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password} - neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list} - neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs} - neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig} - neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork} - neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix} - neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin} - neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix} - neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig} - neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime} - neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount} - neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate} - neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk} - neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig} - neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks} - neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges} - neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges} + datafiles: + neutron_cisco_data: + mapped_data: + neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip} + neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username} + neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password} + neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list} + neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs} + neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig} + neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork} + neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin} + neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig} + neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime} + neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk} + neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig} + neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks} + neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges} + neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges} NetworkCiscoDeployment: type: OS::Heat::StructuredDeployments diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml index 7fe2a842..e3f4cce6 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -20,14 +20,22 @@ resources: NeutronBigswitchConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - neutron_bigswitch_data: - mapped_data: - neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} - neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + # NOTE(aschultz): required for the puppet module but we don't + # actually want them defined on the compute nodes so we're + # relying on the puppet module's handling of <SERVICE DEFAULT> + # to just not set these but still accept that they were defined. + # This will should be fixed in puppet-neutron and removed here, + # but for backportability, we need to define something. + neutron::plugins::ml2::bigswitch::restproxy::servers: '<SERVICE DEFAULT>' + neutron::plugins::ml2::bigswitch::restproxy::server_auth: '<SERVICE DEFAULT>' + NeutronBigswitchDeployment: type: OS::Heat::StructuredDeployment diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml index 47c782c7..1d16e909 100644 --- a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml +++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml @@ -50,22 +50,21 @@ resources: NovaNuageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - nova_nuage_data: - mapped_data: - nuage::vrs::active_controller: {get_input: ActiveController} - nuage::vrs::standby_controller: {get_input: StandbyController} - nuage::metadataagent::metadata_port: {get_input: MetadataPort} - nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort} - nuage::metadataagent::metadata_secret: {get_input: SharedSecret} - nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion} - nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername} - nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs} - nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType} - nuage::metadataagent::nova_region_name: {get_input: NovaRegionName} + datafiles: + nova_nuage_data: + mapped_data: + nuage::vrs::active_controller: {get_input: ActiveController} + nuage::vrs::standby_controller: {get_input: StandbyController} + nuage::metadataagent::metadata_port: {get_input: MetadataPort} + nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort} + nuage::metadataagent::metadata_secret: {get_input: SharedSecret} + nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion} + nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername} + nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs} + nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType} + nuage::metadataagent::nova_region_name: {get_input: NovaRegionName} NovaNuageDeployment: type: OS::Heat::StructuredDeployment diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 763ae39a..378f7f98 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -91,35 +91,34 @@ resources: CinderNetappConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - cinder_netapp_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} - cinder::backend::netapp::title: {get_input: NetappBackendName} - cinder::backend::netapp::netapp_login: {get_input: NetappLogin} - cinder::backend::netapp::netapp_password: {get_input: NetappPassword} - cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname} - cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort} - cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier} - cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily} - cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol} - cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType} - cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler} - cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList} - cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver} - cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName} - cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares} - cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig} - cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions} - cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath} - cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} - cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} - cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} - cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} + datafiles: + cinder_netapp_data: + mapped_data: + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} + cinder::backend::netapp::title: {get_input: NetappBackendName} + cinder::backend::netapp::netapp_login: {get_input: NetappLogin} + cinder::backend::netapp::netapp_password: {get_input: NetappPassword} + cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname} + cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort} + cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier} + cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily} + cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol} + cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType} + cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler} + cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList} + cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver} + cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName} + cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares} + cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig} + cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions} + cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath} + cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} + cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} + cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} + cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} + cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} CinderNetappDeployment: type: OS::Heat::StructuredDeployment diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 0f4806db..e7d0b830 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -6,6 +6,14 @@ parameters: server: description: ID of the controller node to apply this config to type: string + NeutronBigswitchAgentEnabled: + description: The state of the neutron-bsn-agent service. + type: boolean + default: true + NeutronBigswitchLLDPEnabled: + description: The state of the neutron-bsn-lldp service. + type: boolean + default: false NeutronBigswitchRestproxyServers: description: 'Big Switch controllers ("IP:port,IP:port")' type: string @@ -38,19 +46,20 @@ resources: NeutronBigswitchConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - neutron_bigswitch_data: - mapped_data: - neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} - neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} - neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} - neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval} - neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id} - neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl} - neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory} + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} + neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} + neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} + neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval} + neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id} + neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl} + neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory} NeutronBigswitchDeployment: type: OS::Heat::StructuredDeployment @@ -59,6 +68,8 @@ resources: config: {get_resource: NeutronBigswitchConfig} server: {get_param: server} input_values: + neutron_enable_bigswitch_agent: {get_param: NeutronBigswitchAgentEnabled} + neutron_enable_bigswitch_lldp: {get_param: NeutronBigswitchLLDPEnabled} restproxy_servers: {get_param: NeutronBigswitchRestproxyServers} restproxy_server_auth: {get_param: NeutronBigswitchRestproxyServerAuth } restproxy_auto_sync_on_failure: {get_param: NeutronBigswitchRestproxyAutoSyncOnFailure} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml index 6eae812f..bca6010a 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml @@ -96,48 +96,47 @@ resources: CiscoN1kvConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - cisco_n1kv_data: - mapped_data: - #enable_cisco_n1kv: {get_input: EnableCiscoN1kv} - # VEM Parameters - n1kv_vem_source: {get_input: n1kv_vem_source} - n1kv_vem_version: {get_input: n1kv_vem_version} - neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} - neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id} - neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6} - neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf} - neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile} - neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config} - neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb} - neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet} - neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood} - #VSM Parameter - n1kv_vsm_source: {get_input: n1kv_vsm_source} - n1kv_vsm_version: {get_input: n1kv_vsm_version} - n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf} - n1k_vsm::vsm_role: {get_input: n1kv_vsm_role} - n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl} - n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br} - n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password} - n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id} - n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip} - n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask} - n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip} - n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip} - n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan} - # Cisco N1KV driver Parameters - neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} - neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username} - neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password} - neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration} - neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size} - neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout} - neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval} - neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries} + datafiles: + cisco_n1kv_data: + mapped_data: + #enable_cisco_n1kv: {get_input: EnableCiscoN1kv} + # VEM Parameters + n1kv_vem_source: {get_input: n1kv_vem_source} + n1kv_vem_version: {get_input: n1kv_vem_version} + neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id} + neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6} + neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf} + neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile} + neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config} + neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb} + neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet} + neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood} + #VSM Parameter + n1kv_vsm_source: {get_input: n1kv_vsm_source} + n1kv_vsm_version: {get_input: n1kv_vsm_version} + n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf} + n1k_vsm::vsm_role: {get_input: n1kv_vsm_role} + n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl} + n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br} + n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password} + n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id} + n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip} + n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask} + n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip} + n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip} + n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan} + # Cisco N1KV driver Parameters + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password} + neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration} + neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size} + neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval} + neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries} CiscoN1kvDeployment: type: OS::Heat::StructuredDeployment diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 6f2dd684..5aba90e8 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -65,18 +65,21 @@ resources: - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" - - " systemctl restart openstack-nova-compute\n\n" - - "fi\n\n" - str_replace: template: | crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME' crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' - ROLE='ROLE_NAME' params: SERVICE_PASSWORD: { get_param: NovaPassword } REGION_NAME: { get_param: KeystoneRegion } AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + - " systemctl restart openstack-nova-compute\n\n" + - "fi\n\n" + - str_replace: + template: | + ROLE='ROLE_NAME' + params: ROLE_NAME: {{role.name}} - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh - get_file: ../extraconfig/tasks/run_puppet.sh diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 172484dc..6ee06d78 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -447,6 +447,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: config: {get_resource: UpdateConfig} server: {get_resource: SwiftStorage} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 4eca2333..cfa70f79 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -43,7 +43,9 @@ {% for step in range(1, 6) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} + {% if step == 1 and role.name == 'Controller' %} + depends_on: [ControllerPrePuppet, {{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% elif step == 1 and role.name != 'Controller' %} depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] {% else %} depends_on: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 2e1bd6f1..1f68f41f 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -481,6 +481,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment properties: config: {get_resource: UpdateConfig} server: {get_resource: {{role}}} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d9afe602..a61e971a 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -87,9 +87,22 @@ step, "step2" for the second, etc. Steps/tages correlate to the following: - 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster - - 2) Stop all control-plane services, ready for upgrade + 1) Stop all control-plane services. + + 2) Quiesce the control-plane, e.g disable LoadBalancer, stop + pacemaker cluster: this will stop the following resource: + - ocata: + - galera + - rabbit + - redis + - haproxy + - vips + - cinder-volumes + - cinder-backup + - manilla-share + - rbd-mirror + + The exact order is controlled by the cluster constraints. 3) Perform a package update and install new packages: A general upgrade is done, and only new package should go into service diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 4bd9fc47..d7c87b61 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -87,5 +87,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop aodh_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 56dbb558..b8be4a91 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::evaluator upgrade_tasks: + - name: Check if aodh_evaluator is deployed + command: systemctl is-enabled openstack-aodh-evaluator + tags: common + ignore_errors: True + register: aodh_evaluator_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-evaluator is running" shell: /usr/bin/systemctl show 'openstack-aodh-evaluator' --property ActiveState | grep '\bactive\b' + when: aodh_evaluator_enabled.rc == 0 tags: step0,validation - name: Stop aodh_evaluator service - tags: step2 + tags: step1 + when: aodh_evaluator_enabled.rc == 0 service: name=openstack-aodh-evaluator state=stopped diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index 76db0ca8..f5c9330d 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::listener upgrade_tasks: + - name: Check if aodh_listener is deployed + command: systemctl is-enabled openstack-aodh-listener + tags: common + ignore_errors: True + register: aodh_listener_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-listener is running" shell: /usr/bin/systemctl show 'openstack-aodh-listener' --property ActiveState | grep '\bactive\b' + when: aodh_listener_enabled.rc == 0 tags: step0,validation - name: Stop aodh_listener service - tags: step2 + tags: step1 + when: aodh_listener_enabled.rc == 0 service: name=openstack-aodh-listener state=stopped diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 30c67635..84c50dd6 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::notifier upgrade_tasks: + - name: Check if aodh_notifier is deployed + command: systemctl is-enabled openstack-aodh-notifier + tags: common + ignore_errors: True + register: aodh_notifier_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-notifier is running" shell: /usr/bin/systemctl show 'openstack-aodh-notifier' --property ActiveState | grep '\bactive\b' + when: aodh_notifier_enabled.rc == 0 tags: step0,validation - name: Stop aodh_notifier service - tags: step2 + tags: step1 + when: aodh_notifier_enabled.rc == 0 service: name=openstack-aodh-notifier state=stopped diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 4c21e02a..4c94f440 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -64,6 +64,12 @@ outputs: for_each: $NETWORK: {get_attr: [ApacheNetworks, value]} upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled - name: "PreUpgrade step0,validation: Check service httpd is running" shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + when: httpd_enabled.rc == 0 tags: step0,validation diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 74ddbde8..2d950151 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -67,6 +67,12 @@ outputs: metadata_settings: get_attr: [ApacheTLS, role_data, metadata_settings] upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled - name: "PreUpgrade step0,validation: Check service httpd is running" shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + when: httpd_enabled.rc == 0 tags: step0,validation diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml index 639631e1..8085ac8b 100644 --- a/puppet/services/auditd.yaml +++ b/puppet/services/auditd.yaml @@ -32,3 +32,19 @@ outputs: auditd::rules: {get_param: AuditdRules} step_config: | include ::tripleo::profile::base::auditd + upgrade_tasks: + - name: Check if auditd is deployed + command: systemctl is-enabled auditd + tags: common + ignore_errors: True + register: auditd_enabled + - name: "PreUpgrade step0,validation: Check if auditd is running" + shell: > + /usr/bin/systemctl show 'auditd' --property ActiveState | + grep '\bactive\b' + when: auditd_enabled.rc == 0 + tags: step0,validation + - name: Stop auditd service + tags: step2 + when: auditd_enabled.rc == 0 + service: name=auditd state=stopped diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index ffc4c83a..cba92415 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -146,6 +146,16 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: Check if barbican_api is deployed + command: systemctl is-enabled openstack-barbican-api + tags: common + ignore_errors: True + register: barbican_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' + when: barbican_api_enabled.rc == 0 tags: step0,validation + - name: Install openstack-barbican-api package if it was disabled + tags: step3 + yum: name=openstack-barbican-api state=latest + when: barbican_api_enabled.rc != 0 diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index cf8a8a8e..162da180 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -55,9 +55,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::central upgrade_tasks: + - name: Check if ceilometer_agent_central is deployed + command: systemctl is-enabled openstack-ceilometer-central + tags: common + ignore_errors: True + register: ceilometer_agent_central_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-central is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-central' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_central_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_central service - tags: step2 + tags: step1 + when: ceilometer_agent_central_enabled.rc == 0 service: name=openstack-ceilometer-central state=stopped diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 00042914..9675f4a1 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -49,9 +49,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::compute upgrade_tasks: + - name: Check if ceilometer_agent_compute is deployed + command: systemctl is-enabled openstack-ceilometer-compute + tags: common + ignore_errors: True + register: ceilometer_agent_compute_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-compute is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-compute' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_compute_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_compute service - tags: step2 + tags: step1 + when: ceilometer_agent_compute_enabled.rc == 0 service: name=openstack-ceilometer-compute state=stopped diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 760acd65..4ee43f49 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -50,9 +50,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::notification upgrade_tasks: + - name: Check if ceilometer_agent_notification is deployed + command: systemctl is-enabled openstack-ceilometer-notification + tags: common + ignore_errors: True + register: ceilometer_agent_notification_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-notification is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-notification' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_notification_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_notification service - tags: step2 + tags: step1 + when: ceilometer_agent_notification_enabled.rc == 0 service: name=openstack-ceilometer-notification state=stopped diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 741f8da1..f5ee9d40 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -94,5 +94,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop ceilometer_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 874c6893..3eb1d815 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -37,7 +37,7 @@ parameters: constraints: - allowed_values: ['gnocchi', 'database'] CeilometerEventDispatcher: - default: ['gnocchi'] + default: ['panko', 'gnocchi'] description: Comma-separated list of Dispatchers to process events data type: comma_delimited_list constraints: @@ -76,6 +76,11 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + CeilometerApiEndpoint: + default: true + description: Whether to create or skip API endpoint. Set this to + false, if you choose to disable Ceilometer API service. + type: boolean outputs: role_data: @@ -83,6 +88,7 @@ outputs: value: service_name: ceilometer_base config_settings: + ceilometer_auth_enabled: true ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: @@ -129,6 +135,7 @@ outputs: ceilometer::keystone::auth::password: {get_param: CeilometerPassword} ceilometer::keystone::auth::region: {get_param: KeystoneRegion} ceilometer::keystone::auth::tenant: 'service' + ceilometer::keystone::auth::configure_endpoint: {get_param: CeilometerApiEndpoint} mysql: ceilometer::db::mysql::password: {get_param: CeilometerPassword} ceilometer::db::mysql::user: ceilometer diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index a219f9eb..b0ec971f 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -60,9 +60,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::collector upgrade_tasks: + - name: Check if ceilometer_collector is deployed + command: systemctl is-enabled openstack-ceilometer-collector + tags: common + ignore_errors: True + register: ceilometer_collector_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-collector is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-collector' --property ActiveState | grep '\bactive\b' + when: ceilometer_collector_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_collector service - tags: step2 + tags: step1 + when: ceilometer_collector_enabled.rc == 0 service: name=openstack-ceilometer-collector state=stopped diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index c5b29c7e..01531971 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -79,14 +79,21 @@ outputs: ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} upgrade_tasks: - name: Gather RGW instance ID - tags: step0 + tags: common shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway register: rgw_id + - name: Check if ceph_rgw is deployed + command: systemctl is-enabled ceph-radosgw@{{rgw_id.stdout}} + tags: common + ignore_errors: True + register: ceph_rgw_enabled - name: Check status shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b' + when: ceph_rgw_enabled.rc == 0 tags: step0,validation - name: Stop RGW instance tags: step1 + when: ceph_rgw_enabled.rc == 0 service: name: ceph-radosgw@{{rgw_id.stdout}} state: stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 8c5a07ac..c0ea7aaa 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -86,7 +86,8 @@ outputs: cinder::keystone::authtoken::project_name: 'service' cinder::api::enable_proxy_headers_parsing: true - cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + cinder::api::nova_catalog_info: 'compute:nova:internalURL' + cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL' # TODO(emilien) move it to puppet-cinder cinder::config: DEFAULT/swift_catalog_info: @@ -149,18 +150,25 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: Check if cinder_api is deployed + command: systemctl is-enabled openstack-cinder-api + tags: common + ignore_errors: True + register: cinder_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' + when: cinder_api_enabled.rc == 0 tags: step0,validation - name: check for cinder running under apache (post upgrade) - tags: step2 + tags: step1 shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder" register: cinder_apache ignore_errors: true - name: Stop cinder_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped when: "cinder_apache.rc == 0" - name: Stop and disable cinder_api service (pre-upgrade not under httpd) - tags: step2 + tags: step1 + when: cinder_api_enabled.rc == 0 service: name=openstack-cinder-api state=stopped enabled=no diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index f102810e..f8361f6f 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -52,9 +52,16 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::scheduler upgrade_tasks: + - name: Check if cinder_scheduler is deployed + command: systemctl is-enabled openstack-cinder-scheduler + tags: common + ignore_errors: True + register: cinder_scheduler_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-scheduler is running" shell: /usr/bin/systemctl show 'openstack-cinder-scheduler' --property ActiveState | grep '\bactive\b' + when: cinder_scheduler_enabled.rc == 0 tags: step0,validation - name: Stop cinder_scheduler service - tags: step2 + tags: step1 + when: cinder_scheduler_enabled.rc == 0 service: name=openstack-cinder-scheduler state=stopped diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 3a06afb8..26f1a96f 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -94,11 +94,7 @@ outputs: tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: - str_replace: - template: SERVERS - params: - SERVERS: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol} @@ -116,9 +112,16 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::volume upgrade_tasks: + - name: Check if cinder_volume is deployed + command: systemctl is-enabled openstack-cinder-volume + tags: common + ignore_errors: True + register: cinder_volume_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running" shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b' + when: cinder_volume_enabled.rc == 0 tags: step0,validation - name: Stop cinder_volume service - tags: step2 + tags: step1 + when: cinder_volume_enabled.rc == 0 service: name=openstack-cinder-volume state=stopped diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index aa8d9a9a..1b7d698d 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -65,9 +65,6 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/congress' - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - congress::keystone::auth::tenant: 'service' - congress::keystone::auth::password: {get_param: CongressPassword} - congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} congress::debug: {get_param: Debug} congress::rpc_backend: rabbit congress::rabbit_userid: {get_param: RabbitUserName} @@ -76,6 +73,10 @@ outputs: congress::rabbit_port: {get_param: RabbitClientPort} congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + congress::keystone::authtoken::project_name: 'service' + congress::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + congress::db::mysql::password: {get_param: CongressPassword} congress::db::mysql::user: congress congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -84,6 +85,33 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + service_config_settings: + keystone: + congress::keystone::auth::tenant: 'service' + congress::keystone::auth::region: {get_param: KeystoneRegion} + congress::keystone::auth::password: {get_param: CongressPassword} + congress::keystone::auth::public_url: {get_param: [EndpointMap, CongressPublic, uri]} + congress::keystone::auth::internal_url: {get_param: [EndpointMap, CongressInternal, uri]} + congress::keystone::auth::admin_url: {get_param: [EndpointMap, CongressAdmin, uri]} step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: Check if congress is deployed + command: systemctl is-enabled openstack-congress-server + tags: common + ignore_errors: True + register: congress_enabled + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + when: congress_enabled.rc == 0 + tags: step0,validation + - name: Stop congress service + tags: step1 + when: congress_enabled.rc == 0 + service: name=openstack-congress-server state=stopped + - name: Install openstack-congress package if it was disabled + tags: step3 + yum: name=openstack-congress state=latest + when: congress_enabled.rc != 0 diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 808f1353..7078b60f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -23,6 +23,10 @@ parameters: description: Configures MySQL max_connections config setting type: number default: 4096 + MysqlIncreaseFileLimit: + description: Flag to increase MySQL open-files-limit to 16384 + type: boolean + default: true MysqlRootPassword: type: string hidden: true @@ -96,6 +100,8 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::generate_dropin_file_limit: + {get_param: MysqlIncreaseFileLimit} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry.yaml index 4d22bddc..7bf4a1fd 100644 --- a/puppet/services/disabled/glance-registry.yaml +++ b/puppet/services/disabled/glance-registry.yaml @@ -26,5 +26,5 @@ outputs: service_name: glance_registry upgrade_tasks: - name: Stop and disable glance_registry service on upgrade - tags: step2 + tags: step1 service: name=openstack-glance-registry state=stopped enabled=no diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index bb10140e..70821396 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -115,3 +115,24 @@ outputs: ec2api::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Check if ec2-api is deployed + command: systemctl is-enabled openstack-ec2-api + tags: common + ignore_errors: True + register: ec2_api_enabled + - name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running" + shell: > + /usr/bin/systemctl show 'openstack-ec2-api' --property ActiveState | + grep '\bactive\b' + when: ec2_api_enabled.rc == 0 + tags: step0,validation + - name: Stop openstack-ec2-api service + tags: step1 + when: ec2_api_enabled.rc == 0 + service: name=openstack-ec2-api state=stopped + - name: Install openstack-ec2-api package if it was disabled + tags: step3 + yum: name=openstack-ec2-api state=latest + when: ec2_api_enabled.rc != 0 + diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index f96fa723..d2a0e302 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -19,9 +19,9 @@ parameters: via parameter_defaults in the resource registry. type: json EtcdInitialClusterToken: - default: 'etcd-tripleo' description: Initial cluster token for the etcd cluster during bootstrap. type: string + hidden: true MonitoringSubscriptionEtcd: default: 'overcloud-etcd' type: string @@ -56,3 +56,18 @@ outputs: - 2380 step_config: | include ::tripleo::profile::base::etcd + upgrade_tasks: + - name: Check if etcd is deployed + command: systemctl is-enabled etcd + tags: step0,validation + ignore_errors: True + register: etcd_enabled + - name: "PreUpgrade step0,validation: Check if etcd is running" + shell: > + /usr/bin/systemctl show 'etcd' --property ActiveState | + grep '\bactive\b' + when: etcd_enabled.rc == 0 + tags: step0,validation + - name: Stop etcd service + tags: step2 + service: name=etcd state=stopped diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index d26d96aa..ce389dc1 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -137,12 +137,26 @@ outputs: service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] upgrade_tasks: + - name: Check if glance_api is deployed + command: systemctl is-enabled openstack-glance-api + tags: common + ignore_errors: True + register: glance_api_enabled + #(TODO) Remove all glance-registry bits in Pike. + - name: Check if glance_registry is deployed + command: systemctl is-enabled openstack-glance-registry + tags: common + ignore_errors: True + register: glance_registry_enabled - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running" shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b' tags: step0,validation + when: glance_api_enabled.rc == 0 - name: Stop glance_api service - tags: step2 + tags: step1 + when: glance_api_enabled.rc == 0 service: name=openstack-glance-api state=stopped - name: Stop and disable glance registry (removed for Ocata) - tags: step2 + tags: step1 + when: glance_registry_enabled.rc == 0 service: name=openstack-glance-registry state=stopped enabled=no diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 22c0967e..08a939a6 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -129,5 +129,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop gnocchi_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 1337b0cb..9d76c2e7 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -47,9 +47,16 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::metricd upgrade_tasks: + - name: Check if gnocchi_metricd is deployed + command: systemctl is-enabled openstack-gnocchi-metricd + tags: common + ignore_errors: True + register: gnocchi_metricd_enabled - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-metricd is running" shell: /usr/bin/systemctl show 'openstack-gnocchi-metricd' --property ActiveState | grep '\bactive\b' + when: gnocchi_metricd_enabled.rc == 0 tags: step0,validation - name: Stop gnocchi_metricd service - tags: step2 + tags: step1 + when: gnocchi_metricd_enabled.rc == 0 service: name=openstack-gnocchi-metricd state=stopped diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 41222a79..bb8d3bce 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -46,9 +46,16 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::statsd upgrade_tasks: + - name: Check if gnocchi_statsd is deployed + command: systemctl is-enabled openstack-gnocchi-statsd + tags: common + ignore_errors: True + register: gnocchi_statsd_enabled - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-statsd is running" shell: /usr/bin/systemctl show 'openstack-gnocchi-statsd' --property ActiveState | grep '\bactive\b' + when: gnocchi_statsd_enabled.rc == 0 tags: step0,validation - name: Stop gnocchi_statsd service - tags: step2 + tags: step1 + when: gnocchi_statsd_enabled.rc == 0 service: name=openstack-gnocchi-statsd state=stopped diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 358698dd..bd5b9ef6 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -78,14 +78,22 @@ outputs: step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: + - name: Check if haproxy is deployed + command: systemctl is-enabled haproxy + tags: common + ignore_errors: True + register: haproxy_enabled - name: "PreUpgrade step0,validation: Check service haproxy is running" shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b' + when: haproxy_enabled.rc == 0 tags: step0,validation - name: Stop haproxy service - tags: step1 + tags: step2 + when: haproxy_enabled.rc == 0 service: name=haproxy state=stopped - name: Start haproxy service tags: step4 # Needed at step 4 for mysql + when: haproxy_enabled.rc == 0 service: name=haproxy state=started metadata_settings: yaql: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 3ae4cc70..483f0a45 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -85,9 +85,16 @@ outputs: heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: Check if heat_api_cfn is deployed + command: systemctl is-enabled openstack-heat-api-cfn + tags: common + ignore_errors: True + register: heat_api_cfn_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + when: heat_api_cfn_enabled.rc == 0 tags: step0,validation - name: Stop heat_api_cfn service - tags: step2 + tags: step1 + when: heat_api_cfn_enabled.rc == 0 service: name=openstack-heat-api-cfn state=stopped diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 56183535..8879bcb2 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -67,9 +67,16 @@ outputs: step_config: | include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: + - name: Check if heat_api_cloudwatch is deployed + command: systemctl is-enabled openstack-heat-api-cloudwatch + tags: common + ignore_errors: True + register: heat_api_cloudwatch_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + when: heat_api_cloudwatch_enabled.rc == 0 tags: step0,validation - name: Stop heat_api_cloudwatch service - tags: step2 + tags: step1 + when: heat_api_cloudwatch_enabled.rc == 0 service: name=openstack-heat-api-cloudwatch state=stopped diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 38c5b479..2464011b 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -85,9 +85,16 @@ outputs: heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: Check is heat_api is deployed + command: systemctl is-enabled openstack-heat-api + tags: common + ignore_errors: True + register: heat_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + when: heat_api_enabled.rc == 0 tags: step0,validation - name: Stop heat_api service - tags: step2 + tags: step1 + when: heat_api_enabled.rc == 0 service: name=openstack-heat-api state=stopped diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 7787d0a7..a166f3a7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -137,9 +137,16 @@ outputs: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: + - name: Check if heat_engine is deployed + command: systemctl is-enabled openstack-heat-engine + tags: common + ignore_errors: True + register: heat_engine_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + when: heat_engine_enabled.rc == 0 tags: step0,validation - name: Stop heat_engine service - tags: step2 + tags: step1 + when: heat_engine_enabled.rc == 0 service: name=openstack-heat-engine state=stopped diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 2111021b..60b009a8 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -96,3 +96,20 @@ outputs: - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop Horizon (under httpd) + tags: step1 + when: httpd_enabled.rc == 0 + service: name=httpd state=stopped diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index a84df538..7aab6f8d 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -88,5 +88,5 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop ironic_api service - tags: step2 + tags: step1 service: name=openstack-ironic-api state=stopped diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 739db13c..56e1a90b 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -44,6 +44,10 @@ parameters: default: 8088 description: Port to use for serving images when iPXE is used. type: string + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true MonitoringSubscriptionIronicConductor: default: 'overcloud-ironic-conductor' type: string @@ -65,9 +69,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] - # FIXME: I have no idea why neutron_url is in "api" manifest - - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} @@ -104,10 +106,43 @@ outputs: # the VIP, but rather a real IP of the host. ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} ironic::pxe::common::http_port: {get_param: IronicIPXEPort} - + # Credentials to access other services + ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::glance::username: 'ironic' + ironic::glance::password: {get_param: IronicPassword} + ironic::glance::project_name: 'service' + ironic::glance::user_domain_name: 'Default' + ironic::glance::project_domain_name: 'Default' + ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::neutron::username: 'ironic' + ironic::neutron::password: {get_param: IronicPassword} + ironic::neutron::project_name: 'service' + ironic::neutron::user_domain_name: 'Default' + ironic::neutron::project_domain_name: 'Default' + ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::service_catalog::username: 'ironic' + ironic::service_catalog::password: {get_param: IronicPassword} + ironic::service_catalog::project_name: 'service' + ironic::service_catalog::user_domain_name: 'Default' + ironic::service_catalog::project_domain_name: 'Default' + ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::swift::username: 'ironic' + ironic::swift::password: {get_param: IronicPassword} + ironic::swift::project_name: 'service' + ironic::swift::user_domain_name: 'Default' + ironic::swift::project_domain_name: 'Default' + # ironic-inspector support is not implemented, but let's configure + # the credentials for consistency. + ironic::drivers::inspector::enabled: false + ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::drivers::inspector::username: 'ironic' + ironic::drivers::inspector::password: {get_param: IronicPassword} + ironic::drivers::inspector::project_name: 'service' + ironic::drivers::inspector::user_domain_name: 'Default' + ironic::drivers::inspector::project_domain_name: 'Default' step_config: | include ::tripleo::profile::base::ironic::conductor upgrade_tasks: - name: Stop ironic_conductor service - tags: step2 + tags: step1 service: name=openstack-ironic-conductor state=stopped diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 9c4cc60f..f40c8d99 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -226,6 +226,7 @@ outputs: keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} + keystone::endpoint::version: '' keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::rabbit_heartbeat_timeout_threshold: 60 keystone::cron::token_flush::maxdelay: 3600 @@ -307,7 +308,7 @@ outputs: # Ansible tasks to handle upgrade upgrade_tasks: - name: Stop keystone service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index 94c63d33..57595b82 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -63,11 +63,22 @@ outputs: step_config: | include ::tripleo::profile::base::logging::fluentd upgrade_tasks: + - name: Check if fluentd_client is deployed + command: systemctl is-enabled fluentd + tags: common + ignore_errors: True + register: fluentd_client_enabled - name: Check status of fluentd service shell: > /usr/bin/systemctl show fluentd --property ActiveState | grep '\bactive\b' + when: fluentd_client_enabled.rc == 0 tags: step0,validation - name: Stop fluentd service - tags: step2 + tags: step1 + when: fluentd_client_enabled.rc == 0 service: name=fluentd state=stopped + - name: Install fluentd package if it was disabled + tags: step3 + yum: name=fluentd state=latest + when: fluentd_client_enabled.rc != 0 diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml index a3e3b842..49b2d4c2 100644 --- a/puppet/services/metrics/collectd.yaml +++ b/puppet/services/metrics/collectd.yaml @@ -110,11 +110,22 @@ outputs: step_config: | include ::tripleo::profile::base::metrics::collectd upgrade_tasks: + - name: Check if collectd is deployed + command: systemctl is-enabled collectd + tags: common + ignore_errors: True + register: collectd_enabled - name: Check status of collectd service shell: > /usr/bin/systemctl show collectd --property ActiveState | grep '\bactive\b' + when: collectd_enabled.rc == 0 tags: step0,validation - name: Stop collectd service - tags: step2 + tags: step1 + when: collectd_enabled.rc == 0 service: name=collectd state=stopped + - name: Install collectd package if it was disabled + tags: step3 + yum: name=collectd state=latest + when: collectd_enabled.rc != 0 diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index daa1dc7c..1c7d6bd3 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -50,3 +50,22 @@ outputs: get_attr: [MistralBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::mistral::api + upgrade_tasks: + - name: Check if mistral api is deployed + command: systemctl is-enabled openstack-mistral-api + tags: common + ignore_errors: True + register: mistral_api_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-api is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-api' --property ActiveState | + grep '\bactive\b' + when: mistral_api_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_api service + tags: step1 + service: name=openstack-mistral-api state=stopped + - name: Install openstack-mistral-api package if it was disabled + tags: step3 + yum: name=openstack-mistral-api state=latest + when: mistral_api_enabled.rc != 0 diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml index 4a92b863..03a2a55c 100644 --- a/puppet/services/mistral-engine.yaml +++ b/puppet/services/mistral-engine.yaml @@ -36,3 +36,22 @@ outputs: get_attr: [MistralBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::mistral::engine + upgrade_tasks: + - name: Check if mistral engine is deployed + command: systemctl is-enabled openstack-mistral-engine + tags: common + ignore_errors: True + register: mistral_engine_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-engine is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-engine' --property ActiveState | + grep '\bactive\b' + when: mistral_engine_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_engine service + tags: step1 + service: name=openstack-mistral-engine state=stopped + - name: Install openstack-mistral-engine package if it was disabled + tags: step3 + yum: name=openstack-mistral-engine state=latest + when: mistral_engine_enabled.rc != 0 diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml index 6e273b92..0f6adb07 100644 --- a/puppet/services/mistral-executor.yaml +++ b/puppet/services/mistral-executor.yaml @@ -36,3 +36,22 @@ outputs: get_attr: [MistralBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::mistral::executor + upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_executor service + tags: step1 + service: name=openstack-mistral-executor state=stopped + - name: Install openstack-mistral-executor package if it was disabled + tags: step3 + yum: name=openstack-mistral-executor state=latest + when: mistral_executor_enabled.rc != 0 diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index d74a68a2..aba2b1ed 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -63,11 +63,22 @@ outputs: step_config: | include ::tripleo::profile::base::monitoring::sensu upgrade_tasks: + - name: Check if sensu_client is deployed + command: systemctl is-enabled sensu-client + tags: common + ignore_errors: True + register: sensu_client_enabled - name: Check status of sensu-client service shell: > /usr/bin/systemctl show sensu-client --property ActiveState | grep '\bactive\b' + when: sensu_client_enabled.rc == 0 tags: step0,validation - name: Stop sensu-client service - tags: step2 + tags: step1 + when: sensu_client_enabled.rc == 0 service: name=sensu-client state=stopped + - name: Install sensu package if it was disabled + tags: step3 + yum: name=sensu state=latest + when: sensu_client.rc != 0 diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 4d671e15..bb191ff0 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -189,9 +189,16 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled - name: "PreUpgrade step0,validation: Check service neutron-server is running" shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 tags: step0,validation - name: Stop neutron_api service - tags: step2 + tags: step1 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 43657bd9..d0176781 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -44,10 +44,10 @@ parameters: description: Set to True to enable debugging on all services. EnableConfigPurge: type: boolean - default: true + default: false description: > - Remove configuration that is not generated by TripleO. Setting - to false may result in configuration remnants after updates/upgrades. + Remove configuration that is not generated by TripleO. Used to avoid + configuration remnants after upgrades. NeutronGlobalPhysnetMtu: type: number default: 1500 diff --git a/puppet/services/neutron-bigswitch-agent.yaml b/puppet/services/neutron-bigswitch-agent.yaml new file mode 100644 index 00000000..845f0da0 --- /dev/null +++ b/puppet/services/neutron-bigswitch-agent.yaml @@ -0,0 +1,31 @@ +heat_template_version: ocata + +description: > + Installs bigswitch agent and enables the services + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +outputs: + role_data: + description: Configure the bigswitch agent services + value: + service_name: neutron_bigswitch_agent + step_config: | + if hiera('step') >= 4 { + include ::neutron::agents::bigswitch + } diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 062edaa4..fe7f9f31 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -80,9 +80,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::dhcp upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_dhcp service - tags: step2 + tags: step1 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 06927fe0..1d6a2371 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -22,10 +22,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -35,6 +31,19 @@ parameters: tag: openstack.neutron.agent.l3-compute path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -56,7 +65,11 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::agent_mode : 'dvr' + - neutron::agents::l3::agent_mode : 'dvr' + - + if: + - external_network_bridge_empty + - {} + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 69803551..cd9870bd 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -21,10 +21,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -43,6 +39,15 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + conditions: external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} @@ -80,9 +85,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::l3 upgrade_tasks: + - name: Check if neutron_l3_agent is deployed + command: systemctl is-enabled neutron-l3-agent + tags: common + ignore_errors: True + register: neutron_l3_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running" shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b' + when: neutron_l3_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_l3 service - tags: step2 + tags: step1 + when: neutron_l3_agent_enabled.rc == 0 service: name=neutron-l3-agent state=stopped diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 6f5debdd..32ef567c 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -76,9 +76,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::metadata upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_metadata service - tags: step2 + tags: step1 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index c27bb909..01471ba2 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -121,9 +121,16 @@ outputs: step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: + - name: Check if neutron_ovs_agent is deployed + command: systemctl is-enabled neutron-openvswitch-agent + tags: common + ignore_errors: True + register: neutron_ovs_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' + when: neutron_ovs_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_ovs_agent service - tags: step2 + tags: step1 + when: neutron_ovs_agent_enabled.rc == 0 service: name=neutron-openvswitch-agent state=stopped diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index e25bc495..2c7ab57c 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -69,7 +69,10 @@ outputs: service_name: neutron_ovs_dpdk_agent config_settings: map_merge: - - get_attr: [NeutronOvsAgent, role_data, config_settings] + - map_replace: + - get_attr: [NeutronOvsAgent, role_data, config_settings] + - keys: + tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index f27b53f2..678e09b6 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -225,7 +225,7 @@ outputs: - name: Setup cell_v2 (map cell0) tags: step5 when: is_bootstrap_node - command: nova-manage cell_v2 map_cell0 + shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) - name: Setup cell_v2 (create default cell) tags: step5 when: is_bootstrap_node @@ -241,15 +241,15 @@ outputs: command: nova-manage db sync async: {get_param: NovaDbSyncTimeout} poll: 10 - - name: Setup cell_v2 (migrate hosts) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 map_cell_and_hosts - name: Setup cell_v2 (get cell uuid) tags: step5 when: is_bootstrap_node shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose - name: Setup cell_v2 (migrate instances) tags: step5 when: is_bootstrap_node diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ceacb0b2..7b568e9e 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -58,10 +58,10 @@ parameters: description: Set to True to enable debugging on all services. EnableConfigPurge: type: boolean - default: true + default: false description: > - Remove configuration that is not generated by TripleO. Setting - to false may result in configuration remnants after updates/upgrades. + Remove configuration that is not generated by TripleO. Used to avoid + configuration remnants after upgrades. NovaIPv6: default: false description: Enable IPv6 features in Nova @@ -151,6 +151,16 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' + nova::cell0_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_cell0' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::api_database_connection: list_join: - '' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 9923e833..d208bede 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -152,7 +152,7 @@ outputs: collectd::plugins::virt::connection: "qemu:///system" upgrade_tasks: - name: Stop nova-compute service - tags: step2 + tags: step1 service: name=openstack-nova-compute state=stopped # If not already set by puppet (e.g a pre-ocata version), set the # upgrade_level for compute to "auto" diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a19d0f8d..4574cae8 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -67,12 +67,12 @@ outputs: include tripleo::profile::base::nova::conductor upgrade_tasks: - name: Stop nova_conductor service - tags: step2 + tags: step1 service: name=openstack-nova-conductor state=stopped # If not already set by puppet (e.g a pre-ocata version), set the # upgrade_level for compute to "auto" - name: Set compute upgrade level to auto - tags: step2 + tags: step1 ini_file: str_replace: template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index b5a1312a..82f329bc 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -50,5 +50,5 @@ outputs: include tripleo::profile::base::nova::consoleauth upgrade_tasks: - name: Stop nova_consoleauth service - tags: step2 + tags: step1 service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml index 5eb2170a..5fc77f07 100644 --- a/puppet/services/nova-ironic.yaml +++ b/puppet/services/nova-ironic.yaml @@ -51,3 +51,7 @@ outputs: nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' step_config: | include tripleo::profile::base::nova::compute::ironic + upgrade_tasks: + - name: Stop openstack-nova-compute service + tags: step1 + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5564c1b3..98c446be 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -120,5 +120,10 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop nova_placement service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped + # The nova placement API isn't installed in newton images, so install + # it on upgrade + - name: Install nova-placement packages on upgrade + tags: step3 + yum: name=openstack-nova-placement-api state=latest diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index e08bf182..e4b6bb43 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -65,5 +65,5 @@ outputs: include tripleo::profile::base::nova::scheduler upgrade_tasks: - name: Stop nova_scheduler service - tags: step2 + tags: step1 service: name=openstack-nova-scheduler state=stopped diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index f6cf9649..42335ade 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -66,5 +66,5 @@ outputs: include tripleo::profile::base::nova::vncproxy upgrade_tasks: - name: Stop nova_vnc_proxy service - tags: step2 + tags: step1 service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index b537a2bc..f3aa1d64 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -24,10 +24,10 @@ parameters: description: Set to True to enable debugging on all services. EnableConfigPurge: type: boolean - default: true + default: false description: > - Remove configuration that is not generated by TripleO. Setting - to false may result in configuration remnants after updates/upgrades. + Remove configuration that is not generated by TripleO. Used to avoid + configuration remnants after upgrades. RabbitPassword: description: The password for RabbitMQ type: string diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 1e7aa479..ceb56a81 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -68,3 +68,26 @@ outputs: - 6653 step_config: | include tripleo::profile::base::neutron::opendaylight + upgrade_tasks: + - name: Check if opendaylight is deployed + command: systemctl is-enabled opendaylight + tags: common + ignore_errors: True + register: opendaylight_enabled + - name: "PreUpgrade step0,validation: Check service opendaylight is running" + shell: /usr/bin/systemctl show 'opendaylight' --property ActiveState | grep '\bactive\b' + when: opendaylight_enabled.rc == 0 + tags: step0,validation + - name: Stop opendaylight service + tags: step1 + when: opendaylight_enabled.rc == 0 + service: name=opendaylight state=stopped + - name: Removes ODL snapshots, data, journal directories + file: + state: absent + path: /opt/opendaylight/{{item}} + tags: step2 + with_items: + - snapshots + - data + - journal diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index cfec3c48..5cf416f3 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -60,11 +60,7 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: OpenDaylightProviderMappings} + neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' @@ -73,3 +69,17 @@ outputs: proto: 'gre' step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight + upgrade_tasks: + - name: Check if openvswitch is deployed + command: systemctl is-enabled openvswitch + tags: common + ignore_errors: True + register: openvswitch_enabled + - name: "PreUpgrade step0,validation: Check service openvswitch is running" + shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b' + when: openvswitch_enabled.rc == 0 + tags: step0,validation + - name: Stop openvswitch service + tags: step1 + when: openvswitch_enabled.rc == 0 + service: name=openvswitch state=stopped diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 9398d6b5..28fcbd6f 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -87,10 +87,16 @@ parameters: \[(?<pid>[^ ]*)\] (?<host>[^ ]*) (?<message>.*)$/ + + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer on the Controller + type: boolean + PacemakerResources: type: comma_delimited_list description: List of resources managed by pacemaker - default: ['rabbitmq','haproxy'] + default: ['rabbitmq', 'galera'] outputs: role_data: @@ -136,12 +142,20 @@ outputs: tags: step0,validation pacemaker_cluster: state=online check_and_fail=true - name: Stop pacemaker cluster - tags: step1 + tags: step2 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - name: Check pacemaker resource tags: step4 - pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500 + pacemaker_is_active: + resource: "{{ item }}" + max_wait: 500 with_items: {get_param: PacemakerResources} + - name: Check pacemaker haproxy resource + tags: step4 + pacemaker_is_active: + resource: haproxy + max_wait: 500 + when: {get_param: EnableLoadBalancer} diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 03c2c83f..b018df35 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -39,3 +39,32 @@ outputs: - rabbitmq::service_manage: false step_config: | include ::tripleo::profile::pacemaker::rabbitmq + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} + - name: get rabbitmq policy + tags: common + shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\"" + register: rabbit_ha_mode + when: is_bootstrap_node + ignore_errors: true + - name: set migrate_rabbit_ha_mode fact + tags: common + set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}} + when: is_bootstrap_node + - name: Fixup for rabbitmq ha-queues LP#1668600 + tags: step0,pre-upgrade + shell: | + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + when: is_bootstrap_node and migrate_rabbit_ha_mode diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 4b74ad45..eed98257 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -84,3 +84,22 @@ outputs: include tripleo::profile::base::panko::api metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop panko-api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: httpd_enabled.rc == 0 + - name: Install openstack-panko-api package if it was not installed + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 8573ea81..96b3d6e3 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -92,5 +92,5 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop sahara_api service - tags: step2 + tags: step1 service: name=openstack-sahara-api state=stopped diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 176514ec..c0b6b3e6 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -51,5 +51,5 @@ outputs: include ::tripleo::profile::base::sahara::engine upgrade_tasks: - name: Stop sahara_engine service - tags: step2 + tags: step1 service: name=openstack-sahara-engine state=stopped diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index fd6ed818..80c29f95 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -45,5 +45,5 @@ outputs: include ::tripleo::profile::base::snmp upgrade_tasks: - name: Stop snmp service - tags: step2 + tags: step1 service: name=snmpd state=stopped diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 526fa888..77f2bdfa 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -166,5 +166,5 @@ outputs: - ResellerAdmin upgrade_tasks: - name: Stop swift_proxy service - tags: step2 + tags: step1 service: name=openstack-swift-proxy state=stopped diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 247b23ff..261aadeb 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -103,7 +103,7 @@ outputs: include ::tripleo::profile::base::swift::storage upgrade_tasks: - name: Stop swift storage services - tags: step2 + tags: step1 service: name={{ item }} state=stopped with_items: - openstack-swift-account-auditor diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 1ac165d4..2f803b0b 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -66,9 +66,6 @@ outputs: - '/tacker' - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - tacker::keystone::auth::tenant: 'service' - tacker::keystone::auth::password: {get_param: TackerPassword} - tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} tacker::debug: {get_param: Debug} tacker::rpc_backend: rabbit tacker::rabbit_userid: {get_param: RabbitUserName} @@ -77,6 +74,10 @@ outputs: tacker::rabbit_port: {get_param: RabbitClientPort} tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} + tacker::keystone::authtoken::project_name: 'service' + tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + tacker::db::mysql::password: {get_param: TackerPassword} tacker::db::mysql::user: tacker tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -85,6 +86,32 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + service_config_settings: + keystone: + tacker::keystone::auth::tenant: 'service' + tacker::keystone::auth::region: {get_param: KeystoneRegion} + tacker::keystone::auth::password: {get_param: TackerPassword} + tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]} + tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]} + tacker::keystone::auth::admin_url: {get_param: [EndpointMap, TackerAdmin, uri]} step_config: | include ::tripleo::profile::base::tacker + upgrade_tasks: + - name: Check if tacker is deployed + command: systemctl is-enabled openstack-tacker-server + tags: common + ignore_errors: True + register: tacker_enabled + - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running" + shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b' + when: tacker_enabled.rc == 0 + tags: step0,validation + - name: Stop tacker service + tags: step1 + when: tacker_enabled.rc == 0 + service: name=openstack-tacker-server state=stopped + - name: Install openstack-tacker package if it was disabled + tags: step3 + yum: name=openstack-tacker state=latest + when: tacker_enabled.rc != 0 diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 67e14d9c..ff2b067f 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -37,3 +37,9 @@ outputs: tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} step_config: | include ::tripleo::firewall + upgrade_tasks: + - name: blank ipv6 rule before activating ipv6 firewall. + tags: step3 + shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables + args: + creates: /etc/sysconfig/ip6tables.n-o-upgrade diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index cb860fa8..a320f694 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -64,3 +64,23 @@ outputs: step_config: | include ::tripleo::profile::base::zaqar + upgrade_tasks: + - name: Check if zaqar is deployed + command: systemctl is-enabled openstack-zaqar + tags: common + ignore_errors: True + register: zaqar_enabled + - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" + shell: > + /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | + grep '\bactive\b' + when: zaqar_enabled.rc == 0 + tags: step0,validation + - name: Stop zaqar service + tags: step1 + when: zaqar_enabled.rc == 0 + service: name=openstack-zaqar state=stopped + - name: Install openstack-zaqar package if it was disabled + tags: step3 + yum: name=openstack-zaqar state=latest + when: zaqar_enabled.rc != 0 diff --git a/releasenotes/notes/big-switch-agent-4c743a2112251234.yaml b/releasenotes/notes/big-switch-agent-4c743a2112251234.yaml new file mode 100644 index 00000000..49ede200 --- /dev/null +++ b/releasenotes/notes/big-switch-agent-4c743a2112251234.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Updated bigswitch environment file to include the bigswitch agent + installation and correct support for the restproxy configuration. diff --git a/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml new file mode 100644 index 00000000..da995949 --- /dev/null +++ b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml @@ -0,0 +1,6 @@ +--- +security: + - | + Secure EtcdInitialClusterToken by removing the default value + and make the parameter hidden. + Fixes `bug 1673266 <https://bugs.launchpad.net/tripleo/+bug/1673266>`__. diff --git a/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml b/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml new file mode 100644 index 00000000..682171c1 --- /dev/null +++ b/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Fixes an issue when using the CinderNfsServers + parameter_defaults setting. It now works using a + single share as well as a comma-separated list of + shares. diff --git a/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml b/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml new file mode 100644 index 00000000..bb18aed8 --- /dev/null +++ b/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Fixes firewall rules from neutron OVS agent not being + inherited correctly and applied in neutron OVS DPDK + template. diff --git a/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml b/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml new file mode 100644 index 00000000..79cea05e --- /dev/null +++ b/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Fixes OpenDaylightProviderMappings parsing on a + comma delimited list. diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml deleted file mode 100644 index edcc1250..00000000 --- a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -deprecations: - - The environments/puppet-pacemaker.yaml file is now deprecated and the HA - deployment is now the default. In order to get the non-HA deployment use - environments/nonha-arch.yaml explicitly. diff --git a/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml new file mode 100644 index 00000000..d2b2eb94 --- /dev/null +++ b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - openstack-selinux is now installed by the deployed-server + bootstrap scripts. Previously, it was not installed, so + if SELinux was set to enforcing, all OpenStack policy + was missing. diff --git a/releasenotes/notes/make-panko-default-8d0e824fc91cef56.yaml b/releasenotes/notes/make-panko-default-8d0e824fc91cef56.yaml new file mode 100644 index 00000000..d0624265 --- /dev/null +++ b/releasenotes/notes/make-panko-default-8d0e824fc91cef56.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Since panko is enabled by default, include it the default dispatcher + for ceilometer events. diff --git a/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml b/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml new file mode 100644 index 00000000..07407f20 --- /dev/null +++ b/releasenotes/notes/set-ceilometer-auth-flag-382f68ddb2cbcb6b.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - We need ceilometer user in cases where ceilometer API is disabled. + This is to ensure other ceilometer services can still authenticate + with keystone. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 8da995b0..0ca43b34 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '6.0.0.0b3' +release = '6.0.0' # The short X.Y version. version = '6.0.0' diff --git a/test-requirements.txt b/test-requirements.txt index 1c9e3b42..06bce5a2 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4,6 +4,6 @@ PyYAML>=3.10.0 # MIT Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT -sphinx>=1.5.1 # BSD +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD oslosphinx>=4.7.0 # Apache-2.0 reno>=1.8.0 # Apache-2.0 diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh index 0b8b3523..f1f4cc11 100644 --- a/validation-scripts/all-nodes.sh +++ b/validation-scripts/all-nodes.sh @@ -67,5 +67,23 @@ function ping_default_gateways() { echo "SUCCESS" } +# Verify the FQDN from the nova/ironic deployment matches +# FQDN in the heat templates. +function fqdn_check() { + HOSTNAME=$(hostname) + SHORT_NAME=$(hostname -s) + FQDN_FROM_HOSTS=$(awk '$3 == "'${SHORT_NAME}'"{print $2}' /etc/hosts) + echo -n "Checking hostname vs /etc/hosts entry..." + if [[ $HOSTNAME != $FQDN_FROM_HOSTS ]]; then + echo "FAILURE" + echo -e "System hostname: ${HOSTNAME}\nEntry from /etc/hosts: ${FQDN_FROM_HOSTS}\n" + exit 1 + fi + echo "SUCCESS" +} + ping_controller_ips "$ping_test_ips" ping_default_gateways +if [[ $validate_fqdn == "True" ]];then + fqdn_check +fi |