aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/multinode-3nodes.yaml1
-rw-r--r--ci/environments/multinode.yaml7
-rw-r--r--ci/environments/multinode_major_upgrade.yaml8
-rw-r--r--ci/environments/scenario001-multinode.yaml1
-rw-r--r--ci/environments/scenario002-multinode.yaml1
-rw-r--r--ci/environments/scenario003-multinode.yaml1
-rw-r--r--ci/environments/scenario004-multinode.yaml1
-rw-r--r--deployed-server/deployed-server-roles-data.yaml1
-rwxr-xr-xdocker/docker-puppet.py63
-rw-r--r--docker/post.j2.yaml2
-rw-r--r--docker/services/README.rst8
-rw-r--r--docker/services/database/mongodb.yaml98
-rw-r--r--docker/services/database/mysql.yaml130
-rw-r--r--docker/services/glance-api.yaml96
-rw-r--r--docker/services/heat-api-cfn.yaml90
-rw-r--r--docker/services/heat-api.yaml90
-rw-r--r--docker/services/heat-engine.yaml92
-rw-r--r--docker/services/ironic-api.yaml99
-rw-r--r--docker/services/ironic-conductor.yaml111
-rw-r--r--docker/services/ironic-pxe.yaml131
-rw-r--r--docker/services/keystone.yaml153
-rw-r--r--docker/services/memcached.yaml69
-rw-r--r--docker/services/mistral-api.yaml115
-rw-r--r--docker/services/mistral-engine.yaml87
-rw-r--r--docker/services/mistral-executor.yaml91
-rw-r--r--docker/services/neutron-api.yaml105
-rw-r--r--docker/services/neutron-dhcp.yaml93
-rw-r--r--docker/services/neutron-plugin-ml2.yaml58
-rw-r--r--docker/services/nova-api.yaml134
-rw-r--r--docker/services/nova-compute.yaml1
-rw-r--r--docker/services/nova-conductor.yaml85
-rw-r--r--docker/services/nova-ironic.yaml88
-rw-r--r--docker/services/nova-metadata.yaml48
-rw-r--r--docker/services/nova-placement.yaml101
-rw-r--r--docker/services/nova-scheduler.yaml84
-rw-r--r--docker/services/rabbitmq.yaml119
-rw-r--r--docker/services/swift-proxy.yaml76
-rw-r--r--docker/services/swift-ringbuilder.yaml80
-rw-r--r--docker/services/swift-storage.yaml343
-rw-r--r--docker/services/zaqar.yaml99
-rw-r--r--environments/deployed-server-pacemaker-environment.yaml4
-rw-r--r--environments/docker.yaml30
-rw-r--r--environments/hyperconverged-ceph.yaml3
-rw-r--r--environments/low-memory-usage.yaml4
-rw-r--r--environments/net-bond-with-vlans-no-external.yaml4
-rw-r--r--environments/net-bond-with-vlans-v6.yaml6
-rw-r--r--environments/net-bond-with-vlans.yaml6
-rw-r--r--environments/net-single-nic-linux-bridge-with-vlans.yaml6
-rw-r--r--environments/net-single-nic-with-vlans-no-external.yaml4
-rw-r--r--environments/net-single-nic-with-vlans-v6.yaml6
-rw-r--r--environments/net-single-nic-with-vlans.yaml6
-rw-r--r--environments/network-environment.yaml2
-rw-r--r--firstboot/os-net-config-mappings.yaml51
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml9
-rw-r--r--puppet/puppet-steps.j218
-rw-r--r--puppet/services/README.rst17
-rw-r--r--puppet/services/aodh-base.yaml3
-rw-r--r--puppet/services/barbican-api.yaml3
-rw-r--r--puppet/services/ceilometer-base.yaml3
-rw-r--r--puppet/services/cinder-base.yaml3
-rw-r--r--puppet/services/congress.yaml11
-rw-r--r--puppet/services/database/mysql-client.yaml30
-rw-r--r--puppet/services/ec2-api.yaml3
-rw-r--r--puppet/services/glance-api.yaml3
-rw-r--r--puppet/services/gnocchi-base.yaml3
-rw-r--r--puppet/services/heat-api-cfn.yaml2
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/heat-engine.yaml5
-rw-r--r--puppet/services/ironic-base.yaml3
-rw-r--r--puppet/services/kernel.yaml1
-rw-r--r--puppet/services/keystone.yaml3
-rw-r--r--puppet/services/manila-base.yaml3
-rw-r--r--puppet/services/mistral-base.yaml3
-rw-r--r--puppet/services/neutron-api.yaml3
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml25
-rw-r--r--puppet/services/neutron-l3.yaml13
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml3
-rw-r--r--puppet/services/nova-api.yaml6
-rw-r--r--puppet/services/nova-base.yaml3
-rw-r--r--puppet/services/nova-placement.yaml4
-rw-r--r--puppet/services/octavia-api.yaml3
-rw-r--r--puppet/services/pacemaker.yaml2
-rw-r--r--puppet/services/panko-base.yaml3
-rw-r--r--puppet/services/sahara-base.yaml3
-rw-r--r--puppet/services/sahara-engine.yaml3
-rw-r--r--puppet/services/swift-proxy.yaml1
-rw-r--r--puppet/services/tacker.yaml10
-rw-r--r--releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml11
-rw-r--r--releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml9
-rw-r--r--roles_data.yaml5
-rwxr-xr-xtools/yaml-validate.py8
92 files changed, 3288 insertions, 149 deletions
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
index f35a0804..03065c6a 100644
--- a/ci/environments/multinode-3nodes.yaml
+++ b/ci/environments/multinode-3nodes.yaml
@@ -65,6 +65,7 @@
- OS::TripleO::Services::Core
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index 212f6a23..d89a4942 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -4,6 +4,8 @@ resource_registry:
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
@@ -15,6 +17,7 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
@@ -44,5 +47,9 @@ parameter_defaults:
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
SwiftCeilometerPipelineEnabled: False
Debug: True
diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml
index 4859c23a..af409835 100644
--- a/ci/environments/multinode_major_upgrade.yaml
+++ b/ci/environments/multinode_major_upgrade.yaml
@@ -28,6 +28,7 @@ parameter_defaults:
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
@@ -36,6 +37,13 @@ parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index 1300284e..e09ca705 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -19,6 +19,7 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index dfd534a8..3207d133 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -15,6 +15,7 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml
index 9c3c08ae..1dc8b13d 100644
--- a/ci/environments/scenario003-multinode.yaml
+++ b/ci/environments/scenario003-multinode.yaml
@@ -17,6 +17,7 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index bec1d6d6..dc05ab4e 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -38,6 +38,7 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml
index 9795a00f..04da5565 100644
--- a/deployed-server/deployed-server-roles-data.yaml
+++ b/deployed-server/deployed-server-roles-data.yaml
@@ -41,6 +41,7 @@
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index fe87ce7a..1bb8bc2b 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -23,6 +23,7 @@ import os
import subprocess
import sys
import tempfile
+import multiprocessing
# this is to match what we do in deployed-server
@@ -53,6 +54,8 @@ def rm_container(name):
print(cmd_stdout)
print(cmd_stderr)
+process_count = int(os.environ.get('PROCESS_COUNT',
+ multiprocessing.cpu_count()))
config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json')
print('docker-puppet')
@@ -106,34 +109,25 @@ for service in (json_data or []):
print('Service compilation completed.\n')
-for config_volume in configs:
-
- service = configs[config_volume]
- puppet_tags = service[1] or ''
- manifest = service[2] or ''
- config_image = service[3] or ''
- volumes = service[4] if len(service) > 4 else []
-
- if puppet_tags:
- puppet_tags = "file,file_line,concat,%s" % puppet_tags
- else:
- puppet_tags = "file,file_line,concat"
+def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)):
print('---------')
print('config_volume %s' % config_volume)
print('puppet_tags %s' % puppet_tags)
print('manifest %s' % manifest)
print('config_image %s' % config_image)
+ print('volumes %s' % volumes)
hostname = short_hostname()
+ sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume
- with open('/var/lib/docker-puppet/docker-puppet.sh', 'w') as script_file:
+ with open(sh_script, 'w') as script_file:
os.chmod(script_file.name, 0755)
script_file.write("""#!/bin/bash
set -ex
mkdir -p /etc/puppet
cp -a /tmp/puppet-etc/* /etc/puppet
rm -Rf /etc/puppet/ssl # not in use and causes permission errors
- echo '{"step": 6}' > /etc/puppet/hieradata/docker.json
+ echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json
TAGS=""
if [ -n "%(puppet_tags)s" ]; then
TAGS='--tags "%(puppet_tags)s"'
@@ -168,7 +162,8 @@ for config_volume in configs:
fi
""" % {'puppet_tags': puppet_tags, 'name': config_volume,
'hostname': hostname,
- 'no_archive': os.environ.get('NO_ARCHIVE', '')})
+ 'no_archive': os.environ.get('NO_ARCHIVE', ''),
+ 'step': os.environ.get('STEP', '6')})
with tempfile.NamedTemporaryFile() as tmp_man:
with open(tmp_man.name, 'w') as man_file:
@@ -186,12 +181,12 @@ for config_volume in configs:
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
- '--volume', '/var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:ro']
+ '--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes:
dcmd.extend(['--volume', volume])
- dcmd.extend(['--entrypoint', '/var/lib/docker-puppet/docker-puppet.sh'])
+ dcmd.extend(['--entrypoint', sh_script])
env = {}
if os.environ.get('NET_HOST', 'false') == 'true':
@@ -207,6 +202,34 @@ for config_volume in configs:
print(cmd_stderr)
if subproc.returncode != 0:
print('Failed running docker-puppet.py for %s' % config_volume)
- sys.exit(subproc.returncode)
- else:
- rm_container('docker-puppet-%s' % config_volume)
+ rm_container('docker-puppet-%s' % config_volume)
+ return subproc.returncode
+
+# Holds all the information for each process to consume.
+# Instead of starting them all linearly we run them using a process
+# pool. This creates a list of arguments for the above function
+# to consume.
+process_map = []
+
+for config_volume in configs:
+
+ service = configs[config_volume]
+ puppet_tags = service[1] or ''
+ manifest = service[2] or ''
+ config_image = service[3] or ''
+ volumes = service[4] if len(service) > 4 else []
+
+ if puppet_tags:
+ puppet_tags = "file,file_line,concat,%s" % puppet_tags
+ else:
+ puppet_tags = "file,file_line,concat"
+
+ process_map.append([config_volume, puppet_tags, manifest, config_image, volumes])
+
+for p in process_map:
+ print '--\n%s' % p
+
+# Fire off processes to perform each configuration. Defaults
+# to the number of CPUs on the system.
+p = multiprocessing.Pool(process_count)
+p.map(mp_puppet_config, process_map)
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 3473f4ca..e1154a62 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -68,6 +68,7 @@ resources:
- name: CONFIG
- name: NET_HOST
- name: NO_ARCHIVE
+ - name: STEP
{{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
type: OS::Heat::SoftwareDeployment
@@ -85,6 +86,7 @@ resources:
CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
NET_HOST: 'true'
NO_ARCHIVE: 'true'
+ STEP: {{step}}
{% endfor %}
# END primary_role_name docker-puppet-tasks
diff --git a/docker/services/README.rst b/docker/services/README.rst
index c054e8c0..881a2a37 100644
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -19,8 +19,11 @@ Building Kolla Images
TripleO currently relies on Kolla docker containers. Kolla supports container
customization and we are making use of this feature within TripleO to inject
-puppet (our configuration tool of choice) into the Kolla base images. To
-build Kolla images for TripleO adjust your kolla config to build your
+puppet (our configuration tool of choice) into the Kolla base images. The
+undercloud nova-scheduler also requires openstack-tripleo-common to
+provide custom filters.
+
+To build Kolla images for TripleO adjust your kolla config to build your
centos base image with puppet using the example below:
.. code-block::
@@ -28,6 +31,7 @@ centos base image with puppet using the example below:
$ cat template-overrides.j2
{% extends parent_template %}
{% set base_centos_binary_packages_append = ['puppet'] %}
+{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %}
kolla-build --base centos --template-override template-overrides.j2
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
new file mode 100644
index 00000000..cc28846a
--- /dev/null
+++ b/docker/services/database/mongodb.yaml
@@ -0,0 +1,98 @@
+heat_template_version: ocata
+
+description: >
+ MongoDB service deployment using puppet and docker
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMongodbImage:
+ description: image
+ default: 'centos-binary-mongodb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MongodbPuppetBase:
+ type: ../../../puppet/services/database/mongodb.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Containerized service Mongodb using composable services.
+ value:
+ service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MongodbPuppetBase, role_data, config_settings]
+ - mongodb::server::fork: false
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [MongodbPuppetBase, role_data, step_config]}
+ upgrade_tasks: {get_attr: [MongodbPuppetBase, role_data, upgrade_tasks]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &mongodb_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
+ puppet_tags: file # set this even though file is the default
+ config_volume: mongodb
+ config_image: *mongodb_image
+ kolla_config:
+ /var/lib/kolla/config_files/mongodb.json:
+ command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
+ config_files:
+ - dest: /etc/mongod.conf
+ source: /var/lib/kolla/config_files/src/etc/mongod.conf
+ owner: mongodb
+ perm: '0600'
+ - dest: /etc/mongos.conf
+ source: /var/lib/kolla/config_files/src/etc/mongos.conf
+ owner: mongodb
+ perm: '0600'
+ docker_config:
+ step_2:
+ mongodb:
+ image: *mongodb_image
+ net: host
+ privileged: false
+ volumes: &mongodb_volumes
+ - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log/kolla
+ - mongodb:/var/lib/mongodb/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ docker_puppet_tasks:
+ # MySQL database initialization occurs only on single node
+ step_2:
+ - 'mongodb_init_tasks'
+ - 'mongodb_database,mongodb_user,mongodb_replset'
+ - 'include ::tripleo::profile::base::database::mongodb'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
+ - - "mongodb:/var/lib/mongodb"
+ - "logs:/var/log/kolla:ro"
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
new file mode 100644
index 00000000..2ef068d2
--- /dev/null
+++ b/docker/services/database/mysql.yaml
@@ -0,0 +1,130 @@
+heat_template_version: ocata
+
+description: >
+ MySQL service deployment using puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+
+resources:
+
+ MysqlPuppetBase:
+ type: ../../../puppet/services/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Containerized service MySQL using composable services.
+ value:
+ service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ # Set PID file to what kolla mariadb bootstrap script expects
+ - tripleo::profile::base::database::mysql::mysql_server_options:
+ mysqld:
+ pid-file: /var/lib/mysql/mariadb.pid
+ mysqld_safe:
+ pid-file: /var/lib/mysql/mariadb.pid
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [MysqlPuppetBase, role_data, step_config]}
+ upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &mysql_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ puppet_tags: file # set this even though file is the default
+ config_volume: mysql
+ config_image: *mysql_image
+ kolla_config:
+ /var/lib/kolla/config_files/mysql.json:
+ command: /usr/bin/mysqld_safe
+ config_files:
+ - dest: /etc/mysql/my.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/my.cnf.d/galera.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+ owner: mysql
+ perm: '0644'
+ docker_config:
+ step_2:
+ mysql_bootstrap:
+ start_order: 0
+ detach: false
+ image: *mysql_image
+ net: host
+ volumes: &mysql_volumes
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/hosts:/etc/hosts:ro
+ - mariadb:/var/lib/mysql/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ # NOTE(mandre) skip wsrep cluster status check
+ - KOLLA_KUBERNETES=True
+ -
+ list_join:
+ - '='
+ - - 'DB_ROOT_PASSWORD'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql:
+ start_order: 1
+ image: *mysql_image
+ restart: always
+ net: host
+ volumes: *mysql_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ docker_puppet_tasks:
+ # MySQL database initialization occurs only on single node
+ step_2:
+ - 'mysql_init_tasks'
+ - 'mysql_database,mysql_grant,mysql_user'
+ - 'include ::tripleo::profile::base::database::mysql'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ - - "mariadb:/var/lib/mysql/:ro"
+ - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
new file mode 100644
index 00000000..b8ab9622
--- /dev/null
+++ b/docker/services/glance-api.yaml
@@ -0,0 +1,96 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Glance service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerGlanceApiImage:
+ description: image
+ default: 'centos-binary-glance-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ GlanceApiPuppetBase:
+ type: ../../puppet/services/glance-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Glance API role.
+ value:
+ service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceApiPuppetBase, role_data, config_settings]
+ - glance::api::sync_db: false
+ step_config: {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
+ service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &glance_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
+ puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
+ config_volume: glance_api
+ config_image: *glance_image
+ kolla_config:
+ /var/lib/kolla/config_files/glance-api.json:
+ command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
+ config_files:
+ - dest: /etc/glance/glance-api.conf
+ owner: glance
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf
+ - dest: /etc/glance/glance-swift.conf
+ owner: glance
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf
+ docker_config:
+ step_3:
+ glance_api_db_sync:
+ image: *glance_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &glance_volumes
+ - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro
+ - /run:/run
+ - /dev:/dev
+ - /etc/hosts:/etc/hosts:ro
+ environment:
+ - KOLLA_BOOTSTRAP=True
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_4:
+ glance_api:
+ image: *glance_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *glance_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
new file mode 100644
index 00000000..93632166
--- /dev/null
+++ b/docker/services/heat-api-cfn.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat API CFN service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatApiCfnImage:
+ description: image
+ default: 'centos-binary-heat-api-cfn:latest'
+ type: string
+ # we configure all heat services in the same heat engine container
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-api-cfn.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat API CFN role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_api_cfn_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/heat_api_cfn.json:
+ command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_4:
+ heat_api_cfn:
+ image: *heat_api_cfn_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
new file mode 100644
index 00000000..2efabb61
--- /dev/null
+++ b/docker/services/heat-api.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatApiImage:
+ description: image
+ default: 'centos-binary-heat-api:latest'
+ type: string
+ # we configure all heat services in the same heat engine container
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat API role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/heat_api.json:
+ command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_4:
+ heat_api:
+ image: *heat_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
new file mode 100644
index 00000000..db8c2be5
--- /dev/null
+++ b/docker/services/heat-engine.yaml
@@ -0,0 +1,92 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat Engine service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat Engine role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image: *heat_engine_image
+ kolla_config:
+ /var/lib/kolla/config_files/heat_engine.json:
+ command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_3:
+ heat_engine_db_sync:
+ image: *heat_engine_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/heat/etc/heat:/etc/heat:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['heat-manage', 'db_sync']
+ step_4:
+ heat_engine:
+ image: *heat_engine_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
new file mode 100644
index 00000000..80120568
--- /dev/null
+++ b/docker/services/ironic-api.yaml
@@ -0,0 +1,99 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicApiImage:
+ description: image
+ default: 'centos-binary-ironic-api:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ IronicApiBase:
+ type: ../../puppet/services/ironic-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic API role.
+ value:
+ service_name: {get_attr: [IronicApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicApiBase, role_data, config_settings]
+ step_config: {get_attr: [IronicApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_api.json:
+ command: /usr/bin/ironic-api
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ docker_config:
+ step_3:
+ ironic_db_sync:
+ image: *ironic_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+ step_4:
+ ironic_api:
+ start_order: 10
+ image: *ironic_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml
new file mode 100644
index 00000000..945ef3fc
--- /dev/null
+++ b/docker/services/ironic-conductor.yaml
@@ -0,0 +1,111 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic Conductor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicConductorImage:
+ description: image
+ default: 'centos-binary-ironic-conductor:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ IronicConductorBase:
+ type: ../../puppet/services/ironic-conductor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic Conductor role.
+ value:
+ service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicConductorBase, role_data, config_settings]
+ # to avoid hard linking errors we store these on the same
+ # volume/device as the ironic master_path
+ - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
+ - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
+ - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
+ - ironic::pxe::http_root: /var/lib/ironic/httpboot
+ - ironic::conductor::http_root: /var/lib/ironic/httpboot
+ step_config: {get_attr: [IronicConductorBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_conductor.json:
+ command: /usr/bin/ironic-conductor
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ permissions:
+ - path: /var/lib/ironic/httpboot
+ owner: ironic:ironic
+ recurse: true
+ - path: /var/lib/ironic/tftpboot
+ owner: ironic:ironic
+ recurse: true
+ docker_config:
+ step_4:
+ ironic-init-dirs:
+ image: *ironic_image
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot']
+ volumes:
+ - ironic:/var/lib/ironic
+ ironic_conductor:
+ start_order: 80
+ image: *ironic_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - /sys:/sys
+ - /dev:/dev
+ - /run:/run #shared?
+ - ironic:/var/lib/ironic
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
new file mode 100644
index 00000000..bc7b4677
--- /dev/null
+++ b/docker/services/ironic-pxe.yaml
@@ -0,0 +1,131 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic PXE service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicPxeImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Ironic PXE role.
+ value:
+ service_name: ironic_pxe
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_pxe_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_pxe_http.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ /var/lib/kolla/config_files/ironic_pxe_tftp.json:
+ command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ - dest: /var/lib/ironic/tftpboot/chain.c32
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32
+ - dest: /var/lib/ironic/tftpboot/pxelinux.0
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0
+ - dest: /var/lib/ironic/tftpboot/ipxe.efi
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi
+ - dest: /var/lib/ironic/tftpboot/undionly.kpxe
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe
+ - dest: /var/lib/ironic/tftpboot/map-file
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file
+ docker_config:
+ step_4:
+ ironic_pxe_tftp:
+ start_order: 90
+ image: *ironic_pxe_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/log:/dev/log
+ - ironic:/var/lib/ironic/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ironic_pxe_http:
+ start_order: 91
+ image: *ironic_pxe_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - ironic:/var/lib/ironic/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
new file mode 100644
index 00000000..2bf8fa09
--- /dev/null
+++ b/docker/services/keystone.yaml
@@ -0,0 +1,153 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Keystone service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerKeystoneImage:
+ description: image
+ default: 'centos-binary-keystone:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+
+resources:
+
+ KeystoneBase:
+ type: ../../puppet/services/keystone.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Keystone API role.
+ value:
+ service_name: {get_attr: [KeystoneBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [KeystoneBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [KeystoneBase, role_data, step_config]}
+ service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &keystone_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+ puppet_tags: keystone_config
+ config_volume: keystone
+ config_image: *keystone_image
+ kolla_config:
+ /var/lib/kolla/config_files/keystone.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/keystone/keystone.conf
+ owner: keystone
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf
+ - dest: /etc/keystone/credential-keys/0
+ owner: keystone
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0
+ - dest: /etc/keystone/credential-keys/1
+ owner: keystone
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
+ - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf
+ - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ - dest: /var/www/cgi-bin/keystone/keystone-admin
+ owner: keystone
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin
+ - dest: /var/www/cgi-bin/keystone/keystone-public
+ owner: keystone
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public
+ docker_config:
+ step_3:
+ keystone-init-log:
+ start_order: 0
+ image: *keystone_image
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /var/log/httpd && mkdir /var/log/keystone && chown keystone:keystone /var/log/keystone']
+ volumes:
+ - logs:/var/log
+ keystone_db_sync:
+ start_order: 1
+ image: *keystone_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &keystone_volumes
+ - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ environment:
+ - KOLLA_BOOTSTRAP=True
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ keystone:
+ start_order: 1
+ image: *keystone_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *keystone_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ keystone_bootstrap:
+ start_order: 2
+ action: exec
+ command:
+ [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ docker_puppet_tasks:
+ # Keystone endpoint creation occurs only on single node
+ step_3:
+ - 'keystone_init_tasks'
+ - 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
+ - 'include ::tripleo::profile::base::keystone'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
new file mode 100644
index 00000000..d459c825
--- /dev/null
+++ b/docker/services/memcached.yaml
@@ -0,0 +1,69 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Memcached services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMemcachedImage:
+ description: image
+ default: 'centos-binary-memcached:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MemcachedBase:
+ type: ../../puppet/services/memcached.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Memcached API role.
+ value:
+ service_name: {get_attr: [MemcachedBase, role_data, service_name]}
+ config_settings: {get_attr: [MemcachedBase, role_data, config_settings]}
+ step_config: {get_attr: [MemcachedBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &memcached_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ]
+ puppet_tags: 'file'
+ config_volume: 'memcached'
+ config_image: *memcached_image
+ kolla_config: {}
+ docker_config:
+ step_1:
+ memcached:
+ image: *memcached_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
new file mode 100644
index 00000000..e535a817
--- /dev/null
+++ b/docker/services/mistral-api.yaml
@@ -0,0 +1,115 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralApiImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MistralApiBase:
+ type: ../../puppet/services/mistral-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral API role.
+ value:
+ service_name: {get_attr: [MistralApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralApiBase, role_data, config_settings]
+ step_config: {get_attr: [MistralApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_api.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_3:
+ mistral_db_sync:
+ start_order: 1
+ image: *mistral_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+ mistral_db_populate:
+ start_order: 2
+ image: *mistral_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ # NOTE: dprince this requires that we install openstack-tripleo-common into
+ # the Mistral API image so that we get tripleo* actions
+ command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+ step_4:
+ mistral_api:
+ start_order: 15
+ image: *mistral_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml
new file mode 100644
index 00000000..be4c8af7
--- /dev/null
+++ b/docker/services/mistral-engine.yaml
@@ -0,0 +1,87 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral Engine service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralEngineImage:
+ description: image
+ default: 'centos-binary-mistral-engine:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ MistralBase:
+ type: ../../puppet/services/mistral-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Engine role.
+ value:
+ service_name: {get_attr: [MistralBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralBase, role_data, config_settings]
+ step_config: {get_attr: [MistralBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_engine.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_4:
+ mistral_engine:
+ image: *mistral_engine_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
new file mode 100644
index 00000000..33608a42
--- /dev/null
+++ b/docker/services/mistral-executor.yaml
@@ -0,0 +1,91 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral Executor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralExecutorImage:
+ description: image
+ default: 'centos-binary-mistral-executor:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ MistralBase:
+ type: ../../puppet/services/mistral-executor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Executor role.
+ value:
+ service_name: {get_attr: [MistralBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralBase, role_data, config_settings]
+ step_config: {get_attr: [MistralBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_executor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_executor.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_4:
+ mistral_executor:
+ image: *mistral_executor_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ # FIXME: this is required in order for Nova cells
+ # initialization workflows on the Undercloud. Need to
+ # exclude this on the overcloud for security reasons.
+ - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
new file mode 100644
index 00000000..dfd1d5c0
--- /dev/null
+++ b/docker/services/neutron-api.yaml
@@ -0,0 +1,105 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronApiImage:
+ description: image
+ default: 'centos-binary-neutron-server:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron API role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &neutron_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
+ puppet_tags: neutron_config,neutron_api_config
+ config_volume: neutron
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron_api.json:
+ command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
+ - dest: /etc/neutron/plugin.ini
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini
+ docker_config:
+ step_3:
+ neutron_db_sync:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ detach: false
+ # FIXME: we should make config file permissions right
+ # and run as neutron user
+ user: root
+ volumes:
+ - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
+ - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['neutron-db-manage', 'upgrade', 'heads']
+ step_4:
+ neutron_api:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
new file mode 100644
index 00000000..fc13b3d1
--- /dev/null
+++ b/docker/services/neutron-dhcp.yaml
@@ -0,0 +1,93 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron DHCP service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronApiImage:
+ description: image
+ default: 'centos-binary-neutron-dhcp-agent:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-dhcp.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &neutron_dhcp_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
+ puppet_tags: neutron_config,neutron_dhcp_agent_config
+ config_volume: neutron
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron_dhcp.json:
+ command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
+ - dest: /etc/neutron/dhcp_agent.ini
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini
+ docker_config:
+ step_4:
+ neutron_dhcp:
+ image: *neutron_dhcp_image
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/:/run
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml
new file mode 100644
index 00000000..37ab8db2
--- /dev/null
+++ b/docker/services/neutron-plugin-ml2.yaml
@@ -0,0 +1,58 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron ML2 Plugin configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-plugin-ml2.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2 Plugin role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &docker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ puppet_tags: ''
+ config_volume: 'neutron'
+ config_image: *docker_image
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
new file mode 100644
index 00000000..26ae514a
--- /dev/null
+++ b/docker/services/nova-api.yaml
@@ -0,0 +1,134 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaApiImage:
+ description: image
+ default: 'centos-binary-nova-api:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaApiBase:
+ type: ../../puppet/services/nova-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova API role.
+ value:
+ service_name: {get_attr: [NovaApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaApiBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [NovaApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_api.json:
+ command: /usr/bin/nova-api
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_3:
+ nova_api_db_sync:
+ start_order: 1
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: &nova_api_volumes
+ - /var/lib/config-data/nova/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+ # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
+ # to be capable of upgrading a baremetal setup. This is to ensure the name
+ # of the cell is 'default'
+ nova_api_map_cell0:
+ start_order: 2
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ command:
+ - '/usr/bin/nova-manage'
+ - 'cell_v2'
+ - 'map_cell0'
+ nova_api_create_default_cell:
+ start_order: 3
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ # NOTE: allowing the exit code 2 is a dirty way of making
+ # this idempotent (if the resource already exists a conflict
+ # is raised)
+ exit_codes: [0,2]
+ command:
+ - '/usr/bin/nova-manage'
+ - 'cell_v2'
+ - 'create_cell'
+ - '--name="default"'
+ nova_db_sync:
+ start_order: 4
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ command: ['/usr/bin/nova-manage', 'db', 'sync']
+ step_4:
+ nova_api:
+ start_order: 2
+ image: *nova_api_image
+ net: host
+ user: nova
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 8eebc397..570df95f 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -64,6 +64,7 @@ outputs:
perm: '0600'
source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
docker_config:
+ # FIXME: run discover hosts here
step_4:
novacompute:
image: *nova_compute_image
diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
new file mode 100644
index 00000000..aa009b4f
--- /dev/null
+++ b/docker/services/nova-conductor.yaml
@@ -0,0 +1,85 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Conductor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaConductorImage:
+ description: image
+ default: 'centos-binary-nova-conductor:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ NovaConductorBase:
+ type: ../../puppet/services/nova-conductor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Conductor service.
+ value:
+ service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaConductorBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_conductor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_conductor.json:
+ command: /usr/bin/nova-conductor
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_4:
+ nova_conductor:
+ image: *nova_conductor_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
new file mode 100644
index 00000000..c1858ded
--- /dev/null
+++ b/docker/services/nova-ironic.yaml
@@ -0,0 +1,88 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Ironic Compute service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaComputeImage:
+ description: image
+ default: 'centos-binary-nova-compute-ironic:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+
+ NovaIronicBase:
+ type: ../../puppet/services/nova-ironic.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service.
+ value:
+ service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaIronicBase, role_data, step_config]}
+ puppet_tags: nova_config,nova_paste_api_ini
+ docker_image: &nova_ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_ironic.json:
+ command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ - dest: /etc/nova/rootwrap.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
+ docker_config:
+ step_5:
+ novacompute:
+ image: *nova_ironic_image
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - nova_compute:/var/lib/nova/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml
new file mode 100644
index 00000000..a4baaa27
--- /dev/null
+++ b/docker/services/nova-metadata.yaml
@@ -0,0 +1,48 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Metadata service
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ NovaMetadataBase:
+ type: ../../puppet/services/nova-metadata.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Metadata service.
+ value:
+ service_name: {get_attr: [NovaMetadataBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaMetadataBase, role_data, config_settings]
+ step_config: {get_attr: [NovaMetadataBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: ''
+ puppet_tags: ''
+ config_volume: ''
+ config_image: ''
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
new file mode 100644
index 00000000..f0f7d724
--- /dev/null
+++ b/docker/services/nova-placement.yaml
@@ -0,0 +1,101 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Placement API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaPlacementImage:
+ description: image
+ default: 'centos-binary-nova-placement-api'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaPlacementBase:
+ type: ../../puppet/services/nova-placement.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Placement API role.
+ value:
+ service_name: {get_attr: [NovaPlacementBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaPlacementBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [NovaPlacementBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_placement_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
+ puppet_tags: nova_config
+ config_volume: nova_placement
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_placement.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ - dest: /etc/httpd/conf.d/10-placement_wsgi.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ - dest: /var/www/cgi-bin/nova/nova-placement-api
+ owner: nova
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api
+ docker_config:
+ # start this early so it is up before computes start reporting
+ step_3:
+ nova_placement:
+ start_order: 1
+ image: *nova_placement_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
new file mode 100644
index 00000000..a1a98b48
--- /dev/null
+++ b/docker/services/nova-scheduler.yaml
@@ -0,0 +1,84 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Scheduler service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaSchedulerImage:
+ description: image
+ default: 'centos-binary-nova-scheduler:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaSchedulerBase:
+ type: ../../puppet/services/nova-scheduler.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Scheduler service.
+ value:
+ service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaSchedulerBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_scheduler_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_scheduler.json:
+ command: /usr/bin/nova-scheduler
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_4:
+ nova_scheduler:
+ image: *nova_scheduler_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
new file mode 100644
index 00000000..cea3d8a7
--- /dev/null
+++ b/docker/services/rabbitmq.yaml
@@ -0,0 +1,119 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Rabbitmq service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRabbitmqImage:
+ description: image
+ default: 'centos-binary-rabbitmq:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+
+resources:
+
+ RabbitmqBase:
+ type: ../../puppet/services/rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Rabbitmq API role.
+ value:
+ service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+ config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]}
+ step_config: {get_attr: [RabbitmqBase, role_data, step_config]}
+ service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
+ puppet_tags: file
+ config_volume: rabbitmq
+ config_image: *rabbitmq_image
+ kolla_config:
+ /var/lib/kolla/config_files/rabbitmq.json:
+ command: /usr/lib/rabbitmq/bin/rabbitmq-server
+ config_files:
+ - dest: /etc/rabbitmq/rabbitmq.config
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config
+ - dest: /etc/rabbitmq/enabled_plugins
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins
+ - dest: /etc/rabbitmq/rabbitmq-env.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf
+ - dest: /etc/rabbitmq/rabbitmqadmin.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf
+ docker_config:
+ step_1:
+ rabbitmq_bootstrap:
+ start_order: 0
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - rabbitmq:/var/lib/rabbitmq/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ -
+ list_join:
+ - '='
+ - - 'RABBITMQ_CLUSTER_COOKIE'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ rabbitmq:
+ start_order: 1
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - rabbitmq:/var/lib/rabbitmq/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
new file mode 100644
index 00000000..09553319
--- /dev/null
+++ b/docker/services/swift-proxy.yaml
@@ -0,0 +1,76 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized swift proxy service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ SwiftProxyBase:
+ type: ../../puppet/services/swift-proxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the swift proxy.
+ value:
+ service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftProxyBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &swift_proxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ puppet_tags: swift_proxy_config
+ config_volume: swift
+ config_image: *swift_proxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/swift_proxy.json:
+ command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
+ docker_config:
+ step_4:
+ swift_proxy:
+ image: *swift_proxy_image
+ net: host
+ user: swift
+ restart: always
+ # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime?
+ volumes:
+ - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
new file mode 100644
index 00000000..de91e7cf
--- /dev/null
+++ b/docker/services/swift-ringbuilder.yaml
@@ -0,0 +1,80 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Swift Ringbuilder
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftMinPartHours:
+ type: number
+ default: 1
+ description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
+ SwiftPartPower:
+ default: 10
+ description: Partition Power to use when building Swift rings
+ type: number
+ SwiftRingBuild:
+ default: true
+ description: Whether to manage Swift rings or not
+ type: boolean
+ SwiftReplicas:
+ type: number
+ default: 3
+ description: How many replicas to use in the swift rings.
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+ SwiftUseLocalDir:
+ default: true
+ description: 'Use a local directory for Swift storage services when building rings'
+ type: boolean
+
+resources:
+
+ SwiftRingbuilderBase:
+ type: ../../puppet/services/swift-ringbuilder.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for Swift Ringbuilder configuration in containers.
+ value:
+ service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftRingbuilderBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
+ puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+ # BEGIN DOCKER SETTINGS
+ docker_image: &docker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ config_volume: 'swift'
+ config_image: *docker_image
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
new file mode 100644
index 00000000..5b2ec6e6
--- /dev/null
+++ b/docker/services/swift-storage.yaml
@@ -0,0 +1,343 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Swift Storage services.
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ DockerSwiftAccountImage:
+ description: image
+ default: 'centos-binary-swift-account:latest'
+ type: string
+ DockerSwiftContainerImage:
+ description: image
+ default: 'centos-binary-swift-container:latest'
+ type: string
+ DockerSwiftObjectImage:
+ description: image
+ default: 'centos-binary-swift-object:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+
+resources:
+
+ SwiftStorageBase:
+ type: ../../puppet/services/swift-storage.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the swift storage services.
+ value:
+ service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftStorageBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &swift_proxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config
+ config_volume: swift
+ config_image: *swift_proxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/swift_account_auditor.json:
+ command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_reaper.json:
+ command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_replicator.json:
+ command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_server.json:
+ command: /usr/bin/swift-account-server /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_container_auditor.json:
+ command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_replicator.json:
+ command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_updater.json:
+ command: /usr/bin/swift-container-updater /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_server.json:
+ command: /usr/bin/swift-container-server /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_object_auditor.json:
+ command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_expirer.json:
+ command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf
+ /var/lib/kolla/config_files/swift_object_replicator.json:
+ command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_updater.json:
+ command: /usr/bin/swift-object-updater /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_server.json:
+ command: /usr/bin/swift-object-server /etc/swift/object-server.conf
+ docker_config:
+ step_3:
+ # The puppet config sets this up but we don't have a way to mount the named
+ # volume during the configuration stage. We just need to create this
+ # directory and make sure it's owned by swift.
+ swift_setup_srv:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node']
+ volumes:
+ - swift-srv:/srv
+ step_4:
+ swift_account_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: &kolla_env
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ swift_account_reaper:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_account_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_account_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_updater:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_expirer:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_updater:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
new file mode 100644
index 00000000..9f248ce1
--- /dev/null
+++ b/docker/services/zaqar.yaml
@@ -0,0 +1,99 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Zaqar services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerZaqarImage:
+ description: image
+ default: 'centos-binary-zaqar:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ZaqarBase:
+ type: ../../puppet/services/zaqar.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Zaqar API role.
+ value:
+ service_name: {get_attr: [ZaqarBase, role_data, service_name]}
+ config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
+ step_config: {get_attr: [ZaqarBase, role_data, step_config]}
+ service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &zaqar_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
+ puppet_tags: zaqar_config
+ config_volume: zaqar
+ config_image: *zaqar_image
+ kolla_config:
+ /var/lib/kolla/config_files/zaqar.json:
+ command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
+ config_files:
+ - dest: /etc/zaqar/zaqar.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
+ /var/lib/kolla/config_files/zaqar_websocket.json:
+ command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
+ config_files:
+ - dest: /etc/zaqar/zaqar.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
+ - dest: /etc/zaqar/1.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf
+ docker_config:
+ step_4:
+ zaqar:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ zaqar_websocket:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/environments/deployed-server-pacemaker-environment.yaml b/environments/deployed-server-pacemaker-environment.yaml
new file mode 100644
index 00000000..85fa7d2f
--- /dev/null
+++ b/environments/deployed-server-pacemaker-environment.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Tasks::ControllerDeployedServerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerDeployedServerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 37612b07..ca3715b4 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -5,6 +5,36 @@ resource_registry:
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+ OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
+ OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
+ OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
+ OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ # FIXME: these need to go into a environments/services-docker dir?
+ OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
+ OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
+ OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+ OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+ OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml
+ OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml
+ OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml
+ OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
+ OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
+ OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
+ OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
+ OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
+ OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::Services: ../docker/services/services.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 77fa5a49..3738072c 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -11,6 +11,7 @@ parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Kernel
@@ -25,4 +26,6 @@ parameter_defaults:
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::CephOSD
diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml
index 47b2003d..3a606336 100644
--- a/environments/low-memory-usage.yaml
+++ b/environments/low-memory-usage.yaml
@@ -11,8 +11,8 @@ parameter_defaults:
SwiftWorkers: 1
GnocchiMetricdWorkers: 1
- ApacheMaxRequestWorkers: 32
- ApacheServerLimit: 32
+ ApacheMaxRequestWorkers: 100
+ ApacheServerLimit: 100
ControllerExtraConfig:
'nova::network::neutron::neutron_url_timeout': '60'
diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml
index 75959a0b..cc27d4f0 100644
--- a/environments/net-bond-with-vlans-no-external.yaml
+++ b/environments/net-bond-with-vlans-no-external.yaml
@@ -20,7 +20,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-# NOTE: with no external interface we should be able to use the
-# default Neutron l3_agent.ini setting for the external bridge (br-ex)
-# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-bond-with-vlans-v6.yaml b/environments/net-bond-with-vlans-v6.yaml
index 73dda3d9..dc6fdfe3 100644
--- a/environments/net-bond-with-vlans-v6.yaml
+++ b/environments/net-bond-with-vlans-v6.yaml
@@ -12,9 +12,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-v6.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-bond-with-vlans.yaml b/environments/net-bond-with-vlans.yaml
index de8f8f74..38c31cac 100644
--- a/environments/net-bond-with-vlans.yaml
+++ b/environments/net-bond-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-linux-bridge-with-vlans.yaml b/environments/net-single-nic-linux-bridge-with-vlans.yaml
index fd80bb9b..f34cfb92 100644
--- a/environments/net-single-nic-linux-bridge-with-vlans.yaml
+++ b/environments/net-single-nic-linux-bridge-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml
index c7594b32..65d38137 100644
--- a/environments/net-single-nic-with-vlans-no-external.yaml
+++ b/environments/net-single-nic-with-vlans-no-external.yaml
@@ -19,7 +19,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-# NOTE: with no external interface we should be able to use the
-# default Neutron l3_agent.ini setting for the external bridge (br-ex)
-# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans-v6.yaml b/environments/net-single-nic-with-vlans-v6.yaml
index 8210bad3..966e5fe9 100644
--- a/environments/net-single-nic-with-vlans-v6.yaml
+++ b/environments/net-single-nic-with-vlans-v6.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-v6.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans.yaml b/environments/net-single-nic-with-vlans.yaml
index a61bc6e1..b087b3e4 100644
--- a/environments/net-single-nic-with-vlans.yaml
+++ b/environments/net-single-nic-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index 796eb806..210b6b03 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -48,8 +48,6 @@ parameter_defaults:
# ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Set to empty string to enable multiple external networks or VLANs
- NeutronExternalNetworkBridge: "''"
# List of Neutron network types for tenant networks (will be used in order)
NeutronNetworkType: 'vxlan,vlan'
# The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml
index d7e0c524..f82bc19f 100644
--- a/firstboot/os-net-config-mappings.yaml
+++ b/firstboot/os-net-config-mappings.yaml
@@ -9,8 +9,28 @@ description: >
nic1: "00:c8:7c:e6:f0:2e"
node2:
nic1: "00:18:7d:99:0c:b6"
- This will result in the first nodeN entry where a mac matches a
- local device being written as a mapping file for os-net-config in
+ node3:
+ dmiString: 'system-uuid'
+ id: 'A8C85861-1B16-4803-8689-AFC62984F8F6'
+ nic1: em3
+ # Dell PowerEdge
+ nodegroup1:
+ dmiString: "system-product-name"
+ id: "PowerEdge R630"
+ nic1: em3
+ nic2: em1
+ nic3: em2
+ # Cisco UCS B200-M4"
+ nodegroup2:
+ dmiString: "system-product-name"
+ id: "UCSB-B200-M4"
+ nic1: enp7s0
+ nic2: enp6s0
+
+ This will result in the first node* entry where either:
+ a) a mac matches a local device
+ or b) a DMI String matches the specified id
+ being written as a mapping file for os-net-config in
/etc/os-net-config/mapping.yaml
parameters:
@@ -47,15 +67,36 @@ resources:
echo '$node_lookup' | python -c "
import json
import sys
+ import copy
+ from subprocess import PIPE, Popen
import yaml
+
+ def write_mapping_file(interface_mapping):
+ with open('/etc/os-net-config/mapping.yaml', 'w') as f:
+ yaml.safe_dump(interface_mapping, f, default_flow_style=False)
+
input = sys.stdin.readline() or '{}'
data = json.loads(input)
for node in data:
+ interface_mapping = {'interface_mapping':
+ copy.deepcopy(data[node])}
+ if 'dmiString' in interface_mapping['interface_mapping']:
+ del interface_mapping['interface_mapping']['dmiString']
+ if 'id' in interface_mapping['interface_mapping']:
+ del interface_mapping['interface_mapping']['id']
+ # Match on mac addresses first
if any(x in '$eth_addr'.split(',') for x in data[node].values()):
- interface_mapping = {'interface_mapping': data[node]}
- with open('/etc/os-net-config/mapping.yaml', 'w') as f:
- yaml.safe_dump(interface_mapping, f, default_flow_style=False)
+ write_mapping_file(interface_mapping)
break
+ # If data contain dmiString and id keys, try to match node(group)
+ if 'dmiString' in data[node] and 'id' in data[node]:
+ ps = Popen([ 'dmidecode',
+ '--string', data[node].get('dmiString') ],
+ stdout=PIPE)
+ out, err = ps.communicate()
+ if data[node].get('id') == out.rstrip():
+ write_mapping_file(interface_mapping)
+ break
"
params:
$node_lookup: {get_param: NetConfigDataLookup}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 9a8de34a..1360d0be 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -69,8 +69,10 @@ resource_registry:
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
- OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None
- OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None
+{% for role in roles %}
+ OS::TripleO::Tasks::{{role.name}}PrePuppet: OS::Heat::None
+ OS::TripleO::Tasks::{{role.name}}PostPuppet: OS::Heat::None
+{% endfor %}
# "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
# phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
@@ -221,7 +223,7 @@ resource_registry:
OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml
OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml
- OS::TripleO::Services::PankoApi: OS::Heat::None
+ OS::TripleO::Services::PankoApi: puppet/services/panko-api.yaml
OS::TripleO::Services::MistralEngine: OS::Heat::None
OS::TripleO::Services::MistralApi: OS::Heat::None
OS::TripleO::Services::MistralExecutor: OS::Heat::None
@@ -245,6 +247,7 @@ resource_registry:
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
+ OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
parameter_defaults:
EnablePackageInstall: false
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
index b517db6e..581c4f0d 100644
--- a/puppet/puppet-steps.j2
+++ b/puppet/puppet-steps.j2
@@ -23,14 +23,12 @@
properties:
StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]}
- {% if role.name == 'Controller' %}
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
+ {{role.name}}PrePuppet:
+ type: OS::TripleO::Tasks::{{role.name}}PrePuppet
properties:
- servers: {get_param: [servers, Controller]}
+ servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
- {% endif %}
{% if role.name in ['Controller', 'ObjectStorage'] %}
{{role.name}}SwiftRingDeploy:
@@ -82,16 +80,14 @@
properties:
servers: {get_param: [servers, {{role.name}}]}
- {% if role.name == 'Controller' %}
- ControllerPostPuppet:
+ {{role.name}}PostPuppet:
depends_on:
- - ControllerExtraConfigPost
- type: OS::TripleO::Tasks::ControllerPostPuppet
+ - {{role.name}}ExtraConfigPost
+ type: OS::TripleO::Tasks::{{role.name}}PostPuppet
properties:
- servers: {get_param: [servers, Controller]}
+ servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
- {% endif %}
{% if role.name in ['Controller', 'ObjectStorage'] %}
{{role.name}}SwiftRingUpdate:
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 9c2d8c5c..e5c11535 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -19,8 +19,21 @@ environment to set per service parameters.
Config Settings
---------------
-Each service may define a config_settings output variable which returns
-Hiera settings to be configured.
+Each service may define three ways in which to output variables to configure Hiera
+settings on the nodes.
+
+ * config_settings: the hiera keys will be pushed on all roles of which the service
+ is a part of.
+
+ * global_config_settings: the hiera keys will be distributed to all roles
+
+ * service_config_settings: Takes an extra key to wire in values that are
+ defined for a service that need to be consumed by some other service.
+ For example:
+ service_config_settings:
+ haproxy:
+ foo: bar
+ This will set the hiera key 'foo' on all roles where haproxy is included.
Deployment Steps
----------------
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index f5ca329e..c2c2d023 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -69,8 +69,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/aodh'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
aodh::debug: {get_param: Debug}
aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::rabbit_userid: {get_param: RabbitUserName}
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 239b6ca9..ffc4c83a 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -105,8 +105,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/barbican'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
tripleo.barbican_api.firewall_rules:
'117 barbican':
dport:
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 5658e416..874c6893 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -93,8 +93,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ceilometer'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
ceilometer_backend: {get_param: CeilometerBackend}
# we include db_sync class in puppet-tripleo
ceilometer::db::sync_db: false
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index a5d7fcf1..88e7edb7 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -100,8 +100,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/cinder'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
cinder::debug: {get_param: Debug}
cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
cinder::rabbit_userid: {get_param: RabbitUserName}
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index 1b82f55c..6855a838 100644
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -64,8 +64,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/congress'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
congress::keystone::auth::tenant: 'service'
congress::keystone::auth::password: {get_param: CongressPassword}
congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
@@ -88,3 +87,11 @@ outputs:
step_config: |
include ::tripleo::profile::base::congress
+
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running"
+ shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop congress service
+ tags: step2
+ service: name=openstack-congress-server state=stopped
diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml
new file mode 100644
index 00000000..1415391c
--- /dev/null
+++ b/puppet/services/database/mysql-client.yaml
@@ -0,0 +1,30 @@
+heat_template_version: ocata
+
+description: >
+ Mysql client settings
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role for setting mysql client parameters
+ value:
+ service_name: mysql_client
+ config_settings:
+ tripleo::profile::base:database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::database::mysql::client
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
index 002342b6..bb10140e 100644
--- a/puppet/services/ec2-api.yaml
+++ b/puppet/services/ec2-api.yaml
@@ -90,8 +90,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ec2_api'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
-
if:
- nova_workers_zero
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index c4f97d54..d26d96aa 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -91,8 +91,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 8fddae4b..c6310056 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -67,8 +67,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
gnocchi::db::sync::extra_opts: '--skip-storage'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 7bd2fcf1..3ae4cc70 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cfn service
tags: step2
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 0954ad19..56183535 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -68,7 +68,7 @@ outputs:
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cloudwatch service
tags: step2
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index ae656b1e..38c5b479 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api service
tags: step2
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index e85b7537..7787d0a7 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -111,8 +111,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::engine::auth_encryption_key:
@@ -139,7 +138,7 @@ outputs:
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_engine service
tags: step2
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index ad7ef6ea..d186b047 100644
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -60,8 +60,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ironic'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
ironic::debug: {get_param: Debug}
ironic::rabbit_userid: {get_param: RabbitUserName}
ironic::rabbit_password: {get_param: RabbitPassword}
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 29157959..fec455d1 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -31,6 +31,7 @@ outputs:
config_settings:
kernel_modules:
nf_conntrack: {}
+ ip_conntrack_proto_sctp: {}
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index b2374ec4..9c4cc60f 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -193,8 +193,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/keystone'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
keystone::admin_token: {get_param: AdminToken}
keystone::admin_password: {get_param: AdminPassword}
keystone::roles::admin::password: {get_param: AdminPassword}
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
index 2a9745a2..c183bc08 100644
--- a/puppet/services/manila-base.yaml
+++ b/puppet/services/manila-base.yaml
@@ -67,8 +67,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/manila'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
service_config_settings:
mysql:
manila::db::mysql::password: {get_param: ManilaPassword}
diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
index 4d020498..e1030346 100644
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@@ -65,8 +65,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/mistral'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
mistral::rabbit_userid: {get_param: RabbitUserName}
mistral::rabbit_password: {get_param: RabbitPassword}
mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index b3a07fb0..4d671e15 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -127,8 +127,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index 06927fe0..1d6a2371 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -22,10 +22,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
MonitoringSubscriptionNeutronL3Dvr:
default: 'overcloud-neutron-l3-dvr'
type: string
@@ -35,6 +31,19 @@ parameters:
tag: openstack.neutron.agent.l3-compute
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
+conditions:
+
+ external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
+
resources:
NeutronBase:
@@ -56,7 +65,11 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
- neutron::agents::l3::agent_mode : 'dvr'
+ - neutron::agents::l3::agent_mode : 'dvr'
+ -
+ if:
+ - external_network_bridge_empty
+ - {}
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 69803551..4fa49275 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -21,10 +21,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
@@ -43,6 +39,15 @@ parameters:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
conditions:
external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index ad1dcfb0..f948dd07 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -100,8 +100,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]}
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index d18b5b48..0adefecd 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -194,12 +194,12 @@ outputs:
tags: step0,pre-upgrade
when: is_bootstrap_node
command: nova-manage db online_data_migrations
- - name: update nova api
- tags: step2
- yum: name=openstack-nova-api state=latest
- name: Stop and disable nova_api service (pre-upgrade not under httpd)
tags: step2
service: name=openstack-nova-api state=stopped enabled=no
+ - name: update nova api
+ tags: step2
+ yum: name=openstack-nova-api state=latest
- name: Create puppet manifest to set transport_url in nova.conf
tags: step5
when: is_bootstrap_node
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index d892c36d..ceacb0b2 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -150,6 +150,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
nova::api_database_connection:
list_join:
- ''
@@ -159,6 +160,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
nova::placement_database_connection:
list_join:
- ''
@@ -168,6 +170,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_placement'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 9389c801..3ae19a67 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -79,6 +79,10 @@ outputs:
dport:
- 8778
- 13778
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
index 37ba1f73..909a3030 100644
--- a/puppet/services/octavia-api.yaml
+++ b/puppet/services/octavia-api.yaml
@@ -66,8 +66,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/octavia'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
octavia::keystone::authtoken::project_name: 'service'
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index ca21cfbe..9398d6b5 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -143,5 +143,5 @@ outputs:
pacemaker_cluster: state=online
- name: Check pacemaker resource
tags: step4
- pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200
+ pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500
with_items: {get_param: PacemakerResources}
diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
index 2c2586af..998e64ee 100644
--- a/puppet/services/panko-base.yaml
+++ b/puppet/services/panko-base.yaml
@@ -46,8 +46,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/panko'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
panko::debug: {get_param: Debug}
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index e2084186..224989be 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -64,8 +64,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/sahara'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index 987fe25b..176514ec 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -53,6 +53,3 @@ outputs:
- name: Stop sahara_engine service
tags: step2
service: name=openstack-sahara-engine state=stopped
- - name: Sync sahara_engine DB
- tags: step5
- command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 526fa888..c941b598 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -138,6 +138,7 @@ outputs:
- ''
- 'proxy-logging'
- 'proxy-server'
+ swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index 5cf09a6d..6ceb9f19 100644
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -64,8 +64,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/tacker'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
tacker::keystone::auth::tenant: 'service'
tacker::keystone::auth::password: {get_param: TackerPassword}
@@ -89,3 +88,10 @@ outputs:
step_config: |
include ::tripleo::profile::base::tacker
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running"
+ shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop tacker service
+ tags: step2
+ service: name=openstack-tacker-server state=stopped
diff --git a/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml b/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml
new file mode 100644
index 00000000..59f1fb99
--- /dev/null
+++ b/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml
@@ -0,0 +1,11 @@
+---
+prelude: >
+ Support for Manila/CephFS with TripleO managed Ceph cluster
+features:
+ - |
+ It is now possible to configure Manila with CephFS to use a
+ TripleO managed Ceph cluster. When using the Heat environment
+ file at environments/manila-cephfsnative-config.yaml Manila
+ will be configured to use the TripleO managed Ceph cluster
+ if CephMDS is deployed as well, which can be done using the
+ file environments/services/ceph-mds.yaml \ No newline at end of file
diff --git a/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml
new file mode 100644
index 00000000..e9974a20
--- /dev/null
+++ b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+ - |
+ Swift rings created or updated on the overcloud nodes will now be
+ stored on the undercloud at the end of each deployment. They will be
+ retrieved before any deployment update, and by doing this the Swift
+ rings will be in a consistent state across the cluster all the time.
+ This makes it possible to add, remove or replace nodes without
+ manual operator interaction.
diff --git a/roles_data.yaml b/roles_data.yaml
index 31b12986..9e3b0a18 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -17,6 +17,10 @@
# disable_constraints: (boolean) optional, whether to disable Nova and Glance
# constraints for each role specified in the templates.
#
+# disable_upgrade_deployment: (boolean) optional, whether to run the
+# ansible upgrade steps for all services that are deployed on the role. If set
+# to True, the operator will drive the upgrade for this role's nodes.
+#
# upgrade_batch_size: (number): batch size for upgrades where tasks are
# specified by services to run in batches vs all nodes at once.
# This defaults to 1, but larger batches may be specified here.
@@ -47,6 +51,7 @@
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 0eacbc60..1d0dba02 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -62,14 +62,12 @@ def validate_mysql_connection(settings):
return items == ['EndpointMap', 'MysqlInternal', 'protocol']
def client_bind_address(item):
- return 'bind_address' in item
+ return 'read_default_file' in item and \
+ 'read_default_group' in item
def validate_mysql_uri(key, items):
# Only consider a connection if it targets mysql
- # TODO(owalsh): skip nova mysql uris,temporary workaround for
- # tripleo/+bug/1662344
- if not key.startswith('nova') and \
- key.endswith('connection') and \
+ if key.endswith('connection') and \
search(items, mysql_protocol, no_op):
# Assume the "bind_address" option is one of
# the token that made up the uri