diff options
42 files changed, 439 insertions, 141 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index e510d679..2a800a49 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -362,6 +362,11 @@ topics: description: Enable FOS in the overcloud requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-nsx.yaml + title: Deploy NSX Services + description: + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/neutron-l2gw.yaml title: Neutron L2 gateway Service Plugin description: Enables Neutron L2 gateway Service Plugin diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 650bbf01..20e37e37 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -7,8 +7,8 @@ resource_registry: OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml parameter_defaults: diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 8a520b57..609e06ff 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -7,8 +7,8 @@ resource_registry: OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml parameter_defaults: diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 0282c385..6995deae 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -15,8 +15,8 @@ resource_registry: OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml OS::TripleO::Services::FluentdClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/logging/fluentd-client.yaml OS::TripleO::Services::SensuClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/monitoring/sensu-client.yaml diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 8236ee8f..e3ecf745 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -11,8 +11,8 @@ resource_registry: OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml parameter_defaults: diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index fbc3165e..d1c8bc15 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -11,8 +11,8 @@ resource_registry: OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml parameter_defaults: diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index b81b54f0..24fb2bf4 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -14,8 +14,8 @@ resource_registry: OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml # These enable Pacemaker - OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml index ebdfea14..8681bbab 100644 --- a/ci/pingtests/scenario004-multinode.yaml +++ b/ci/pingtests/scenario004-multinode.yaml @@ -123,6 +123,7 @@ resources: properties: name: default driver_handles_share_servers: false + snapshot_support: false manila_share: type: OS::Manila::Share diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 643727db..1d5605b2 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -256,14 +256,12 @@ resources: # BEGIN BAREMETAL CONFIG STEPS - {% if role.name == 'Controller' %} - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {% endif %} {{role.name}}Config: type: OS::TripleO::{{role.name}}Config @@ -309,10 +307,12 @@ resources: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} depends_on: - - {{role.name}}PreConfig - {{role.name}}KollaJsonDeployment - {{role.name}}GenPuppetDeployment - {{role.name}}GenerateConfigDeployment + {%- for dep in roles %} + - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first + {%- endfor %} {% else %} depends_on: {% for dep in roles %} @@ -353,15 +353,4 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name == 'Controller' %} - ControllerPostPuppet: - depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostPuppet - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {% endif %} - {% endfor %} diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml new file mode 100644 index 00000000..278ea1cc --- /dev/null +++ b/docker/services/etcd.yaml @@ -0,0 +1,105 @@ +heat_template_version: ocata + +description: > + OpenStack containerized etcd services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerEtcdImage: + description: image + default: 'centos-binary-etcd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EtcdInitialClusterToken: + description: Initial cluster token for the etcd cluster during bootstrap. + type: string + hidden: true + +resources: + + EtcdPuppetBase: + type: ../../puppet/services/etcd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken} + +outputs: + role_data: + description: Role data for the etcd role. + value: + service_name: {get_attr: [EtcdPuppetBase, role_data, service_name]} + step_config: &step_config + list_join: + - "\n" + - - "['Etcd_key'].each |String $val| { noop_resource($val) }" + - get_attr: [EtcdPuppetBase, role_data, step_config] + config_settings: + map_merge: + - {get_attr: [EtcdPuppetBase, role_data, config_settings]} + - etcd::manage_service: false + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: etcd + step_config: *step_config + config_image: &etcd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + kolla_config: + /var/lib/kolla/config_files/etcd.json: + command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + permissions: + - path: /var/lib/etcd + owner: etcd:etcd + recurse: true + docker_config: + step_2: + etcd: + image: *etcd_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/etcd:/var/lib/etcd + - /etc/localtime:/etc/localtime:ro + - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # Etcd keys initialization occurs only on single node + step_2: + config_volume: 'etcd_init_tasks' + puppet_tags: 'etcd_key' + step_config: 'include ::tripleo::profile::base::etcd' + config_image: *etcd_image + volumes: + - /var/lib/config-data/etcd/etc/:/etc/:ro + - /var/lib/etcd:/var/lib/etcd:ro + host_prep_tasks: + - name: create /var/lib/etcd + file: + path: /var/lib/etcd + state: directory + upgrade_tasks: + - name: Stop and disable etcd service + tags: step2 + service: name=etcd state=stopped enabled=no diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index c347b113..a695ce2a 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -44,7 +44,15 @@ outputs: description: Role data for the Nova Compute service. value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} - config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [NovaComputeBase, role_data, config_settings] + # FIXME: we need to disable migration for now as the + # hieradata is common for all services, and this means nova + # and nova_placement puppet runs also try to configure + # libvirt, and they fail. We can remove this override when + # we have hieradata separation between containers. + - tripleo::profile::base::nova::manage_migration: false step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index ba637605..1f7205ba 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -50,7 +50,15 @@ outputs: description: Role data for the Libvirt service. value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} - config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [NovaLibvirtBase, role_data, config_settings] + # FIXME: we need to disable migration for now as the + # hieradata is common for all services, and this means nova + # and nova_placement puppet runs also try to configure + # libvirt, and they fail. We can remove this override when + # we have hieradata separation between containers. + - tripleo::profile::base::nova::manage_migration: false step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index a04893e4..e0952470 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -48,14 +48,20 @@ outputs: description: Role data for the Rabbitmq API role. value: service_name: {get_attr: [RabbitmqBase, role_data, service_name]} - config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]} + # RabbitMQ plugins initialization occurs on every node + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::admin_enable: false step_config: &step_config - get_attr: [RabbitmqBase, role_data, step_config] + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq - puppet_tags: file step_config: *step_config config_image: &rabbitmq_image list_join: @@ -83,7 +89,7 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True - - + - list_join: - '=' - - 'RABBITMQ_CLUSTER_COOKIE' @@ -111,6 +117,16 @@ outputs: - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # RabbitMQ users and policies initialization occurs only on single node + step_1: + config_volume: 'rabbit_init_tasks' + puppet_tags: 'rabbitmq_policy,rabbitmq_user' + step_config: 'include ::tripleo::profile::base::rabbitmq' + config_image: *rabbitmq_image + volumes: + - /var/lib/config-data/rabbitmq/etc/:/etc/ + - /var/lib/rabbitmq:/var/lib/rabbitmq:ro host_prep_tasks: - name: create /var/lib/rabbitmq file: diff --git a/environments/collectd-environment.yaml b/environments/collectd-environment.yaml index 7780530c..e40aedf0 100644 --- a/environments/collectd-environment.yaml +++ b/environments/collectd-environment.yaml @@ -3,8 +3,36 @@ resource_registry: # parameter_defaults: # -## You can specify additional plugins to load using the -## CollectdExtraPlugins key: +## Collectd server configuration +# CollectdServer: collectd0.example.com +# +################ +#### Other config parameters, the values shown here are the defaults +################ +# +# CollectdServerPort: 25826 +# CollectdSecurityLevel: None +# +################ +#### If CollectdSecurityLevel is set to Encrypt or Sign +#### the following parameters are also needed +############### +# +# CollectdUsername: user +# CollectdPassword: password +# +## CollectdDefaultPlugins, These are the default plugins used by collectd +# +# CollectdDefaultPlugins: +# - disk +# - interface +# - load +# - memory +# - processes +# - tcpconns +# +## Extra plugins can be enabled by the CollectdExtraPlugins parameter: +## All the plugins availables are: # # CollectdExtraPlugins: # - disk diff --git a/environments/deployed-server-pacemaker-environment.yaml b/environments/deployed-server-pacemaker-environment.yaml index 85fa7d2f..cc9ea996 100644 --- a/environments/deployed-server-pacemaker-environment.yaml +++ b/environments/deployed-server-pacemaker-environment.yaml @@ -1,4 +1,4 @@ resource_registry: - OS::TripleO::Tasks::ControllerDeployedServerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerDeployedServerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml deleted file mode 100644 index 9d6ce73e..00000000 --- a/environments/major-upgrade-aodh-migration.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resource_registry: - # aodh data migration - OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml - - # no-op the rest - OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml deleted file mode 100644 index 6798c255..00000000 --- a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resource_registry: - - # This initiates the upgrades for ceilometer api to run under apache wsgi - OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml - - # no-op the rest - OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml deleted file mode 100644 index e9a5f9be..00000000 --- a/environments/major-upgrade-pacemaker-converge.yaml +++ /dev/null @@ -1,6 +0,0 @@ -parameter_defaults: - UpgradeLevelNovaCompute: '' - -resource_registry: - OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml deleted file mode 100644 index f4f361df..00000000 --- a/environments/major-upgrade-pacemaker-init.yaml +++ /dev/null @@ -1,6 +0,0 @@ -parameter_defaults: - UpgradeLevelNovaCompute: mitaka - -resource_registry: - OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml deleted file mode 100644 index 9fb51a4d..00000000 --- a/environments/major-upgrade-pacemaker.yaml +++ /dev/null @@ -1,6 +0,0 @@ -parameter_defaults: - UpgradeLevelNovaCompute: mitaka - -resource_registry: - OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml deleted file mode 100644 index e0aaf130..00000000 --- a/environments/major-upgrade-remove-sahara.yaml +++ /dev/null @@ -1,6 +0,0 @@ -parameter_defaults: - KeepSaharaServicesOnUpgrade: false -resource_registry: - OS::TripleO::Services::SaharaApi: OS::Heat::None - OS::TripleO::Services::SaharaEngine: OS::Heat::None - diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml index 5632d8d6..0cc8fb78 100644 --- a/environments/manila-cephfsnative-config.yaml +++ b/environments/manila-cephfsnative-config.yaml @@ -14,4 +14,4 @@ parameter_defaults: ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: 'manila' ManilaCephFSNativeCephFSClusterName: 'ceph' - ManilaCephFSNativeCephFSEnableSnapshots: true + ManilaCephFSNativeCephFSEnableSnapshots: false diff --git a/environments/neutron-nsx.yaml b/environments/neutron-nsx.yaml new file mode 100644 index 00000000..eb1dcec6 --- /dev/null +++ b/environments/neutron-nsx.yaml @@ -0,0 +1,15 @@ +# A Heat environment that can be used to deploy NSX Services +# extensions, configured via puppet +resource_registry: + # NSX doesn't require dhcp, l3, metadata, and ovs agents + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + # Override the Neutron core plugin to use NSX + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNSX + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + +parameter_defaults: + NeutronCorePlugin: vmware_nsx.plugin.NsxV3Plugin diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index da607a72..21a51f6b 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -1,8 +1,8 @@ # An environment which enables configuration of an # Overcloud controller with Pacemaker. resource_registry: - OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml # custom pacemaker services diff --git a/environments/services-docker/etcd.yaml b/environments/services-docker/etcd.yaml new file mode 100644 index 00000000..c4201cf4 --- /dev/null +++ b/environments/services-docker/etcd.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Etcd: ../../docker/services/etcd.yaml diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml index a63868c9..a304e55b 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.yaml @@ -25,7 +25,7 @@ resources: ControllerPostPuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: - servers: {get_param: servers} + servers: {get_param: servers} config: {get_resource: ControllerPostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} @@ -33,5 +33,5 @@ resources: type: OS::TripleO::Tasks::ControllerPostPuppetRestart depends_on: ControllerPostPuppetMaintenanceModeDeployment properties: - servers: {get_param: servers} + servers: {get_param: servers} input_values: {get_param: input_values} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index dd0cec76..79ac7cce 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -65,11 +65,6 @@ resource_registry: OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml -{% for role in roles %} - OS::TripleO::Tasks::{{role.name}}PrePuppet: OS::Heat::None - OS::TripleO::Tasks::{{role.name}}PostPuppet: OS::Heat::None -{% endfor %} - # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when # configuration with knowledge of all nodes in the cluster is required vs single @@ -153,6 +148,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 782a32c9..45b3ea30 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -23,19 +23,12 @@ properties: StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} - {{role.name}}PrePuppet: - type: OS::TripleO::Tasks::{{role.name}}PrePuppet - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - # Step through a series of configuration steps {% for step in range(1, 6) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} - depends_on: [{{role.name}}PrePuppet, {{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] {% else %} depends_on: {% for dep in roles %} @@ -58,7 +51,7 @@ - {{dep.name}}Deployment_Step5 {% endfor %} properties: - servers: {get_param: servers} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} @@ -73,12 +66,4 @@ properties: servers: {get_param: [servers, {{role.name}}]} - {{role.name}}PostPuppet: - depends_on: - - {{role.name}}ExtraConfigPost - type: OS::TripleO::Tasks::{{role.name}}PostPuppet - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} {% endfor %} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index e1613720..d524e612 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -88,7 +88,6 @@ outputs: value: service_name: ceilometer_base config_settings: - ceilometer_auth_enabled: true ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: @@ -133,6 +132,7 @@ outputs: ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} service_config_settings: keystone: + ceilometer_auth_enabled: true ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 5db8bec0..ec682531 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -25,6 +25,13 @@ parameters: MonitoringSubscriptionEtcd: default: 'overcloud-etcd' type: string + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -33,27 +40,47 @@ outputs: service_name: etcd monitoring_subscription: {get_param: MonitoringSubscriptionEtcd} config_settings: - etcd::etcd_name: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} - tripleo::profile::base::etcd::client_port: '2379' - tripleo::profile::base::etcd::peer_port: '2380' - etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} - etcd::manage_package: false - tripleo.etcd.firewall_rules: - '141 etcd': - dport: - - 2379 - - 2380 + map_merge: + - + etcd::etcd_name: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} + tripleo::profile::base::etcd::client_port: '2379' + tripleo::profile::base::etcd::peer_port: '2380' + etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} + etcd::manage_package: false + tripleo.etcd.firewall_rules: + '141 etcd': + dport: + - 2379 + - 2380 + - + if: + - internal_tls_enabled + - generate_service_certificates: true + tripleo::profile::base::etcd::certificate_specs: + service_certificate: '/etc/pki/tls/certs/etcd.crt' + service_key: '/etc/pki/tls/private/etcd.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + principal: + str_replace: + template: "etcd/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + - {} step_config: | include ::tripleo::profile::base::etcd upgrade_tasks: @@ -71,3 +98,11 @@ outputs: - name: Stop etcd service tags: step2 service: name=etcd state=stopped + metadata_settings: + if: + - internal_tls_enabled + - + - service: etcd + network: {get_param: [ServiceNetMap, EtcdNetwork]} + type: node + - null diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index be910d10..666967b9 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -45,6 +45,10 @@ parameters: default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] description: Enabled Ironic drivers type: comma_delimited_list + IronicEnabledHardwareTypes: + default: ['ipmi'] + description: Enabled Ironic hardware types + type: comma_delimited_list IronicIPXEEnabled: default: true description: Whether to use iPXE instead of PXE for deployment. @@ -92,6 +96,7 @@ outputs: ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} + ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes} # We need an endpoint containing a real IP, not a VIP here ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} ironic::conductor::http_url: @@ -112,6 +117,7 @@ outputs: # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' + ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console'] ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron'] ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} tripleo.ironic_conductor.firewall_rules: diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 36ef1ea9..2a6d7e34 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -39,7 +39,7 @@ parameters: default: 'ceph' ManilaCephFSNativeCephFSEnableSnapshots: type: boolean - default: true + default: false ManilaCephFSDataPoolName: default: manila_data type: string diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml index 49b2d4c2..d2d9f3dc 100644 --- a/puppet/services/metrics/collectd.yaml +++ b/puppet/services/metrics/collectd.yaml @@ -70,7 +70,9 @@ parameters: CollectdSecurityLevel: type: string description: > - Security level setting for remote collectd connection. + Security level setting for remote collectd connection. If it is + set to Sign or Encrypt the CollectdPassword and CollectdUsername + parameters need to be set. default: 'None' constraints: - allowed_values: diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml new file mode 100644 index 00000000..3ac219ba --- /dev/null +++ b/puppet/services/neutron-plugin-nsx.yaml @@ -0,0 +1,66 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron NSX + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultOverlayTz: + description: UUID of the default NSX overlay transport zone. + type: string + DefaultTier0Router: + description: UUID of the default tier0 router that will be used for connecting to + tier1 logical routers and configuring external networks. + type: string + NsxApiManagers: + description: IP address of one or more NSX managers separated by commas. + type: string + NsxApiUser: + description: User name of NSX Manager. + type: string + NsxApiPassword: + description: Password of NSX Manager. + type: string + NativeDhcpMetadata: + default: True + description: This is the flag to indicate if using native DHCP/Metadata or not. + type: string + DhcpProfileUuid: + description: This is the UUID of the NSX DHCP Profile that will be used to enable + native DHCP service. + type: string + MetadataProxyUuid: + description: This is the UUID of the NSX Metadata Proxy that will be used to enable + native metadata service. + type: string + +outputs: + role_data: + description: Role data for the Neutron NSX plugin + value: + service_name: neutron_plugin_nsx + config_settings: + neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz} + neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router} + neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers} + neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser} + neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword} + neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata} + neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid} + neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid} + + step_config: | + include tripleo::profile::base::neutron::plugins::nsx_v3 diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 33769d02..06965c8c 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -36,7 +36,26 @@ parameters: e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + ZaqarWorkers: + type: string + description: Set the number of workers for zaqar::wsgi::apache + default: '%{::os_workers}' + EnableInternalTLS: + type: boolean + default: false + +conditions: + zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} + +resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -44,16 +63,30 @@ outputs: value: service_name: zaqar config_settings: - zaqar::policy::policies: {get_param: ZaqarPolicies} - zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} - zaqar::keystone::authtoken::project_name: 'service' - zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - zaqar::debug: {get_param: Debug} - zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} - zaqar::message_pipeline: 'zaqar.notification.notifier' - zaqar::unreliable: true + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - zaqar::policy::policies: {get_param: ZaqarPolicies} + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + zaqar::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + - + if: + - zaqar_workers_zero + - {} + - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: keystone: zaqar::keystone::auth::password: {get_param: ZaqarPassword} @@ -83,10 +116,19 @@ outputs: grep '\bactive\b' when: zaqar_enabled.rc == 0 tags: step0,validation - - name: Stop zaqar service + - name: Check for zaqar running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" + register: zaqar_apache + ignore_errors: true + - name: Stop zaqar service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: zaqar_apache.rc == 0 + - name: Stop and disable zaqar service (pre-upgrade not under httpd) tags: step1 when: zaqar_enabled.rc == 0 - service: name=openstack-zaqar state=stopped + service: name=openstack-zaqar state=stopped enabled=no - name: Install openstack-zaqar package if it was disabled tags: step3 yum: name=openstack-zaqar state=latest diff --git a/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml b/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml new file mode 100644 index 00000000..98d70b63 --- /dev/null +++ b/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Disabled cephfs snapshot support (ManilaCephFSNativeCephFSEnableSnapshots + parameter) in manila by default. diff --git a/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml b/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml new file mode 100644 index 00000000..da3da6c7 --- /dev/null +++ b/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Configuring enabled Ironic hardware types is now possible via new + ``IronicEnabledHardwareTypes`` parameter. See this spec for details: + http://specs.openstack.org/openstack/ironic-specs/specs/approved/driver-composition-reform.html. + - | + Bare metal serial console support via ``socat`` utility is enabled for + Ironic hardware types supporting it (currently only ``ipmi``). diff --git a/releasenotes/notes/nsx-support-1254839718d8df8c.yaml b/releasenotes/notes/nsx-support-1254839718d8df8c.yaml new file mode 100644 index 00000000..1d9f5f8a --- /dev/null +++ b/releasenotes/notes/nsx-support-1254839718d8df8c.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for NSX Neutron plugin diff --git a/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml b/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml new file mode 100644 index 00000000..875b704a --- /dev/null +++ b/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - This commit merges both [Pre|Post]Puppet and [Pre|Post]Config + resources, giving an agnostic name for the configuration + steps. The [Pre|Post]Puppet resource is removed and should not + be used anymore. diff --git a/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml b/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml new file mode 100644 index 00000000..a2172aac --- /dev/null +++ b/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml @@ -0,0 +1,3 @@ +--- +features: + - Run the Zaqar WSGI service over httpd in Puppet. diff --git a/requirements.txt b/requirements.txt index df8a71f5..4a9b7253 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -pbr>=2.0.0 # Apache-2.0 +pbr!=2.1.0,>=2.0.0 # Apache-2.0 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT diff --git a/tools/yaml-nic-config-2-script.py b/tools/yaml-nic-config-2-script.py index b8f07e4f..cdda108f 100755 --- a/tools/yaml-nic-config-2-script.py +++ b/tools/yaml-nic-config-2-script.py @@ -157,7 +157,7 @@ def convert(filename): print("Error couldn't find run-os-net-config.sh relative to filename") exit_usage() - for r in six.iteritems(tpl.get('resources', {})): + for r in (tpl.get('resources', {})).items(): if (r[1].get('type') == 'OS::Heat::StructuredConfig' and r[1].get('properties', {}).get('group') == 'os-apply-config' and r[1].get('properties', {}).get('config', {}).get('os_net_config')): |