diff options
45 files changed, 1453 insertions, 32 deletions
@@ -44,3 +44,18 @@ doc/_build # Built by pbr (python setup.py sdist): AUTHORS ChangeLog + +extraconfig/all_nodes/mac_hostname.yaml +extraconfig/all_nodes/random_string.yaml +extraconfig/all_nodes/swap-partition.yaml +extraconfig/all_nodes/swap.yaml +extraconfig/tasks/major_upgrade_pacemaker_init.yaml +network/service_net_map.yaml +overcloud-resource-registry-puppet.yaml +overcloud.yaml +puppet/blockstorage-config.yaml +puppet/cephstorage-config.yaml +puppet/compute-config.yaml +puppet/controller-config.yaml +puppet/objectstorage-config.yaml +puppet/post.yaml diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index b8bc5762..97fec24c 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -1,7 +1,8 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::BarbicanApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/barbican-api.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml parameter_defaults: ControllerServices: @@ -42,6 +43,8 @@ parameter_defaults: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index e540bc55..092426cb 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -1,11 +1,11 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::SaharaApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-engine.yaml - OS::TripleO::Services::MistralApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-api.yaml - OS::TripleO::Services::MistralEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-engine.yaml - OS::TripleO::Services::MistralExecutor: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-executor.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml parameter_defaults: ControllerServices: @@ -49,3 +49,4 @@ parameter_defaults: Debug: true # we don't deploy Swift so we switch to file backend. GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml new file mode 100644 index 00000000..4aa18709 --- /dev/null +++ b/ci/environments/scenario004-multinode.yaml @@ -0,0 +1,62 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephRgw + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml index d7a30fd9..1ab7eef9 100644 --- a/ci/pingtests/scenario002-multinode.yaml +++ b/ci/pingtests/scenario002-multinode.yaml @@ -144,6 +144,11 @@ resources: ram: 512 vcpus: 1 + zaqar_queue: + type: OS::Zaqar::Queue + properties: + name: pingtest-queue + outputs: server1_private_ip: description: IP address of server1 in private network diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml new file mode 100644 index 00000000..17792cd1 --- /dev/null +++ b/ci/pingtests/scenario004-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario004. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml new file mode 100644 index 00000000..7e10014b --- /dev/null +++ b/environments/major-upgrade-composable-steps.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml new file mode 100644 index 00000000..ee137925 --- /dev/null +++ b/environments/services/zaqar.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 70a0d31f..e91c7bc3 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 21f8876a..c9096f44 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 6afb3a63..365b0a54 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index aeda0a9f..0178c4dd 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -276,3 +276,21 @@ Ironic: uri_suffixes: '': /v1 port: 6385 + +Zaqar: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 8888 + +ZaqarWebSocket: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 9000 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 5e582d41..7ebb318f 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -79,6 +79,12 @@ parameters: SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: http, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: @@ -6291,3 +6297,489 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + ZaqarAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + ZaqarInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarInternal, port] + protocol: + get_param: [EndpointMap, ZaqarInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + ZaqarPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarPublic, port] + protocol: + get_param: [EndpointMap, ZaqarPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + ZaqarWebSocketAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + ZaqarWebSocketInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketInternal, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + ZaqarWebSocketPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketPublic, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 30b9f2b9..77a48658 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -100,6 +100,10 @@ resource_registry: # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + # Upgrade resources + OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml + OS::TripleO::UpgradeSteps: OS::Heat::None + # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml @@ -215,6 +219,7 @@ resource_registry: OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::Zaqar: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 6146a48a..39a092b1 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -604,6 +604,21 @@ resources: {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} {% endfor %} + # Upgrade steps for all roles + AllNodesUpgradeSteps: + type: OS::TripleO::UpgradeSteps + depends_on: AllNodesDeploySteps + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + role_data: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} + + outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. @@ -636,3 +651,9 @@ outputs: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + RoleData: + description: The configuration data associated with each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 45552e05..c9bf894f 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -266,6 +266,42 @@ resources: extraconfig: {get_param: ExtraConfig} volume: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 03b57e2b..18787a21 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -271,6 +271,42 @@ resources: extraconfig: {get_param: ExtraConfig} ceph: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 13464339..f359bf70 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -284,6 +284,42 @@ resources: extraconfig: {get_param: ExtraConfig} compute: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 09e10eae..77b54ff3 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -344,6 +344,42 @@ resources: # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml new file mode 100644 index 00000000..f8dad433 --- /dev/null +++ b/puppet/major_upgrade_steps.j2.yaml @@ -0,0 +1,98 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade steps for all roles' + +parameters: + servers: + type: json + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + UpdateIdentifier: + type: string + description: > + Setting to a previously unused value during stack-update will trigger + the Upgrade resources to re-run on all roles. + + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + +resources: + + # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + +{% for role in roles %} + {{role.name}}Upgrade_Init: + type: OS::Heat::StructuredDeploymentGroup + properties: + name: {{role.name}}Upgrade_Init + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: UpgradeInitConfig} +{% endfor %} + +# Upgrade Steps for all roles +# FIXME(shardy): would be nice to make the number of steps configurable +{% for step in range(1, 8) %} + {% for role in roles %} + # Step {{step}} resources + {{role.name}}UpgradeConfig_Step{{step}}: + type: OS::TripleO::UpgradeConfig + # The UpgradeConfig resources could actually be created without + # serialization, but the event output is easier to follow if we + # do, and there should be minimal performance hit (creating the + # config is cheap compared to the time to apply the deployment). + depends_on: + {% if step == 1 %} + - {{role.name}}Upgrade_Init + {% else %} + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} + step: {{step}} + + {{role.name}}Upgrade_Step{{step}}: + type: OS::Heat::StructuredDeploymentGroup + {% if step > 1 %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {{role.name}}Upgrade_Step{{step}} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}} + input_values: + role: {{role.name}} + update_identifier: {get_param: UpdateIdentifier} + {% endfor %} +{% endfor %} + +outputs: + # Output the config for each role, just use Step1 as the config should be + # the same for all steps (only the tag provided differs) + upgrade_configs: + description: The per-role upgrade configuration used + value: +{% for role in roles %} + {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} +{% endfor %} + diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 533cd2c1..60c12c3b 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -255,6 +255,43 @@ resources: extraconfig: {get_param: ExtraConfig} object: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} + SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index c2c322d8..587ff58d 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -5,13 +5,17 @@ parameters: description: Flavor for the {{role}} node. default: baremetal type: string +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor +{% endif %} {{role}}Image: type: string default: overcloud-full +{% if disable_constraints is not defined %} constraints: - custom_constraint: glance.image +{% endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -20,8 +24,10 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair +{% endif %} ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -279,6 +285,42 @@ resources: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 3accff36..856b306e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -22,8 +22,8 @@ Config Settings Each service may define a config_settings output variable which returns Hiera settings to be configured. -Steps ------ +Deployment Steps +---------------- Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests @@ -48,3 +48,29 @@ are re-asserted when applying latter ones. 4) General OpenStack Services 5) Service activation (Pacemaker) + +Upgrade Steps +------------- + +Each service template may optionally define a `upgrade_tasks` key, which is a +list of ansible tasks to be performed during the upgrade process. + +Similar to the step_config, we allow a series of steps for the per-service +upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first +step, "step2" for the second, etc. + + Steps/tages correlate to the following: + + 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster + + 2) Stop all control-plane services, ready for upgrade + + 3) Perform a package update, (either specific packages or the whole system) + + 4) Start services needed for migration tasks (e.g DB) + + 5) Perform any migration tasks, e.g DB sync commands + + 6) Start control-plane services + + 7) Any additional online migration tasks (e.g data migrations) diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 347a8c13..0cc7ad8b 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -55,7 +55,7 @@ outputs: aodh::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' @@ -68,7 +68,7 @@ outputs: aodh::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 87e53f13..1d76b9a3 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -35,8 +35,8 @@ outputs: httpd-NETWORK: service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' service_key: '/etc/pki/tls/private/httpd-NETWORK.key' - hostname: "%{::fqdn_NETWORK}" - principal: "HTTP/%{::fqdn_NETWORK}" + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: NETWORK: # NOTE(jaosorior) Get unique network names to create diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 1a5e9134..24687d03 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -93,7 +93,7 @@ outputs: barbican::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::db::database_connection: diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 2f34f248..2e2d3f2d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -75,7 +75,7 @@ outputs: ceilometer::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} @@ -83,7 +83,7 @@ outputs: ceilometer::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 89c1a5ee..4b85d28f 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -68,6 +68,7 @@ outputs: ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::user: 'swift' ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 8d57418e..6cb2b194 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -101,7 +101,7 @@ outputs: cinder::api::bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} @@ -115,7 +115,7 @@ outputs: cinder::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} - diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index bed8f7d3..abe752e2 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -87,8 +87,16 @@ outputs: tripleo::profile::base::database::mysql::bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + upgrade_tasks: + - name: Stop service + tags: step2 + service: name=mariadb state=stopped + - name: Start service + tags: step4 + service: name=mariadb state=started + diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index d5f8e62d..b3d39e0f 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -91,7 +91,7 @@ outputs: gnocchi::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} @@ -105,7 +105,7 @@ outputs: gnocchi::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index c8edade5..675a79ec 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -77,3 +77,10 @@ outputs: - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] step_config: | include ::tripleo::profile::base::haproxy + upgrade_tasks: + - name: Stop haproxy service + tags: step1 + service: name=haproxy state=stopped + - name: Start haproxy service + tags: step4 # Needed at step 4 for mysql + service: name=haproxy state=started diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 6f2c44ec..b4f1a100 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -64,3 +64,11 @@ outputs: - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived + upgrade_tasks: + - name: Stop keepalived service + tags: step1 + service: name=keepalived state=stopped + - name: Start keepalived service + tags: step4 # Needed at step 4 for mysql + service: name=keepalived state=started + diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index c2a282d4..e48d7037 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -195,13 +195,13 @@ outputs: keystone::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::servername_admin: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} @@ -219,13 +219,13 @@ outputs: keystone::admin_bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::public_bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the @@ -248,3 +248,14 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Stop keystone service (running under httpd) + tags: step2 + service: name=httpd state=stopped + - name: Sync keystone DB + tags: step5 + command: keystone-manage db_sync + - name: Start keystone service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index c4d5c6bb..50e4c996 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -108,7 +108,7 @@ outputs: nova::api::api_bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::service_name: 'httpd' @@ -122,7 +122,7 @@ outputs: nova::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index ea3d8abd..f2905903 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -40,7 +40,7 @@ outputs: - tripleo::profile::pacemaker::database::mysql::bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 700edc7f..a8bd5e8a 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -55,7 +55,7 @@ outputs: panko::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} panko::api::service_name: 'httpd' @@ -68,7 +68,7 @@ outputs: panko::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 44a09a42..190487e0 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -73,7 +73,13 @@ outputs: rabbitmq::repos_ensure: false rabbitmq::tcp_keepalive: true rabbitmq_environment: - RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_NODENAME: + str_replace: + template: + "rabbit@%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + RABBITMQ_USE_LONGNAME: true RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: inet_dist_listen_min: '25672' @@ -97,6 +103,13 @@ outputs: # internal_api_subnet - > IP/CIDR rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} - step_config: | include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + tags: step6 + service: name=rabbitmq-server state=started + diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index ffe2d2d4..13df5bbe 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -108,3 +108,8 @@ outputs: expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + upgrade_tasks: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 124f5fe8..69912fa5 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,3 +32,7 @@ outputs: tripleo::packages::enable_install: {get_param: EnablePackageInstall} step_config: | include ::tripleo::packages + upgrade_tasks: + - name: Update all packages + tags: step3 + yum: name=* state=latest diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml new file mode 100644 index 00000000..77240c3c --- /dev/null +++ b/puppet/services/zaqar.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Zaqar service. Shared for all Heat services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ZaqarPassword: + description: The password for Zaqar + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + service_name: zaqar + config_settings: + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + service_config_settings: + keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::zaqar diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml new file mode 100644 index 00000000..c67e10b3 --- /dev/null +++ b/puppet/upgrade_config.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade for via ansible by applying a step related tag' + +parameters: + UpgradeStepConfig: + type: json + description: Config (ansible yaml) that will be used to step through the deployment. + default: '' + + step: + type: string + description: Step number of the upgrade + +resources: + + AnsibleConfig: + type: OS::Heat::Value + properties: + value: + str_replace: + template: CONFIG + params: + CONFIG: + - hosts: localhost + connection: local + tasks: {get_param: UpgradeStepConfig} + + AnsibleUpgradeConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: ansible + options: + tags: + str_replace: + template: "stepSTEP" + params: + STEP: {get_param: step} + inputs: + - name: role + config: {get_attr: [AnsibleConfig, value]} + +outputs: + OS::stack_id: + description: The software config which runs ansible with tags + value: {get_resource: AnsibleUpgradeConfigImpl} + upgrade_config: + description: The configuration file used for upgrade + value: {get_attr: [AnsibleConfig, value]} diff --git a/requirements.txt b/requirements.txt index 4e46b891..9c4a708a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ pbr>=0.5.21,<1.0 +Jinja2>=2.8 # BSD License (3 clause) diff --git a/tools/process-templates.py b/tools/process-templates.py new file mode 100755 index 00000000..a15b00e2 --- /dev/null +++ b/tools/process-templates.py @@ -0,0 +1,125 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import jinja2 +import os +import sys +import yaml + + +def parse_opts(argv): + parser = argparse.ArgumentParser( + description='Configure host network interfaces using a JSON' + ' config file format.') + parser.add_argument('-p', '--base_path', metavar='BASE_PATH', + help="""base path of templates to process.""", + default='.') + parser.add_argument('-r', '--roles-data', metavar='ROLES_DATA', + help="""relative path to the roles_data.yaml file.""", + default='roles_data.yaml') + parser.add_argument('--safe', + action='store_true', + help="""Enable safe mode (do not overwrite files).""", + default=False) + opts = parser.parse_args(argv[1:]) + + return opts + + +def _j2_render_to_file(j2_template, j2_data, outfile_name=None, + overwrite=True): + yaml_f = outfile_name or j2_template.replace('.j2.yaml', '.yaml') + print('rendering j2 template to file: %s' % outfile_name) + + if not overwrite and os.path.exists(outfile_name): + print('ERROR: path already exists for file: %s' % outfile_name) + sys.exit(1) + + try: + # Render the j2 template + template = jinja2.Environment().from_string(j2_template) + r_template = template.render(**j2_data) + except jinja2.exceptions.TemplateError as ex: + error_msg = ("Error rendering template %s : %s" + % (yaml_f, six.text_type(ex))) + print(error_msg) + raise Exception(error_msg) + with open(outfile_name, 'w') as out_f: + out_f.write(r_template) + + +def process_templates(template_path, role_data_path, overwrite): + + with open(role_data_path) as role_data_file: + role_data = yaml.safe_load(role_data_file) + + j2_excludes_path = os.path.join(template_path, 'j2_excludes.yaml') + with open(j2_excludes_path) as role_data_file: + j2_excludes = yaml.safe_load(role_data_file) + + role_names = [r.get('name') for r in role_data] + r_map = {} + for r in role_data: + r_map[r.get('name')] = r + excl_templates = ['%s/%s' % (template_path, e) + for e in j2_excludes.get('name')] + + if os.path.isdir(template_path): + for subdir, dirs, files in os.walk(template_path): + for f in files: + file_path = os.path.join(subdir, f) + # We do two templating passes here: + # 1. *.role.j2.yaml - we template just the role name + # and create multiple files (one per role) + # 2. *.j2.yaml - we template with all roles_data, + # and create one file common to all roles + if f.endswith('.role.j2.yaml'): + print("jinja2 rendering role template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering roles %s" % "," + .join(role_names)) + for role in role_names: + j2_data = {'role': role} + # (dprince) For the undercloud installer we don't + # want to have heat check nova/glance API's + if r_map[role].get('disable_constraints', False): + j2_data['disable_constraints'] = True + out_f = "-".join( + [role.lower(), + os.path.basename(f).replace('.role.j2.yaml', + '.yaml')]) + out_f_path = os.path.join(subdir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path, overwrite) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): + print("jinja2 rendering normal template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + j2_data = {'roles': role_data} + out_f = file_path.replace('.j2.yaml', '.yaml') + _j2_render_to_file(template_data, j2_data, out_f, + overwrite) + + else: + print('Unexpected argument %s' % template_path) + +opts = parse_opts(sys.argv) + +role_data_path = os.path.join(opts.base_path, opts.roles_data) + +process_templates(opts.base_path, role_data_path, (not opts.safe)) @@ -11,4 +11,9 @@ deps = -r{toxinidir}/requirements.txt commands = {posargs} [testenv:pep8] -commands = python ./tools/yaml-validate.py . +commands = + python ./tools/process-templates.py + python ./tools/yaml-validate.py . + +[testenv:templates] +commands = python ./tools/process-templates.py |