diff options
31 files changed, 996 insertions, 78 deletions
diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml new file mode 100644 index 00000000..6798c255 --- /dev/null +++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml @@ -0,0 +1,7 @@ +resource_registry: + + # This initiates the upgrades for ceilometer api to run under apache wsgi + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml + + # no-op the rest + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml index f023cb32..e9a5f9be 100644 --- a/environments/major-upgrade-pacemaker-converge.yaml +++ b/environments/major-upgrade-pacemaker-converge.yaml @@ -1,2 +1,6 @@ parameter_defaults: UpgradeLevelNovaCompute: '' + +resource_registry: + OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml new file mode 100644 index 00000000..e0aaf130 --- /dev/null +++ b/environments/major-upgrade-remove-sahara.yaml @@ -0,0 +1,6 @@ +parameter_defaults: + KeepSaharaServicesOnUpgrade: false +resource_registry: + OS::TripleO::Services::SaharaApi: OS::Heat::None + OS::TripleO::Services::SaharaEngine: OS::Heat::None + diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml index 4115d8b2..c2f65800 100644 --- a/environments/manila-cephfsnative-config.yaml +++ b/environments/manila-cephfsnative-config.yaml @@ -12,7 +12,7 @@ parameter_defaults: ManilaCephFSNativeEnableBackend: true ManilaCephFSNativeBackendName: cephfsnative ManilaCephFSNativeDriverHandlesShareServers: false - ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: 'manila' ManilaCephFSNativeCephFSClusterName: 'ceph' ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml new file mode 100644 index 00000000..c87e6824 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2014-10-16 + +description: > + Software-config for ceilometer configuration under httpd during upgrades + +parameters: + servers: + type: json + input_values: + type: json + description: input values for the software deployments +resources: + CeilometerWsgiMitakaNewtonPreUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + config: + get_file: mitaka_to_newton_ceilometer_wsgi_upgrade.pp + + CeilometerWsgiMitakaNewtonUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\nset -e\n\n" + - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - "disable_standalone_ceilometer_api\n\n" + + CeilometerWsgiMitakaNewtonPostUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -e + /usr/bin/systemctl reload httpd + + CeilometerWsgiMitakaNewtonPreUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: CeilometerWsgiMitakaNewtonPreUpgradeDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonPreUpgradeConfig} + + CeilometerWsgiMitakaNewtonUpgradeConfigDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CeilometerWsgiMitakaNewtonPreUpgradeDeployment + properties: + name: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonUpgradeConfig} + + CeilometerWsgiMitakaNewtonPostUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment + properties: + name: CeilometerWsgiMitakaNewtonPostUpgradeDeployment + servers: {get_param: [servers, Controller]} + config: {get_resource: CeilometerWsgiMitakaNewtonPostUpgradeConfig} diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 4203eba9..b3a0098c 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -65,6 +65,5 @@ if [[ -n $(is_bootstrap_node) ]]; then nova-manage api_db sync nova-manage db online_data_migrations gnocchi-upgrade - #TODO(marios):someone from sahara needs to check this: - # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head + sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index 4d72fbd8..49c045bc 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -16,7 +16,11 @@ systemctl_swift start # We need to start the systemd services we explicitely stopped at step _1.sh # FIXME: Should we let puppet during the convergence step do the service enabling or # should we add it here? -for service in $(services_to_migrate); do +services=$(services_to_migrate) +if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then + services=${services%%openstack-sahara*} +fi +for service in $(services); do manage_systemd_service start "${service%%-clone}" check_resource_systemd "${service%%-clone}" started 600 done diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 30ae8d1e..7c78d5ad 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -22,6 +22,11 @@ parameters: type: boolean default: false description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean + KeepSaharaServicesOnUpgrade: + type: boolean + default: true + description: Whether to keep Sahara services when upgrading controller nodes from mitaka to newton + resources: # TODO(jistr): for Mitaka->Newton upgrades and further we can use @@ -127,7 +132,13 @@ resources: config: list_join: - '' - - - get_file: pacemaker_common_functions.sh + - - str_replace: + template: | + #!/bin/bash + keep_sahara_services_on_upgrade='KEEP_SAHARA_SERVICES_ON_UPGRADE' + params: + KEEP_SAHARA_SERVICES_ON_UPGRADE: {get_param: KeepSaharaServicesOnUpgrade} + - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_3.sh diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index df87c93f..7c9083a4 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -77,7 +77,6 @@ function services_to_migrate { openstack-aodh-evaluator-clone openstack-aodh-listener-clone openstack-aodh-notifier-clone - openstack-ceilometer-api-clone openstack-ceilometer-central-clone openstack-ceilometer-collector-clone openstack-ceilometer-notification-clone @@ -170,21 +169,13 @@ function migrate_full_to_ng_ha { fi } -# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton -# In mitaka we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" -# In newton we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" -# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) -# Note that changing an attribute like this makes the rabbitmq resource restart -function rabbitmq_mitaka_newton_upgrade { - if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then - # Number of controller is obtained by counting how many hostnames we - # have in controller_node_names hiera key - nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) - nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) - if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then - echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" - exit 1 +function disable_standalone_ceilometer_api { + if [[ -n $(is_bootstrap_node) ]]; then + if [[ -n $(is_pacemaker_managed openstack-ceilometer-api) ]]; then + # Disable pacemaker resources for ceilometer-api + manage_pacemaker_service disable openstack-ceilometer-api + check_resource_pacemaker openstack-ceilometer-api stopped 600 + pcs resource delete openstack-ceilometer-api --wait=600 fi - pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 fi } diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp new file mode 100644 index 00000000..1c376285 --- /dev/null +++ b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp @@ -0,0 +1,97 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This puppet manifest is to be used only during a Mitaka->Newton upgrade +# It configures ceilometer to be run under httpd but it makes sure to not +# restart any services. This snippet needs to be called before init as a +# pre upgrade migration. + +Service <| + tag == 'ceilometer-service' +|> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', +} + +if $::hostname == downcase(hiera('bootstrap_nodeid')) { + $pacemaker_master = true + $sync_db = true +} else { + $pacemaker_master = false + $sync_db = false +} + +include ::tripleo::packages + + +if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') +} else { + $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') +} +$mongodb_replset = hiera('mongodb::server::replset') +$mongo_node_string = join($mongo_node_ips_with_port, ',') +$database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" + +include ::ceilometer + +class {'::ceilometer::db': + database_connection => $database_connection, +} + +if $sync_db { + include ::ceilometer::db::sync +} + +include ::ceilometer::config + +class { '::ceilometer::api': + enabled => true, + service_name => 'httpd', + keystone_password => hiera('ceilometer::keystone::auth::password'), + identity_uri => hiera('ceilometer::keystone::authtoken::auth_url'), + auth_uri => hiera('ceilometer::keystone::authtoken::auth_uri'), + keystone_tenant => hiera('ceilometer::keystone::authtoken::project_name'), +} + +class { '::apache' : + service_enable => false, + service_manage => true, + service_restart => '/bin/true', + purge_configs => false, + purge_vhost_dir => false, +} + +# To ensure existing ports are not overridden +class { '::aodh::wsgi::apache': + servername => $::hostname, + ssl => false, +} +class { '::gnocchi::wsgi::apache': + servername => $::hostname, + ssl => false, +} + +class { '::keystone::wsgi::apache': + servername => $::hostname, + ssl => false, +} +class { '::ceilometer::wsgi::apache': + servername => $::hostname, + ssl => false, +} diff --git a/j2_excludes.yaml b/j2_excludes.yaml new file mode 100644 index 00000000..063e63d4 --- /dev/null +++ b/j2_excludes.yaml @@ -0,0 +1,10 @@ +# This template specifies which j2 rendered templates +# should be excluded in the render process from +# tripleo-common/tripleo_common/actions/templates.py + +name: + - puppet/controller-role.yaml + - puppet/compute-role.yaml + - puppet/blockstorage-role.yaml + - puppet/objectstorage-role.yaml + - puppet/cephstorage-role.yaml diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 346059f2..d7863e02 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -31,6 +31,9 @@ parameters: ServiceHostnameList: default: [] type: comma_delimited_list + NetworkHostnameMap: + default: [] + type: json resources: # This adds the extra "services" on for keystone @@ -101,6 +104,28 @@ outputs: description: > Map of enabled services to a list of hostnames where they're running value: + map_replace: + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_node_names: SERVICE_network + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} + - values: {get_param: ServiceNetMap} + - values: {get_param: NetworkHostnameMap} + short_service_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + value: yaql: # If ServiceHostnameList is empty the role is deployed with zero nodes # therefore we don't want to add any *_node_names to the map @@ -110,6 +135,6 @@ outputs: map_merge: repeat: template: - SERVICE_node_names: {get_param: ServiceHostnameList} + SERVICE_short_node_names: {get_param: ServiceHostnameList} for_each: SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 2f78133b..c4d86fb9 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -8,9 +8,17 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. + Note that the key in this map must match the service_name + in the service template, e.g if the service_name is heat_api + the key must be either heat_api_network, or optionally + HeatApiNetwork (which will be internally converted to + transform captalization to underscores). default: {} type: json + # Note that the key in this map must match the service_name + # see the description above about conversion from CamelCase to + # snake_case - the names must still match when converted ServiceNetMapDefaults: default: ApacheNetwork: internal_api @@ -47,7 +55,7 @@ parameters: CephMonNetwork: storage CephRgwNetwork: storage PublicNetwork: external - OpenDaylightApiNetwork: internal_api + OpendaylightApiNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role # for backwards compatibility, all other roles default to internal_api CephStorageHostnameResolveNetwork: storage diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index fc756617..6d655c7a 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -245,6 +245,15 @@ resources: EnabledServices: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} + NetworkHostnameMap: + # Note (shardy) this somewhat complex yaql may be replaced + # with a map_deep_merge function in ocata. It merges the + # list of maps, but appends to colliding lists so we can + # create a map of lists for all nodes for each network + yaql: + expression: dict($.data.where($ != null).flatten().selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + - {get_attr: [{{role.name}}, hostname_map]} {{role.name}}: type: OS::Heat::ResourceGroup @@ -292,8 +301,6 @@ resources: services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} - LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} - LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} {% endfor %} allNodesConfig: @@ -316,6 +323,24 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + logging_groups: + yaql: + expression: > + $.data.groups.flatten() + data: + groups: +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} +{% endfor %} + logging_sources: + yaql: + expression: > + $.data.sources.flatten() + data: + sources: +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} +{% endfor %} controller_ips: {get_attr: [Controller, ip_address]} controller_names: {get_attr: [Controller, hostname]} service_ips: @@ -338,6 +363,14 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, service_hostnames]} {% endfor %} + short_service_node_names: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} @@ -454,6 +487,10 @@ resources: UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow + depends_on: +{% for role in roles %} + - {{role.name}}AllNodesDeployment +{% endfor %} properties: servers: {% for role in roles %} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 67dc056b..cae60aab 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -20,10 +20,16 @@ parameters: type: string controller_ips: type: comma_delimited_list + logging_groups: + type: json + logging_sources: + type: json service_ips: type: json service_node_names: type: json + short_service_node_names: + type: json controller_names: type: comma_delimited_list memcache_node_ips: @@ -79,6 +85,8 @@ resources: all_nodes: mapped_data: map_merge: + - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} + - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} - enabled_services: {get_param: enabled_services} # This writes out a mapping of service_name_enabled: 'true' # For any services not enabled, hiera foo_enabled will @@ -122,6 +130,7 @@ resources: # provides a mapping of service_name_ips to a list of IPs - {get_param: service_ips} - {get_param: service_node_names} + - {get_param: short_service_node_names} - controller_node_ips: list_join: - ',' diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index a66ea08b..8b695fff 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -96,12 +96,6 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] resources: BlockStorage: @@ -277,8 +271,6 @@ resources: volume: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -315,6 +307,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [BlockStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: value: str_replace: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 03a53b00..55b26336 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -102,12 +102,6 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] resources: CephStorage: @@ -281,8 +275,6 @@ resources: ceph: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -325,6 +317,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [CephStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: value: str_replace: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 0205d0a6..4d77d6d3 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -114,12 +114,6 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] resources: @@ -295,8 +289,6 @@ resources: compute: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment @@ -368,6 +360,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [NovaCompute, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index ccb517f8..b1433b04 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -128,12 +128,6 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] parameter_groups: - label: deprecated @@ -355,8 +349,6 @@ resources: # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: @@ -411,6 +403,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [Controller, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 899ba66d..d7681d10 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -96,12 +96,6 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 - LoggingSources: - type: json - default: [] - LoggingGroups: - type: comma_delimited_list - default: [] resources: @@ -266,8 +260,6 @@ resources: object: mapped_data: # data supplied directly to this deployment configuration, etc tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} SwiftStorageHieraDeploy: @@ -314,6 +306,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [SwiftStorage, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: value: str_replace: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml new file mode 100644 index 00000000..e4307001 --- /dev/null +++ b/puppet/role.role.j2.yaml @@ -0,0 +1,452 @@ +heat_template_version: 2016-10-14 +description: 'OpenStack {{role}} node configured by Puppet' +parameters: + Overcloud{{role}}Flavor: + description: Flavor for the {{role}} node. + default: baremetal + type: string + constraints: + - custom_constraint: nova.flavor + {{role}}Image: + type: string + default: overcloud-full + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing Nova key pair to enable SSH access to the instances + type: string + default: default + constraints: + - custom_constraint: nova.keypair + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that {{role}}ExtraConfig takes precedence over ExtraConfig. + type: json + {{role}}ExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + {{role}}IPs: + default: {} + type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + SoftwareConfigTransport: + default: POLL_SERVER_CFN + description: | + How the server should receive the metadata required for software configuration. + type: string + constraints: + - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] + CloudDomain: + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. + type: json + {{role}}SchedulerHints: + type: json + description: Optional scheduler hints to pass to nova + default: {} + NodeIndex: + type: number + default: 0 + ServiceConfigSettings: + type: json + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] + +resources: + {{role}}: + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} + properties: + image: {get_param: {{role}}Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Overcloud{{role}}Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} + software_config_transport: {get_param: SoftwareConfigTransport} + metadata: {get_param: ServerMetadata} + scheduler_hints: {get_param: {{role}}SchedulerHints} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + ExternalPort: + type: OS::TripleO::{{role}}::Ports::ExternalPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + InternalApiPort: + type: OS::TripleO::{{role}}::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + StoragePort: + type: OS::TripleO::{{role}}::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + StorageMgmtPort: + type: OS::TripleO::{{role}}::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + TenantPort: + type: OS::TripleO::{{role}}::Ports::TenantPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + ManagementPort: + type: OS::TripleO::{{role}}::Ports::ManagementPort + properties: + ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role}}IPs} + NodeIndex: {get_param: NodeIndex} + + NetworkConfig: + type: OS::TripleO::{{role}}::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} + ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} + TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} + ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + name: NetworkDeployment + config: {get_resource: NetworkConfig} + server: {get_resource: {{role}}} + actions: {get_param: NetworkDeploymentActions} + + {{role}}Deployment: + type: OS::Heat::StructuredDeployment + depends_on: NetworkDeployment + properties: + name: {{role}}Deployment + config: {get_resource: {{role}}Config} + server: {get_resource: {{role}}} + input_values: + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + + {{role}}Config: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - {{role.lower()}}_extraconfig + - extraconfig + - service_names + - service_configs + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + {{role.lower()}}_extraconfig: + mapped_data: {get_param: {{role}}ExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + {{role.lower()}}: + mapped_data: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: {{role}}Deployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: {{role}}} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + {{role}}ExtraConfigPre: + depends_on: {{role}}Deployment + type: OS::TripleO::{{role}}ExtraConfigPre + properties: + server: {get_resource: {{role}}} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: {{role}}} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: {{role}}} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [{{role}}, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [{{role}}, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} + hosts_entry: + value: + str_replace: + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST + params: + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} + PRIMARYHOST: {get_attr: [{{role}}, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + nova_server_resource: + description: Heat resource handle for {{role}} server + value: + {get_resource: {{role}}} + external_ip_address: + description: IP address of the server in the external network + value: {get_attr: [ExternalPort, ip_address]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + tenant_ip_address: + description: IP address of the server in the tenant network + value: {get_attr: [TenantPort, ip_address]} + management_ip_address: + description: IP address of the server in the management network + value: {get_attr: [ManagementPort, ip_address]} diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce8d9158..adb17b26 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -75,6 +75,12 @@ outputs: ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} + # FIXME(gfidente): we should not have to list the packages explicitly in the templates, + # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 2b069d67..38cfbe22 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -41,5 +41,8 @@ outputs: config_settings: tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} + tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index e051781e..58b423fd 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -70,7 +70,7 @@ parameters: - tag_pattern: '**' type: record_transformer record: - nodename: '${hostname}' + host: '${hostname}' - tag_pattern: 'openstack.**' type: record_transformer diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 89a36d21..37b0a1d2 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -33,7 +33,7 @@ parameters: default: 'cephfs' ManilaCephFSNativeCephFSConfPath: type: string - default: '/etc/ceph/cephfs.conf' + default: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: type: string default: 'manila' diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 3b531ab3..c2b6b6f7 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -145,16 +145,11 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '106 vrrp': - proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 9e223374..a89e3d75 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -67,5 +67,8 @@ outputs: - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} + tripleo.neutron_l3.firewall_rules: + '106 neutron_l3 vrrp': + proto: vrrp step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cbe65638..cca0deee 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -117,5 +117,11 @@ outputs: # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} + tripleo.neutron_ovs_agent.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7b5fa40c..176fd235 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -78,7 +78,7 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + expression: list($.data.where($ != null).select($.get('logging_source')).where($ != null)) data: {get_attr: [ServiceChain, role_data]} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f..7eb39905 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: |