diff options
92 files changed, 3288 insertions, 149 deletions
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index f35a0804..03065c6a 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -65,6 +65,7 @@ - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 212f6a23..d89a4942 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -4,6 +4,8 @@ resource_registry: parameter_defaults: ControllerServices: + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume @@ -15,6 +17,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent @@ -44,5 +47,9 @@ parameter_defaults: nova::compute::libvirt::libvirt_virt_type: qemu # Required for Centos 7.3 and Qemu 2.6.0 nova::compute::libvirt::libvirt_cpu_mode: 'none' + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 SwiftCeilometerPipelineEnabled: False Debug: True diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 4859c23a..af409835 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -28,6 +28,7 @@ parameter_defaults: - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived @@ -36,6 +37,13 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 1300284e..e09ca705 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -19,6 +19,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index dfd534a8..3207d133 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -15,6 +15,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 9c3c08ae..1dc8b13d 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -17,6 +17,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index bec1d6d6..dc05ab4e 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -38,6 +38,7 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 9795a00f..04da5565 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -41,6 +41,7 @@ - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index fe87ce7a..1bb8bc2b 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -23,6 +23,7 @@ import os import subprocess import sys import tempfile +import multiprocessing # this is to match what we do in deployed-server @@ -53,6 +54,8 @@ def rm_container(name): print(cmd_stdout) print(cmd_stderr) +process_count = int(os.environ.get('PROCESS_COUNT', + multiprocessing.cpu_count())) config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') print('docker-puppet') @@ -106,34 +109,25 @@ for service in (json_data or []): print('Service compilation completed.\n') -for config_volume in configs: - - service = configs[config_volume] - puppet_tags = service[1] or '' - manifest = service[2] or '' - config_image = service[3] or '' - volumes = service[4] if len(service) > 4 else [] - - if puppet_tags: - puppet_tags = "file,file_line,concat,%s" % puppet_tags - else: - puppet_tags = "file,file_line,concat" +def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): print('---------') print('config_volume %s' % config_volume) print('puppet_tags %s' % puppet_tags) print('manifest %s' % manifest) print('config_image %s' % config_image) + print('volumes %s' % volumes) hostname = short_hostname() + sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume - with open('/var/lib/docker-puppet/docker-puppet.sh', 'w') as script_file: + with open(sh_script, 'w') as script_file: os.chmod(script_file.name, 0755) script_file.write("""#!/bin/bash set -ex mkdir -p /etc/puppet cp -a /tmp/puppet-etc/* /etc/puppet rm -Rf /etc/puppet/ssl # not in use and causes permission errors - echo '{"step": 6}' > /etc/puppet/hieradata/docker.json + echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json TAGS="" if [ -n "%(puppet_tags)s" ]; then TAGS='--tags "%(puppet_tags)s"' @@ -168,7 +162,8 @@ for config_volume in configs: fi """ % {'puppet_tags': puppet_tags, 'name': config_volume, 'hostname': hostname, - 'no_archive': os.environ.get('NO_ARCHIVE', '')}) + 'no_archive': os.environ.get('NO_ARCHIVE', ''), + 'step': os.environ.get('STEP', '6')}) with tempfile.NamedTemporaryFile() as tmp_man: with open(tmp_man.name, 'w') as man_file: @@ -186,12 +181,12 @@ for config_volume in configs: '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', - '--volume', '/var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:ro'] + '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: dcmd.extend(['--volume', volume]) - dcmd.extend(['--entrypoint', '/var/lib/docker-puppet/docker-puppet.sh']) + dcmd.extend(['--entrypoint', sh_script]) env = {} if os.environ.get('NET_HOST', 'false') == 'true': @@ -207,6 +202,34 @@ for config_volume in configs: print(cmd_stderr) if subproc.returncode != 0: print('Failed running docker-puppet.py for %s' % config_volume) - sys.exit(subproc.returncode) - else: - rm_container('docker-puppet-%s' % config_volume) + rm_container('docker-puppet-%s' % config_volume) + return subproc.returncode + +# Holds all the information for each process to consume. +# Instead of starting them all linearly we run them using a process +# pool. This creates a list of arguments for the above function +# to consume. +process_map = [] + +for config_volume in configs: + + service = configs[config_volume] + puppet_tags = service[1] or '' + manifest = service[2] or '' + config_image = service[3] or '' + volumes = service[4] if len(service) > 4 else [] + + if puppet_tags: + puppet_tags = "file,file_line,concat,%s" % puppet_tags + else: + puppet_tags = "file,file_line,concat" + + process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) + +for p in process_map: + print '--\n%s' % p + +# Fire off processes to perform each configuration. Defaults +# to the number of CPUs on the system. +p = multiprocessing.Pool(process_count) +p.map(mp_puppet_config, process_map) diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index 3473f4ca..e1154a62 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -68,6 +68,7 @@ resources: - name: CONFIG - name: NET_HOST - name: NO_ARCHIVE + - name: STEP {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: type: OS::Heat::SoftwareDeployment @@ -85,6 +86,7 @@ resources: CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json NET_HOST: 'true' NO_ARCHIVE: 'true' + STEP: {{step}} {% endfor %} # END primary_role_name docker-puppet-tasks diff --git a/docker/services/README.rst b/docker/services/README.rst index c054e8c0..881a2a37 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -19,8 +19,11 @@ Building Kolla Images TripleO currently relies on Kolla docker containers. Kolla supports container customization and we are making use of this feature within TripleO to inject -puppet (our configuration tool of choice) into the Kolla base images. To -build Kolla images for TripleO adjust your kolla config to build your +puppet (our configuration tool of choice) into the Kolla base images. The +undercloud nova-scheduler also requires openstack-tripleo-common to +provide custom filters. + +To build Kolla images for TripleO adjust your kolla config to build your centos base image with puppet using the example below: .. code-block:: @@ -28,6 +31,7 @@ centos base image with puppet using the example below: $ cat template-overrides.j2 {% extends parent_template %} {% set base_centos_binary_packages_append = ['puppet'] %} +{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %} kolla-build --base centos --template-override template-overrides.j2 diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml new file mode 100644 index 00000000..cc28846a --- /dev/null +++ b/docker/services/database/mongodb.yaml @@ -0,0 +1,98 @@ +heat_template_version: ocata + +description: > + MongoDB service deployment using puppet and docker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMongodbImage: + description: image + default: 'centos-binary-mongodb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MongodbPuppetBase: + type: ../../../puppet/services/database/mongodb.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Containerized service Mongodb using composable services. + value: + service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MongodbPuppetBase, role_data, config_settings] + - mongodb::server::fork: false + step_config: + list_join: + - "\n" + - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }" + - {get_attr: [MongodbPuppetBase, role_data, step_config]} + upgrade_tasks: {get_attr: [MongodbPuppetBase, role_data, upgrade_tasks]} + # BEGIN DOCKER SETTINGS # + docker_image: &mongodb_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + puppet_tags: file # set this even though file is the default + config_volume: mongodb + config_image: *mongodb_image + kolla_config: + /var/lib/kolla/config_files/mongodb.json: + command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + config_files: + - dest: /etc/mongod.conf + source: /var/lib/kolla/config_files/src/etc/mongod.conf + owner: mongodb + perm: '0600' + - dest: /etc/mongos.conf + source: /var/lib/kolla/config_files/src/etc/mongos.conf + owner: mongodb + perm: '0600' + docker_config: + step_2: + mongodb: + image: *mongodb_image + net: host + privileged: false + volumes: &mongodb_volumes + - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log/kolla + - mongodb:/var/lib/mongodb/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # MySQL database initialization occurs only on single node + step_2: + - 'mongodb_init_tasks' + - 'mongodb_database,mongodb_user,mongodb_replset' + - 'include ::tripleo::profile::base::database::mongodb' + - list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + - - "mongodb:/var/lib/mongodb" + - "logs:/var/log/kolla:ro" diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml new file mode 100644 index 00000000..2ef068d2 --- /dev/null +++ b/docker/services/database/mysql.yaml @@ -0,0 +1,130 @@ +heat_template_version: ocata + +description: > + MySQL service deployment using puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + MysqlRootPassword: + type: string + hidden: true + default: '' + +resources: + + MysqlPuppetBase: + type: ../../../puppet/services/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Containerized service MySQL using composable services. + value: + service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [MysqlPuppetBase, role_data, config_settings]} + # Set PID file to what kolla mariadb bootstrap script expects + - tripleo::profile::base::database::mysql::mysql_server_options: + mysqld: + pid-file: /var/lib/mysql/mariadb.pid + mysqld_safe: + pid-file: /var/lib/mysql/mariadb.pid + step_config: + list_join: + - "\n" + - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" + - {get_attr: [MysqlPuppetBase, role_data, step_config]} + upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]} + # BEGIN DOCKER SETTINGS # + docker_image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + puppet_tags: file # set this even though file is the default + config_volume: mysql + config_image: *mysql_image + kolla_config: + /var/lib/kolla/config_files/mysql.json: + command: /usr/bin/mysqld_safe + config_files: + - dest: /etc/mysql/my.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf + owner: mysql + perm: '0644' + - dest: /etc/my.cnf.d/galera.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf + owner: mysql + perm: '0644' + docker_config: + step_2: + mysql_bootstrap: + start_order: 0 + detach: false + image: *mysql_image + net: host + volumes: &mysql_volumes + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - mariadb:/var/lib/mysql/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + # NOTE(mandre) skip wsrep cluster status check + - KOLLA_KUBERNETES=True + - + list_join: + - '=' + - - 'DB_ROOT_PASSWORD' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql: + start_order: 1 + image: *mysql_image + restart: always + net: host + volumes: *mysql_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # MySQL database initialization occurs only on single node + step_2: + - 'mysql_init_tasks' + - 'mysql_database,mysql_grant,mysql_user' + - 'include ::tripleo::profile::base::database::mysql' + - list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - - "mariadb:/var/lib/mysql/:ro" + - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml new file mode 100644 index 00000000..b8ab9622 --- /dev/null +++ b/docker/services/glance-api.yaml @@ -0,0 +1,96 @@ +heat_template_version: ocata + +description: > + OpenStack Glance service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerGlanceApiImage: + description: image + default: 'centos-binary-glance-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + GlanceApiPuppetBase: + type: ../../puppet/services/glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Glance API role. + value: + service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [GlanceApiPuppetBase, role_data, config_settings] + - glance::api::sync_db: false + step_config: {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + docker_image: &glance_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config + config_volume: glance_api + config_image: *glance_image + kolla_config: + /var/lib/kolla/config_files/glance-api.json: + command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + config_files: + - dest: /etc/glance/glance-api.conf + owner: glance + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf + - dest: /etc/glance/glance-swift.conf + owner: glance + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf + docker_config: + step_3: + glance_api_db_sync: + image: *glance_image + net: host + privileged: false + detach: false + volumes: &glance_volumes + - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro + - /run:/run + - /dev:/dev + - /etc/hosts:/etc/hosts:ro + environment: + - KOLLA_BOOTSTRAP=True + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + glance_api: + image: *glance_image + net: host + privileged: false + restart: always + volumes: *glance_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml new file mode 100644 index 00000000..93632166 --- /dev/null +++ b/docker/services/heat-api-cfn.yaml @@ -0,0 +1,90 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat API CFN service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatApiCfnImage: + description: image + default: 'centos-binary-heat-api-cfn:latest' + type: string + # we configure all heat services in the same heat engine container + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-api-cfn.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat API CFN role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: {get_attr: [HeatBase, role_data, step_config]} + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_api_cfn_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ] + puppet_tags: heat_config,file,concat,file_line + config_volume: heat + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/heat_api_cfn.json: + command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_4: + heat_api_cfn: + image: *heat_api_cfn_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml new file mode 100644 index 00000000..2efabb61 --- /dev/null +++ b/docker/services/heat-api.yaml @@ -0,0 +1,90 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatApiImage: + description: image + default: 'centos-binary-heat-api:latest' + type: string + # we configure all heat services in the same heat engine container + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat API role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: {get_attr: [HeatBase, role_data, step_config]} + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ] + puppet_tags: heat_config,file,concat,file_line + config_volume: heat + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/heat_api.json: + command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_4: + heat_api: + image: *heat_api_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml new file mode 100644 index 00000000..db8c2be5 --- /dev/null +++ b/docker/services/heat-engine.yaml @@ -0,0 +1,92 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat Engine service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat Engine role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: {get_attr: [HeatBase, role_data, step_config]} + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + puppet_tags: heat_config,file,concat,file_line + config_volume: heat + config_image: *heat_engine_image + kolla_config: + /var/lib/kolla/config_files/heat_engine.json: + command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_3: + heat_engine_db_sync: + image: *heat_engine_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/heat/etc/heat:/etc/heat:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['heat-manage', 'db_sync'] + step_4: + heat_engine: + image: *heat_engine_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml new file mode 100644 index 00000000..80120568 --- /dev/null +++ b/docker/services/ironic-api.yaml @@ -0,0 +1,99 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicApiImage: + description: image + default: 'centos-binary-ironic-api:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + IronicApiBase: + type: ../../puppet/services/ironic-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Ironic API role. + value: + service_name: {get_attr: [IronicApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [IronicApiBase, role_data, config_settings] + step_config: {get_attr: [IronicApiBase, role_data, step_config]} + service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] + puppet_tags: ironic_config + config_volume: ironic + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_api.json: + command: /usr/bin/ironic-api + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + docker_config: + step_3: + ironic_db_sync: + image: *ironic_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/ironic/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf'] + step_4: + ironic_api: + start_order: 10 + image: *ironic_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml new file mode 100644 index 00000000..945ef3fc --- /dev/null +++ b/docker/services/ironic-conductor.yaml @@ -0,0 +1,111 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic Conductor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicConductorImage: + description: image + default: 'centos-binary-ironic-conductor:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + IronicConductorBase: + type: ../../puppet/services/ironic-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Ironic Conductor role. + value: + service_name: {get_attr: [IronicConductorBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [IronicConductorBase, role_data, config_settings] + # to avoid hard linking errors we store these on the same + # volume/device as the ironic master_path + - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot + - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images + - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot + - ironic::pxe::http_root: /var/lib/ironic/httpboot + - ironic::conductor::http_root: /var/lib/ironic/httpboot + step_config: {get_attr: [IronicConductorBase, role_data, step_config]} + service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] + puppet_tags: ironic_config + config_volume: ironic + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_conductor.json: + command: /usr/bin/ironic-conductor + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + permissions: + - path: /var/lib/ironic/httpboot + owner: ironic:ironic + recurse: true + - path: /var/lib/ironic/tftpboot + owner: ironic:ironic + recurse: true + docker_config: + step_4: + ironic-init-dirs: + image: *ironic_image + user: root + command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot'] + volumes: + - ironic:/var/lib/ironic + ironic_conductor: + start_order: 80 + image: *ironic_image + net: host + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /sys:/sys + - /dev:/dev + - /run:/run #shared? + - ironic:/var/lib/ironic + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml new file mode 100644 index 00000000..bc7b4677 --- /dev/null +++ b/docker/services/ironic-pxe.yaml @@ -0,0 +1,131 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic PXE service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicPxeImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +outputs: + role_data: + description: Role data for the Ironic PXE role. + value: + service_name: ironic_pxe + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_pxe_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ] + puppet_tags: ironic_config + config_volume: ironic + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_pxe_http.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + /var/lib/kolla/config_files/ironic_pxe_tftp.json: + command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + - dest: /var/lib/ironic/tftpboot/chain.c32 + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32 + - dest: /var/lib/ironic/tftpboot/pxelinux.0 + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0 + - dest: /var/lib/ironic/tftpboot/ipxe.efi + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi + - dest: /var/lib/ironic/tftpboot/undionly.kpxe + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe + - dest: /var/lib/ironic/tftpboot/map-file + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file + docker_config: + step_4: + ironic_pxe_tftp: + start_order: 90 + image: *ironic_pxe_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/log:/dev/log + - ironic:/var/lib/ironic/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + ironic_pxe_http: + start_order: 91 + image: *ironic_pxe_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - ironic:/var/lib/ironic/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml new file mode 100644 index 00000000..2bf8fa09 --- /dev/null +++ b/docker/services/keystone.yaml @@ -0,0 +1,153 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Keystone service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerKeystoneImage: + description: image + default: 'centos-binary-keystone:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + +resources: + + KeystoneBase: + type: ../../puppet/services/keystone.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Keystone API role. + value: + service_name: {get_attr: [KeystoneBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [KeystoneBase, role_data, config_settings] + - apache::default_vhost: false + step_config: + list_join: + - "\n" + - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" + - {get_attr: [KeystoneBase, role_data, step_config]} + service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &keystone_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + puppet_tags: keystone_config + config_volume: keystone + config_image: *keystone_image + kolla_config: + /var/lib/kolla/config_files/keystone.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/keystone/keystone.conf + owner: keystone + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf + - dest: /etc/keystone/credential-keys/0 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0 + - dest: /etc/keystone/credential-keys/1 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 + - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf + - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/keystone/keystone-admin + owner: keystone + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin + - dest: /var/www/cgi-bin/keystone/keystone-public + owner: keystone + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public + docker_config: + step_3: + keystone-init-log: + start_order: 0 + image: *keystone_image + user: root + command: ['/bin/bash', '-c', 'mkdir /var/log/httpd && mkdir /var/log/keystone && chown keystone:keystone /var/log/keystone'] + volumes: + - logs:/var/log + keystone_db_sync: + start_order: 1 + image: *keystone_image + net: host + privileged: false + detach: false + volumes: &keystone_volumes + - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + environment: + - KOLLA_BOOTSTRAP=True + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + keystone: + start_order: 1 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: *keystone_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + keystone_bootstrap: + start_order: 2 + action: exec + command: + [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + docker_puppet_tasks: + # Keystone endpoint creation occurs only on single node + step_3: + - 'keystone_init_tasks' + - 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' + - 'include ::tripleo::profile::base::keystone' + - list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml new file mode 100644 index 00000000..d459c825 --- /dev/null +++ b/docker/services/memcached.yaml @@ -0,0 +1,69 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Memcached services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMemcachedImage: + description: image + default: 'centos-binary-memcached:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MemcachedBase: + type: ../../puppet/services/memcached.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Memcached API role. + value: + service_name: {get_attr: [MemcachedBase, role_data, service_name]} + config_settings: {get_attr: [MemcachedBase, role_data, config_settings]} + step_config: {get_attr: [MemcachedBase, role_data, step_config]} + service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &memcached_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + puppet_tags: 'file' + config_volume: 'memcached' + config_image: *memcached_image + kolla_config: {} + docker_config: + step_1: + memcached: + image: *memcached_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml new file mode 100644 index 00000000..e535a817 --- /dev/null +++ b/docker/services/mistral-api.yaml @@ -0,0 +1,115 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralApiImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MistralApiBase: + type: ../../puppet/services/mistral-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral API role. + value: + service_name: {get_attr: [MistralApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralApiBase, role_data, config_settings] + step_config: {get_attr: [MistralApiBase, role_data, step_config]} + service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] + puppet_tags: mistral_config + config_volume: mistral + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_api.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_3: + mistral_db_sync: + start_order: 1 + image: *mistral_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/mistral/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head'] + mistral_db_populate: + start_order: 2 + image: *mistral_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/mistral/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + # NOTE: dprince this requires that we install openstack-tripleo-common into + # the Mistral API image so that we get tripleo* actions + command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate'] + step_4: + mistral_api: + start_order: 15 + image: *mistral_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml new file mode 100644 index 00000000..be4c8af7 --- /dev/null +++ b/docker/services/mistral-engine.yaml @@ -0,0 +1,87 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral Engine service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralEngineImage: + description: image + default: 'centos-binary-mistral-engine:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + MistralBase: + type: ../../puppet/services/mistral-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral Engine role. + value: + service_name: {get_attr: [MistralBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + step_config: {get_attr: [MistralBase, role_data, step_config]} + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] + puppet_tags: mistral_config + config_volume: mistral + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_engine.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_4: + mistral_engine: + image: *mistral_engine_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml new file mode 100644 index 00000000..33608a42 --- /dev/null +++ b/docker/services/mistral-executor.yaml @@ -0,0 +1,91 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral Executor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralExecutorImage: + description: image + default: 'centos-binary-mistral-executor:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + MistralBase: + type: ../../puppet/services/mistral-executor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral Executor role. + value: + service_name: {get_attr: [MistralBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + step_config: {get_attr: [MistralBase, role_data, step_config]} + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_executor_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] + puppet_tags: mistral_config + config_volume: mistral + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_executor.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_4: + mistral_executor: + image: *mistral_executor_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + # FIXME: this is required in order for Nova cells + # initialization workflows on the Undercloud. Need to + # exclude this on the overcloud for security reasons. + - /var/lib/config-data/nova/etc/nova:/etc/nova:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml new file mode 100644 index 00000000..dfd1d5c0 --- /dev/null +++ b/docker/services/neutron-api.yaml @@ -0,0 +1,105 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronApiImage: + description: image + default: 'centos-binary-neutron-server:latest' + type: string + # we configure all neutron services in the same neutron + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron API role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: {get_attr: [NeutronBase, role_data, step_config]} + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &neutron_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + puppet_tags: neutron_config,neutron_api_config + config_volume: neutron + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/neutron_api.json: + command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/plugin.ini + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini + docker_config: + step_3: + neutron_db_sync: + image: *neutron_api_image + net: host + privileged: false + detach: false + # FIXME: we should make config file permissions right + # and run as neutron user + user: root + volumes: + - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro + - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['neutron-db-manage', 'upgrade', 'heads'] + step_4: + neutron_api: + image: *neutron_api_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml new file mode 100644 index 00000000..fc13b3d1 --- /dev/null +++ b/docker/services/neutron-dhcp.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron DHCP service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronApiImage: + description: image + default: 'centos-binary-neutron-dhcp-agent:latest' + type: string + # we configure all neutron services in the same neutron + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-dhcp.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron DHCP role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: {get_attr: [NeutronBase, role_data, step_config]} + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &neutron_dhcp_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + puppet_tags: neutron_config,neutron_dhcp_agent_config + config_volume: neutron + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/neutron_dhcp.json: + command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/dhcp_agent.ini + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini + docker_config: + step_4: + neutron_dhcp: + image: *neutron_dhcp_image + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - /lib/modules:/lib/modules:ro + - /run/:/run + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..37ab8db2 --- /dev/null +++ b/docker/services/neutron-plugin-ml2.yaml @@ -0,0 +1,58 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron ML2 Plugin configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-plugin-ml2.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron ML2 Plugin role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: {get_attr: [NeutronBase, role_data, step_config]} + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &docker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + puppet_tags: '' + config_volume: 'neutron' + config_image: *docker_image + kolla_config: {} + docker_config: {} diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml new file mode 100644 index 00000000..26ae514a --- /dev/null +++ b/docker/services/nova-api.yaml @@ -0,0 +1,134 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaApiImage: + description: image + default: 'centos-binary-nova-api:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaApiBase: + type: ../../puppet/services/nova-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova API role. + value: + service_name: {get_attr: [NovaApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaApiBase, role_data, config_settings] + - apache::default_vhost: false + step_config: {get_attr: [NovaApiBase, role_data, step_config]} + service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ] + puppet_tags: nova_config + config_volume: nova + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_api.json: + command: /usr/bin/nova-api + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_3: + nova_api_db_sync: + start_order: 1 + image: *nova_api_image + net: host + detach: false + volumes: &nova_api_volumes + - /var/lib/config-data/nova/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['/usr/bin/nova-manage', 'api_db', 'sync'] + # FIXME: we probably want to wait on the 'cell_v2 update' in order for this + # to be capable of upgrading a baremetal setup. This is to ensure the name + # of the cell is 'default' + nova_api_map_cell0: + start_order: 2 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + command: + - '/usr/bin/nova-manage' + - 'cell_v2' + - 'map_cell0' + nova_api_create_default_cell: + start_order: 3 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + # NOTE: allowing the exit code 2 is a dirty way of making + # this idempotent (if the resource already exists a conflict + # is raised) + exit_codes: [0,2] + command: + - '/usr/bin/nova-manage' + - 'cell_v2' + - 'create_cell' + - '--name="default"' + nova_db_sync: + start_order: 4 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + command: ['/usr/bin/nova-manage', 'db', 'sync'] + step_4: + nova_api: + start_order: 2 + image: *nova_api_image + net: host + user: nova + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 8eebc397..570df95f 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -64,6 +64,7 @@ outputs: perm: '0600' source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf docker_config: + # FIXME: run discover hosts here step_4: novacompute: image: *nova_compute_image diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml new file mode 100644 index 00000000..aa009b4f --- /dev/null +++ b/docker/services/nova-conductor.yaml @@ -0,0 +1,85 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Conductor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaConductorImage: + description: image + default: 'centos-binary-nova-conductor:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + NovaConductorBase: + type: ../../puppet/services/nova-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + service_name: {get_attr: [NovaConductorBase, role_data, service_name]} + config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} + step_config: {get_attr: [NovaConductorBase, role_data, step_config]} + service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_conductor_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] + puppet_tags: nova_config + config_volume: nova + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_conductor.json: + command: /usr/bin/nova-conductor + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_4: + nova_conductor: + image: *nova_conductor_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml new file mode 100644 index 00000000..c1858ded --- /dev/null +++ b/docker/services/nova-ironic.yaml @@ -0,0 +1,88 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Ironic Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute-ironic:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + + NovaIronicBase: + type: ../../puppet/services/nova-ironic.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + service_name: {get_attr: [NovaIronicBase, role_data, service_name]} + config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} + step_config: {get_attr: [NovaIronicBase, role_data, step_config]} + puppet_tags: nova_config,nova_paste_api_ini + docker_image: &nova_ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + config_volume: nova + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_ironic.json: + command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + - dest: /etc/nova/rootwrap.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf + docker_config: + step_5: + novacompute: + image: *nova_ironic_image + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - /dev:/dev + - /etc/iscsi:/etc/iscsi + - nova_compute:/var/lib/nova/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml new file mode 100644 index 00000000..a4baaa27 --- /dev/null +++ b/docker/services/nova-metadata.yaml @@ -0,0 +1,48 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Metadata service + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + NovaMetadataBase: + type: ../../puppet/services/nova-metadata.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Metadata service. + value: + service_name: {get_attr: [NovaMetadataBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaMetadataBase, role_data, config_settings] + step_config: {get_attr: [NovaMetadataBase, role_data, step_config]} + service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: '' + puppet_tags: '' + config_volume: '' + config_image: '' + kolla_config: {} + docker_config: {} diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml new file mode 100644 index 00000000..f0f7d724 --- /dev/null +++ b/docker/services/nova-placement.yaml @@ -0,0 +1,101 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Placement API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaPlacementImage: + description: image + default: 'centos-binary-nova-placement-api' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaPlacementBase: + type: ../../puppet/services/nova-placement.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Placement API role. + value: + service_name: {get_attr: [NovaPlacementBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaPlacementBase, role_data, config_settings] + - apache::default_vhost: false + step_config: {get_attr: [NovaPlacementBase, role_data, step_config]} + service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_placement_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + puppet_tags: nova_config + config_volume: nova_placement + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_placement.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + - dest: /etc/httpd/conf.d/10-placement_wsgi.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/nova/nova-placement-api + owner: nova + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api + docker_config: + # start this early so it is up before computes start reporting + step_3: + nova_placement: + start_order: 1 + image: *nova_placement_image + net: host + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml new file mode 100644 index 00000000..a1a98b48 --- /dev/null +++ b/docker/services/nova-scheduler.yaml @@ -0,0 +1,84 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaSchedulerImage: + description: image + default: 'centos-binary-nova-scheduler:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaSchedulerBase: + type: ../../puppet/services/nova-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Scheduler service. + value: + service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} + config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} + step_config: {get_attr: [NovaSchedulerBase, role_data, step_config]} + service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_scheduler_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ] + puppet_tags: nova_config + config_volume: nova + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_scheduler.json: + command: /usr/bin/nova-scheduler + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_4: + nova_scheduler: + image: *nova_scheduler_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml new file mode 100644 index 00000000..cea3d8a7 --- /dev/null +++ b/docker/services/rabbitmq.yaml @@ -0,0 +1,119 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRabbitmqImage: + description: image + default: 'centos-binary-rabbitmq:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + +resources: + + RabbitmqBase: + type: ../../puppet/services/rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]} + step_config: {get_attr: [RabbitmqBase, role_data, step_config]} + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &rabbitmq_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + puppet_tags: file + config_volume: rabbitmq + config_image: *rabbitmq_image + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - dest: /etc/rabbitmq/rabbitmq.config + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config + - dest: /etc/rabbitmq/enabled_plugins + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins + - dest: /etc/rabbitmq/rabbitmq-env.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf + - dest: /etc/rabbitmq/rabbitmqadmin.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: *rabbitmq_image + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - rabbitmq:/var/lib/rabbitmq/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq: + start_order: 1 + image: *rabbitmq_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - rabbitmq:/var/lib/rabbitmq/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml new file mode 100644 index 00000000..09553319 --- /dev/null +++ b/docker/services/swift-proxy.yaml @@ -0,0 +1,76 @@ +heat_template_version: ocata + +description: > + OpenStack containerized swift proxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + SwiftProxyBase: + type: ../../puppet/services/swift-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the swift proxy. + value: + service_name: {get_attr: [SwiftProxyBase, role_data, service_name]} + config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]} + step_config: {get_attr: [SwiftProxyBase, role_data, step_config]} + service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + puppet_tags: swift_proxy_config + config_volume: swift + config_image: *swift_proxy_image + kolla_config: + /var/lib/kolla/config_files/swift_proxy.json: + command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf + docker_config: + step_4: + swift_proxy: + image: *swift_proxy_image + net: host + user: swift + restart: always + # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime? + volumes: + - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml new file mode 100644 index 00000000..de91e7cf --- /dev/null +++ b/docker/services/swift-ringbuilder.yaml @@ -0,0 +1,80 @@ +heat_template_version: ocata + +description: > + OpenStack Swift Ringbuilder + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + SwiftUseLocalDir: + default: true + description: 'Use a local directory for Swift storage services when building rings' + type: boolean + +resources: + + SwiftRingbuilderBase: + type: ../../puppet/services/swift-ringbuilder.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for Swift Ringbuilder configuration in containers. + value: + service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]} + config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + step_config: {get_attr: [SwiftRingbuilderBase, role_data, step_config]} + service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]} + puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance + # BEGIN DOCKER SETTINGS + docker_image: &docker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + config_volume: 'swift' + config_image: *docker_image + kolla_config: {} + docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml new file mode 100644 index 00000000..5b2ec6e6 --- /dev/null +++ b/docker/services/swift-storage.yaml @@ -0,0 +1,343 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Swift Storage services. + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + DockerSwiftAccountImage: + description: image + default: 'centos-binary-swift-account:latest' + type: string + DockerSwiftContainerImage: + description: image + default: 'centos-binary-swift-container:latest' + type: string + DockerSwiftObjectImage: + description: image + default: 'centos-binary-swift-object:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + +resources: + + SwiftStorageBase: + type: ../../puppet/services/swift-storage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the swift storage services. + value: + service_name: {get_attr: [SwiftStorageBase, role_data, service_name]} + config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]} + step_config: {get_attr: [SwiftStorageBase, role_data, step_config]} + service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config + config_volume: swift + config_image: *swift_proxy_image + kolla_config: + /var/lib/kolla/config_files/swift_account_auditor.json: + command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_reaper.json: + command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_replicator.json: + command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_server.json: + command: /usr/bin/swift-account-server /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_container_auditor.json: + command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_replicator.json: + command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_updater.json: + command: /usr/bin/swift-container-updater /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_server.json: + command: /usr/bin/swift-container-server /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_object_auditor.json: + command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_expirer.json: + command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf + /var/lib/kolla/config_files/swift_object_replicator.json: + command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_updater.json: + command: /usr/bin/swift-object-updater /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_server.json: + command: /usr/bin/swift-object-server /etc/swift/object-server.conf + docker_config: + step_3: + # The puppet config sets this up but we don't have a way to mount the named + # volume during the configuration stage. We just need to create this + # directory and make sure it's owned by swift. + swift_setup_srv: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + user: root + command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node'] + volumes: + - swift-srv:/srv + step_4: + swift_account_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: &kolla_env + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + swift_account_reaper: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_account_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_account_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_updater: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_expirer: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_updater: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml new file mode 100644 index 00000000..9f248ce1 --- /dev/null +++ b/docker/services/zaqar.yaml @@ -0,0 +1,99 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Zaqar services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerZaqarImage: + description: image + default: 'centos-binary-zaqar:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ZaqarBase: + type: ../../puppet/services/zaqar.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Zaqar API role. + value: + service_name: {get_attr: [ZaqarBase, role_data, service_name]} + config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} + step_config: {get_attr: [ZaqarBase, role_data, step_config]} + service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &zaqar_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + puppet_tags: zaqar_config + config_volume: zaqar + config_image: *zaqar_image + kolla_config: + /var/lib/kolla/config_files/zaqar.json: + command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf + config_files: + - dest: /etc/zaqar/zaqar.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf + /var/lib/kolla/config_files/zaqar_websocket.json: + command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf + config_files: + - dest: /etc/zaqar/zaqar.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf + - dest: /etc/zaqar/1.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf + docker_config: + step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/environments/deployed-server-pacemaker-environment.yaml b/environments/deployed-server-pacemaker-environment.yaml new file mode 100644 index 00000000..85fa7d2f --- /dev/null +++ b/environments/deployed-server-pacemaker-environment.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Tasks::ControllerDeployedServerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 37612b07..ca3715b4 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -5,6 +5,36 @@ resource_registry: OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml + OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml + OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml + OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml + OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml + OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml + # FIXME: these need to go into a environments/services-docker dir? + OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml + OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml + OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml + OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml + OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml + OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml + OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml + OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml + OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml + OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::Services: ../docker/services/services.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 77fa5a49..3738072c 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -25,4 +26,6 @@ parameter_defaults: - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd - OS::TripleO::Services::CephOSD diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml index 47b2003d..3a606336 100644 --- a/environments/low-memory-usage.yaml +++ b/environments/low-memory-usage.yaml @@ -11,8 +11,8 @@ parameter_defaults: SwiftWorkers: 1 GnocchiMetricdWorkers: 1 - ApacheMaxRequestWorkers: 32 - ApacheServerLimit: 32 + ApacheMaxRequestWorkers: 100 + ApacheServerLimit: 100 ControllerExtraConfig: 'nova::network::neutron::neutron_url_timeout': '60' diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml index 75959a0b..cc27d4f0 100644 --- a/environments/net-bond-with-vlans-no-external.yaml +++ b/environments/net-bond-with-vlans-no-external.yaml @@ -20,7 +20,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -# NOTE: with no external interface we should be able to use the -# default Neutron l3_agent.ini setting for the external bridge (br-ex) -# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-bond-with-vlans-v6.yaml b/environments/net-bond-with-vlans-v6.yaml index 73dda3d9..dc6fdfe3 100644 --- a/environments/net-bond-with-vlans-v6.yaml +++ b/environments/net-bond-with-vlans-v6.yaml @@ -12,9 +12,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-v6.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-bond-with-vlans.yaml b/environments/net-bond-with-vlans.yaml index de8f8f74..38c31cac 100644 --- a/environments/net-bond-with-vlans.yaml +++ b/environments/net-bond-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-linux-bridge-with-vlans.yaml b/environments/net-single-nic-linux-bridge-with-vlans.yaml index fd80bb9b..f34cfb92 100644 --- a/environments/net-single-nic-linux-bridge-with-vlans.yaml +++ b/environments/net-single-nic-linux-bridge-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml index c7594b32..65d38137 100644 --- a/environments/net-single-nic-with-vlans-no-external.yaml +++ b/environments/net-single-nic-with-vlans-no-external.yaml @@ -19,7 +19,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -# NOTE: with no external interface we should be able to use the -# default Neutron l3_agent.ini setting for the external bridge (br-ex) -# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-v6.yaml b/environments/net-single-nic-with-vlans-v6.yaml index 8210bad3..966e5fe9 100644 --- a/environments/net-single-nic-with-vlans-v6.yaml +++ b/environments/net-single-nic-with-vlans-v6.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-v6.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans.yaml b/environments/net-single-nic-with-vlans.yaml index a61bc6e1..b087b3e4 100644 --- a/environments/net-single-nic-with-vlans.yaml +++ b/environments/net-single-nic-with-vlans.yaml @@ -11,9 +11,3 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml - -parameter_defaults: - # This sets 'external_network_bridge' in l3_agent.ini to an empty string - # so that external networks act like provider bridge networks (they - # will plug into br-int instead of br-ex) - NeutronExternalNetworkBridge: "''" diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index 796eb806..210b6b03 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -48,8 +48,6 @@ parameter_defaults: # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes DnsServers: ["8.8.8.8","8.8.4.4"] - # Set to empty string to enable multiple external networks or VLANs - NeutronExternalNetworkBridge: "''" # List of Neutron network types for tenant networks (will be used in order) NeutronNetworkType: 'vxlan,vlan' # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml index d7e0c524..f82bc19f 100644 --- a/firstboot/os-net-config-mappings.yaml +++ b/firstboot/os-net-config-mappings.yaml @@ -9,8 +9,28 @@ description: > nic1: "00:c8:7c:e6:f0:2e" node2: nic1: "00:18:7d:99:0c:b6" - This will result in the first nodeN entry where a mac matches a - local device being written as a mapping file for os-net-config in + node3: + dmiString: 'system-uuid' + id: 'A8C85861-1B16-4803-8689-AFC62984F8F6' + nic1: em3 + # Dell PowerEdge + nodegroup1: + dmiString: "system-product-name" + id: "PowerEdge R630" + nic1: em3 + nic2: em1 + nic3: em2 + # Cisco UCS B200-M4" + nodegroup2: + dmiString: "system-product-name" + id: "UCSB-B200-M4" + nic1: enp7s0 + nic2: enp6s0 + + This will result in the first node* entry where either: + a) a mac matches a local device + or b) a DMI String matches the specified id + being written as a mapping file for os-net-config in /etc/os-net-config/mapping.yaml parameters: @@ -47,15 +67,36 @@ resources: echo '$node_lookup' | python -c " import json import sys + import copy + from subprocess import PIPE, Popen import yaml + + def write_mapping_file(interface_mapping): + with open('/etc/os-net-config/mapping.yaml', 'w') as f: + yaml.safe_dump(interface_mapping, f, default_flow_style=False) + input = sys.stdin.readline() or '{}' data = json.loads(input) for node in data: + interface_mapping = {'interface_mapping': + copy.deepcopy(data[node])} + if 'dmiString' in interface_mapping['interface_mapping']: + del interface_mapping['interface_mapping']['dmiString'] + if 'id' in interface_mapping['interface_mapping']: + del interface_mapping['interface_mapping']['id'] + # Match on mac addresses first if any(x in '$eth_addr'.split(',') for x in data[node].values()): - interface_mapping = {'interface_mapping': data[node]} - with open('/etc/os-net-config/mapping.yaml', 'w') as f: - yaml.safe_dump(interface_mapping, f, default_flow_style=False) + write_mapping_file(interface_mapping) break + # If data contain dmiString and id keys, try to match node(group) + if 'dmiString' in data[node] and 'id' in data[node]: + ps = Popen([ 'dmidecode', + '--string', data[node].get('dmiString') ], + stdout=PIPE) + out, err = ps.communicate() + if data[node].get('id') == out.rstrip(): + write_mapping_file(interface_mapping) + break " params: $node_lookup: {get_param: NetConfigDataLookup} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 9a8de34a..1360d0be 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -69,8 +69,10 @@ resource_registry: OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml - OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None - OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None +{% for role in roles %} + OS::TripleO::Tasks::{{role.name}}PrePuppet: OS::Heat::None + OS::TripleO::Tasks::{{role.name}}PostPuppet: OS::Heat::None +{% endfor %} # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when @@ -221,7 +223,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml - OS::TripleO::Services::PankoApi: OS::Heat::None + OS::TripleO::Services::PankoApi: puppet/services/panko-api.yaml OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None OS::TripleO::Services::MistralExecutor: OS::Heat::None @@ -245,6 +247,7 @@ resource_registry: OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None OS::TripleO::Services::OctaviaWorker: OS::Heat::None + OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml parameter_defaults: EnablePackageInstall: false diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index b517db6e..581c4f0d 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -23,14 +23,12 @@ properties: StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} - {% if role.name == 'Controller' %} - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet + {{role.name}}PrePuppet: + type: OS::TripleO::Tasks::{{role.name}}PrePuppet properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {% endif %} {% if role.name in ['Controller', 'ObjectStorage'] %} {{role.name}}SwiftRingDeploy: @@ -82,16 +80,14 @@ properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name == 'Controller' %} - ControllerPostPuppet: + {{role.name}}PostPuppet: depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostPuppet + - {{role.name}}ExtraConfigPost + type: OS::TripleO::Tasks::{{role.name}}PostPuppet properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {% endif %} {% if role.name in ['Controller', 'ObjectStorage'] %} {{role.name}}SwiftRingUpdate: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 9c2d8c5c..e5c11535 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,8 +19,21 @@ environment to set per service parameters. Config Settings --------------- -Each service may define a config_settings output variable which returns -Hiera settings to be configured. +Each service may define three ways in which to output variables to configure Hiera +settings on the nodes. + + * config_settings: the hiera keys will be pushed on all roles of which the service + is a part of. + + * global_config_settings: the hiera keys will be distributed to all roles + + * service_config_settings: Takes an extra key to wire in values that are + defined for a service that need to be consumed by some other service. + For example: + service_config_settings: + haproxy: + foo: bar + This will set the hiera key 'foo' on all roles where haproxy is included. Deployment Steps ---------------- diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index f5ca329e..c2c2d023 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,8 +69,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 239b6ca9..ffc4c83a 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -105,8 +105,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 5658e416..874c6893 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -93,8 +93,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ceilometer_backend: {get_param: CeilometerBackend} # we include db_sync class in puppet-tripleo ceilometer::db::sync_db: false diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index a5d7fcf1..88e7edb7 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1b82f55c..6855a838 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/congress' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' congress::keystone::auth::tenant: 'service' congress::keystone::auth::password: {get_param: CongressPassword} congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} @@ -88,3 +87,11 @@ outputs: step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop congress service + tags: step2 + service: name=openstack-congress-server state=stopped diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml new file mode 100644 index 00000000..1415391c --- /dev/null +++ b/puppet/services/database/mysql-client.yaml @@ -0,0 +1,30 @@ +heat_template_version: ocata + +description: > + Mysql client settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base:database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + step_config: | + include ::tripleo::profile::base::database::mysql::client diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 002342b6..bb10140e 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -90,8 +90,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ec2_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - if: - nova_workers_zero diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c4f97d54..d26d96aa 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -91,8 +91,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 8fddae4b..c6310056 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' gnocchi::db::sync::extra_opts: '--skip-storage' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 7bd2fcf1..3ae4cc70 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cfn service tags: step2 diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 0954ad19..56183535 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -68,7 +68,7 @@ outputs: include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cloudwatch service tags: step2 diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ae656b1e..38c5b479 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api service tags: step2 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index e85b7537..7787d0a7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -111,8 +111,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: @@ -139,7 +138,7 @@ outputs: tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_engine service tags: step2 diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index ad7ef6ea..d186b047 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,8 +60,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 29157959..fec455d1 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -31,6 +31,7 @@ outputs: config_settings: kernel_modules: nf_conntrack: {} + ip_conntrack_proto_sctp: {} sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b2374ec4..9c4cc60f 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -193,8 +193,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 2a9745a2..c183bc08 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 4d020498..e1030346 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,8 +65,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b3a07fb0..4d671e15 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -127,8 +127,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 06927fe0..1d6a2371 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -22,10 +22,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -35,6 +31,19 @@ parameters: tag: openstack.neutron.agent.l3-compute path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -56,7 +65,11 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::agent_mode : 'dvr' + - neutron::agents::l3::agent_mode : 'dvr' + - + if: + - external_network_bridge_empty + - {} + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 69803551..4fa49275 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -21,10 +21,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -43,6 +39,15 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + conditions: external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index ad1dcfb0..f948dd07 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index d18b5b48..0adefecd 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -194,12 +194,12 @@ outputs: tags: step0,pre-upgrade when: is_bootstrap_node command: nova-manage db online_data_migrations - - name: update nova api - tags: step2 - yum: name=openstack-nova-api state=latest - name: Stop and disable nova_api service (pre-upgrade not under httpd) tags: step2 service: name=openstack-nova-api state=stopped enabled=no + - name: update nova api + tags: step2 + yum: name=openstack-nova-api state=latest - name: Create puppet manifest to set transport_url in nova.conf tags: step5 when: is_bootstrap_node diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index d892c36d..ceacb0b2 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -150,6 +150,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::api_database_connection: list_join: - '' @@ -159,6 +160,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::placement_database_connection: list_join: - '' @@ -168,6 +170,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 9389c801..3ae19a67 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -79,6 +79,10 @@ outputs: dport: - 8778 - 13778 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 37ba1f73..909a3030 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -66,8 +66,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/octavia' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' octavia::keystone::authtoken::password: {get_param: OctaviaPassword} diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ca21cfbe..9398d6b5 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -143,5 +143,5 @@ outputs: pacemaker_cluster: state=online - name: Check pacemaker resource tags: step4 - pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500 with_items: {get_param: PacemakerResources} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 2c2586af..998e64ee 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,8 +46,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index e2084186..224989be 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 987fe25b..176514ec 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -53,6 +53,3 @@ outputs: - name: Stop sahara_engine service tags: step2 service: name=openstack-sahara-engine state=stopped - - name: Sync sahara_engine DB - tags: step5 - command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 526fa888..c941b598 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -138,6 +138,7 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 5cf09a6d..6ceb9f19 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/tacker' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tacker::keystone::auth::tenant: 'service' tacker::keystone::auth::password: {get_param: TackerPassword} @@ -89,3 +88,10 @@ outputs: step_config: | include ::tripleo::profile::base::tacker + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running" + shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop tacker service + tags: step2 + service: name=openstack-tacker-server state=stopped diff --git a/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml b/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml new file mode 100644 index 00000000..59f1fb99 --- /dev/null +++ b/releasenotes/notes/manila-with-managed-ceph-e5178fd06127624f.yaml @@ -0,0 +1,11 @@ +--- +prelude: > + Support for Manila/CephFS with TripleO managed Ceph cluster +features: + - | + It is now possible to configure Manila with CephFS to use a + TripleO managed Ceph cluster. When using the Heat environment + file at environments/manila-cephfsnative-config.yaml Manila + will be configured to use the TripleO managed Ceph cluster + if CephMDS is deployed as well, which can be done using the + file environments/services/ceph-mds.yaml
\ No newline at end of file diff --git a/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml new file mode 100644 index 00000000..e9974a20 --- /dev/null +++ b/releasenotes/notes/swift-ring-keeper-c04b440d7d5ce13f.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Swift rings created or updated on the overcloud nodes will now be + stored on the undercloud at the end of each deployment. They will be + retrieved before any deployment update, and by doing this the Swift + rings will be in a consistent state across the cluster all the time. + This makes it possible to add, remove or replace nodes without + manual operator interaction. diff --git a/roles_data.yaml b/roles_data.yaml index 31b12986..9e3b0a18 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -17,6 +17,10 @@ # disable_constraints: (boolean) optional, whether to disable Nova and Glance # constraints for each role specified in the templates. # +# disable_upgrade_deployment: (boolean) optional, whether to run the +# ansible upgrade steps for all services that are deployed on the role. If set +# to True, the operator will drive the upgrade for this role's nodes. +# # upgrade_batch_size: (number): batch size for upgrades where tasks are # specified by services to run in batches vs all nodes at once. # This defaults to 1, but larger batches may be specified here. @@ -47,6 +51,7 @@ - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 0eacbc60..1d0dba02 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -62,14 +62,12 @@ def validate_mysql_connection(settings): return items == ['EndpointMap', 'MysqlInternal', 'protocol'] def client_bind_address(item): - return 'bind_address' in item + return 'read_default_file' in item and \ + 'read_default_group' in item def validate_mysql_uri(key, items): # Only consider a connection if it targets mysql - # TODO(owalsh): skip nova mysql uris,temporary workaround for - # tripleo/+bug/1662344 - if not key.startswith('nova') and \ - key.endswith('connection') and \ + if key.endswith('connection') and \ search(items, mysql_protocol, no_op): # Assume the "bind_address" option is one of # the token that made up the uri |