diff options
59 files changed, 1610 insertions, 412 deletions
@@ -54,6 +54,9 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + * roles: example roles that can be used with the tripleoclient to generate + a roles_data.yaml for a deployment See the + `roles/README.rst <roles/README.rst>`_ for additional details. Service testing matrix ---------------------- diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml new file mode 100644 index 00000000..a0beaa2c --- /dev/null +++ b/docker/deploy-steps-playbook.yaml @@ -0,0 +1,47 @@ +- hosts: localhost + connection: local + tasks: + ##################################################### + # Per step puppet configuration of the baremetal host + ##################################################### + - name: Write the config_step hieradata + copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true + - name: Run puppet host configuration for step {{step}} + # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3 + # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp + ###################################### + # Generate config via docker-puppet.py + ###################################### + - name: Run docker-puppet tasks (generate config) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + NET_HOST: 'true' + when: step == "1" + changed_when: false + check_mode: no + ################################################## + # Per step starting of the containers using paunch + ################################################## + - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists + stat: + path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json + register: docker_config_json + - name: Start containers for step {{step}} + command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + when: docker_config_json.stat.exists + changed_when: false + check_mode: no + ######################################################## + # Bootstrap tasks, only performed on bootstrap_server_id + ######################################################## + - name: Run docker-puppet tasks (bootstrap tasks) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + NET_HOST: "true" + NO_ARCHIVE: "true" + STEP: "{{step}}" + when: deploy_server_id == bootstrap_server_id + changed_when: false + check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 49dd00cd..d9d0c255 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -176,6 +176,10 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume mkdir -p /var/lib/config-data/${NAME}/etc cp -a /etc/* /var/lib/config-data/${NAME}/etc/ + # workaround LP1696283 + mkdir -p /var/lib/config-data/${NAME}/etc/ssh + touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts + if [ -d /root/ ]; then cp -a /root/ /var/lib/config-data/${NAME}/root/ fi diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 86811b86..a56ca02b 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -55,39 +55,18 @@ resources: step_{{step}}: {} {%- endfor %} -# BEGIN primary_role_name docker-puppet-tasks (run only on a single node) -{% for step in range(1, deploy_steps_max) %} - - {{primary_role_name}}DockerPuppetTasksConfig{{step}}: + RoleConfig: type: OS::Heat::SoftwareConfig properties: - group: script - config: {get_file: docker-puppet.py} + group: ansible + options: + modulepath: /usr/share/ansible-modules inputs: - - name: CONFIG - - name: NET_HOST - - name: NO_ARCHIVE - - name: STEP - - {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: - type: OS::Heat::SoftwareDeployment - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} - - {{dep.name}}ContainersDeployment_Step{{step}} - {% endfor %} - properties: - name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}} - server: {get_param: [servers, {{primary_role_name}}, '0']} - config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}} - input_values: - CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json - NET_HOST: 'true' - NO_ARCHIVE: 'true' - STEP: {{step}} - -{% endfor %} -# END primary_role_name docker-puppet-tasks + - name: step + - name: role_name + - name: update_identifier + - name: bootstrap_server_id + config: {get_file: deploy-steps-playbook.yaml} {% for role in roles %} # Post deployment steps for all roles @@ -122,6 +101,7 @@ resources: docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -130,9 +110,11 @@ resources: host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]} template_tasks: {%- raw %} - # This is where we stack puppet configuration (for now)... - - name: Create /var/lib/config-data - file: path=/var/lib/config-data state=directory + # Write the manifest for baremetal puppet configuration + - name: Create /var/lib/tripleo-config directory + file: path=/var/lib/tripleo-config state=directory + - name: Write the puppet step_config manifest + copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes # This is the docker-puppet configs end in - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory @@ -145,13 +127,22 @@ resources: # Here we are dumping all the docker container startup configuration data # so that we can have access to how they are started outside of heat # and docker-cmd. This lets us create command line tools to test containers. + # FIXME do we need the docker-container-startup-configs.json or is the new per-step + # data consumed by paunch enough? - name: Write docker-container-startup-configs copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes + - name: Write per-step docker-container-startup-configs + copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes + with_dict: "{{docker_startup_configs}}" - name: Create /var/lib/kolla/config_files directory file: path=/var/lib/kolla/config_files state=directory - name: Write kolla config json files copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes with_dict: "{{kolla_config}}" + - name: Install paunch FIXME remove when packaged + shell: | + yum -y install python-pip + pip install paunch ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## @@ -167,24 +158,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}GenerateConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: docker-puppet.py} - inputs: - - name: NET_HOST - - {{role.name}}GenerateConfigDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment] - properties: - name: {{role.name}}GenerateConfigDeployment - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}GenerateConfig} - input_values: - NET_HOST: 'true' - {{role.name}}PuppetStepConfig: type: OS::Heat::Value properties: @@ -212,20 +185,16 @@ resources: service_names: {get_param: [role_data, {{role.name}}, service_names]} docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN BAREMETAL CONFIG STEPS + # BEGIN CONFIG STEPS {{role.name}}PreConfig: type: OS::TripleO::Tasks::{{role.name}}PreConfig + depends_on: {{role.name}}HostPrepDeployment properties: servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]} - {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: @@ -236,64 +205,26 @@ resources: depends_on: {% for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - - {{dep.name}}ContainersDeployment_Step{{step -1}} {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} {% endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + config: {get_resource: RoleConfig} input_values: step: {{step}} + role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} + bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} {% endfor %} - # END BAREMETAL CONFIG STEPS - - # BEGIN CONTAINER CONFIG STEPS - {% for step in range(1, deploy_steps_max) %} - - {{role.name}}ContainersConfig_Step{{step}}: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]} - - {{role.name}}ContainersDeployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - {%- endfor %} - - {{role.name}}PreConfig - - {{role.name}}HostPrepDeployment - - {{role.name}}GenerateConfigDeployment - {% else %} - depends_on: - {% for dep in roles %} - - {{dep.name}}ContainersDeployment_Step{{step -1}} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} - {% endif %} - properties: - name: {{role.name}}ContainersDeployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}} - - {% endfor %} - # END CONTAINER CONFIG STEPS + # END CONFIG STEPS {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: {% for dep in roles %} - {{dep.name}}Deployment_Step5 - - {{primary_role_name}}DockerPuppetTasksDeployment5 {% endfor %} properties: servers: {get_param: servers} diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index fe8dc158..359dc3a7 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -83,6 +83,7 @@ outputs: - - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index a9912a1f..973d9994 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -18,3 +18,4 @@ outputs: - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro # Syslog socket - /dev/log:/dev/log + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 73df96c5..9000aee9 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -77,6 +77,14 @@ outputs: recurse: true docker_config: step_1: + redis_init_logs: + start_order: 0 + image: *redis_image + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: image: *redis_image net: host @@ -87,14 +95,17 @@ outputs: - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/redis/etc/:/etc/:ro - /etc/localtime:/etc/localtime:ro - - logs:/var/log/kolla + - /var/log/containers/redis:/var/log/redis environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /var/run/redis + - name: create persistent directories file: - path: /var/run/redis + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/redis + - /var/run/redis upgrade_tasks: - name: Stop and disable redis service tags: step2 diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml new file mode 100644 index 00000000..022eb5dd --- /dev/null +++ b/docker/services/horizon.yaml @@ -0,0 +1,128 @@ +heat_template_version: pike + +description: > + OpenStack containerized Horizon service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHorizonImage: + description: image + default: 'centos-binary-horizon:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HorizonBase: + type: ../../puppet/services/horizon.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Horizon API role. + value: + service_name: {get_attr: [HorizonBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HorizonBase, role_data, config_settings] + - horizon::vhost_extra_params: + add_listen: true + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + - horizon::secure_cookies: false + step_config: {get_attr: [HorizonBase, role_data, step_config]} + service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: horizon + puppet_tags: horizon_config + step_config: {get_attr: [HorizonBase, role_data, step_config]} + config_image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + kolla_config: + /var/lib/kolla/config_files/horizon.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/horizon/ + owner: apache:apache + recurse: true + # FIXME Apache tries to write a .lock file there + - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ + owner: apache:apache + recurse: false + docker_config: + step_3: + horizon_fix_perms: + image: *horizon_image + user: root + # NOTE Set ownership for /var/log/horizon/horizon.log file here, + # otherwise it's created by root when generating django cache. + # FIXME Apache needs to read files in /etc/openstack-dashboard + # Need to set permissions to match the BM case, + # http://paste.openstack.org/show/609819/ + command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard'] + volumes: + - /var/log/containers/horizon:/var/log/horizon + - /var/lib/config-data/horizon/etc/:/etc/ + horizon: + start_order: 1 + image: *horizon_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro + - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/log/containers/horizon:/var/log/horizon + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/horizon + state: directory + upgrade_tasks: + - name: Stop and disable horizon service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HorizonBase, role_data, metadata_settings] diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 97901bc8..bd5147d3 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -104,3 +104,8 @@ outputs: file: path: /var/log/containers/neutron state: directory + upgrade_tasks: + - name: Stop and disable neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped enabled=no + diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 4f10a1a3..536cc9f1 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -90,7 +90,7 @@ outputs: image: *nova_compute_image net: host privileged: true - user: root + user: nova restart: always volumes: list_concat: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 9779d676..df0051f2 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -44,6 +44,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + UseTLSTransportForLiveMigration: + type: boolean + default: true + description: If set to true and if EnableInternalTLS is enabled, it will + set the libvirt URI's transport to tls and configure the + relevant keys for libvirt. + +conditions: + + use_tls_for_live_migration: + and: + - equals: + - {get_param: EnableInternalTLS} + - true + - equals: + - {get_param: UseTLSTransportForLiveMigration} + - true resources: @@ -85,7 +105,11 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova-libvirt.json: - command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + command: + if: + - use_tls_for_live_migration + - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf + - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf permissions: - path: /var/log/nova owner: nova:nova diff --git a/environments/docker.yaml b/environments/docker.yaml index 5b03b084..28527945 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -46,6 +46,7 @@ resource_registry: OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index 8bcae1d3..3c508d11 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -45,57 +45,61 @@ if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys fi -PHYSICAL_NETWORK=ctlplane - -ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) -subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) -subnet_id= +if [ "$(hiera neutron_api_enabled)" = "true" ]; then + PHYSICAL_NETWORK=ctlplane + + ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) + subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) + subnet_id= + + for subnet_id in $subnet_ids; do + network_id=$(openstack subnet show -f value -c network_id $subnet_id) + if [ "$network_id" = "$ctlplane_id" ]; then + break + fi + done -for subnet_id in $subnet_ids; do - network_id=$(openstack subnet show -f value -c network_id $subnet_id) - if [ "$network_id" = "$ctlplane_id" ]; then - break - fi -done - -net_create=1 -if [ -n "$subnet_id" ]; then - cidr=$(openstack subnet show $subnet_id -f value -c cidr) - if [ "$cidr" = "$undercloud_network_cidr" ]; then - net_create=0 - else - echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" - echo "Will attempt to delete and recreate subnet $subnet_id" + net_create=1 + if [ -n "$subnet_id" ]; then + cidr=$(openstack subnet show $subnet_id -f value -c cidr) + if [ "$cidr" = "$undercloud_network_cidr" ]; then + net_create=0 + else + echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" + echo "Will attempt to delete and recreate subnet $subnet_id" + fi fi -fi -if [ "$net_create" -eq "1" ]; then - # Delete the subnet and network to make sure it doesn't already exist - if openstack subnet list | grep start; then - openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') - fi - if openstack network show ctlplane; then - openstack network delete ctlplane + if [ "$net_create" -eq "1" ]; then + # Delete the subnet and network to make sure it doesn't already exist + if openstack subnet list | grep start; then + openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') + fi + if openstack network show ctlplane; then + openstack network delete ctlplane + fi + + + NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') + + NAMESERVER_ARG="" + if [ -n "${undercloud_nameserver:-}" ]; then + NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" + fi + + openstack subnet create --network=$NETWORK_ID \ + --gateway=$undercloud_network_gateway \ + --subnet-range=$undercloud_network_cidr \ + --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ + --host-route destination=169.254.169.254/32,gateway=$local_ip \ + $NAMESERVER_ARG ctlplane fi - - - NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') - - NAMESERVER_ARG="" - if [ -n "${undercloud_nameserver:-}" ]; then - NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" - fi - - openstack subnet create --network=$NETWORK_ID \ - --gateway=$undercloud_network_gateway \ - --subnet-range=$undercloud_network_cidr \ - --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ - --host-route destination=169.254.169.254/32,gateway=$local_ip \ - $NAMESERVER_ARG ctlplane fi -# Disable nova quotas -openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +if [ "$(hiera nova_api_enabled)" = "true" ]; then + # Disable nova quotas + openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +fi # MISTRAL WORKFLOW CONFIGURATION if [ "$(hiera mistral_api_enabled)" = "true" ]; then diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index d66cbd90..60ddeb8a 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -376,12 +376,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] BlockStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -400,22 +403,30 @@ resources: BlockStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: BlockStorageUpgradeInitDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] BlockStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: BlockStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: BlockStorageDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Map heat metadata into hiera datafiles BlockStorageConfig: @@ -426,6 +437,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - volume_extraconfig - extraconfig - service_names @@ -476,7 +488,6 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -484,6 +495,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index d4dfa719..9d30ab29 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -382,12 +382,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] CephStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -406,22 +409,30 @@ resources: CephStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: CephStorageUpgradeInitDeployment server: {get_resource: CephStorage} config: {get_resource: CephStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: CephStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: CephStorageDeployment config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageConfig: type: OS::Heat::StructuredConfig @@ -431,6 +442,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - ceph_extraconfig - extraconfig - service_names @@ -488,13 +500,17 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: CephStorage} input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index ff1f6d2a..06a31ec9 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -396,12 +396,15 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} - actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -423,9 +426,13 @@ resources: NovaComputeUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: NovaComputeUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: NovaCompute} config: {get_resource: NovaComputeUpgradeInitConfig} @@ -437,6 +444,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - compute_extraconfig - extraconfig - service_names @@ -475,9 +483,13 @@ resources: NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NovaComputeUpgradeInitDeployment - condition: server_not_blacklisted properties: name: NovaComputeDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: @@ -511,9 +523,13 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: NovaCompute} input_values: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 9bf110d5..cccfdef1 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -415,13 +415,16 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment - condition: server_not_blacklisted depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: Controller} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} @@ -457,19 +460,27 @@ resources: # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first ControllerUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment - condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: ControllerUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: Controller} config: {get_resource: ControllerUpgradeInitConfig} ControllerDeployment: type: OS::TripleO::SoftwareDeployment - condition: server_not_blacklisted depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: @@ -486,6 +497,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - controller_extraconfig - extraconfig - service_configs @@ -550,10 +562,14 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment - condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 2f7056c4..19ea1b65 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -376,12 +376,16 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] + SwiftStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -400,11 +404,15 @@ resources: SwiftStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: SwiftStorageUpgradeInitDeployment server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -414,6 +422,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - object_extraconfig - extraconfig - service_names @@ -446,13 +455,17 @@ resources: SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment depends_on: SwiftStorageUpgradeInitDeployment - condition: server_not_blacklisted properties: name: SwiftStorageHieraDeploy server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageHieraConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -475,13 +488,17 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: SwiftStorage} input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 7acf2dfb..7af90e24 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -398,7 +398,6 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig - condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -407,6 +406,11 @@ resources: input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] {{role}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -425,22 +429,30 @@ resources: {{role}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: {{role}}UpgradeInitDeployment server: {get_resource: {{role}}} config: {get_resource: {{role}}UpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Deployment: type: OS::Heat::StructuredDeployment depends_on: {{role}}UpgradeInitDeployment - condition: server_not_blacklisted properties: name: {{role}}Deployment config: {get_resource: {{role}}Config} server: {get_resource: {{role}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Config: type: OS::Heat::StructuredConfig @@ -450,6 +462,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - {{role.lower()}}_extraconfig - extraconfig - service_names @@ -509,7 +522,6 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment - condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -517,6 +529,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 331fe9a9..0563d08b 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -56,11 +56,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + AodhDebug: + default: '' + description: Set to True to enable debugging Aodh services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: AodhDebug}, '']} + outputs: role_data: description: Role data for the Aodh role. @@ -78,7 +85,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - aodh::debug: {get_param: Debug} + aodh::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: AodhDebug } aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} aodh::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 53fba63e..51331242 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -38,6 +38,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + BarbicanDebug: + default: '' + description: Set to True to enable debugging Barbican service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -81,6 +85,9 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']} + outputs: role_data: description: Role data for the Barbican API role. @@ -97,7 +104,11 @@ outputs: barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} barbican::api::db_auto_create: false barbican::api::enabled_certificate_plugins: ['simple_certificate'] - barbican::api::logging::debug: {get_param: Debug} + barbican::api::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: BarbicanDebug } barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} barbican::api::rabbit_userid: {get_param: RabbitUserName} barbican::api::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index b3e2c3a4..1d86369b 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -64,6 +64,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CeilometerDebug: + default: '' + description: Set to True to enable debugging Ceilometer services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -100,13 +104,20 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']} + outputs: role_data: description: Role data for the Ceilometer role. value: service_name: ceilometer_base config_settings: - ceilometer::debug: {get_param: Debug} + ceilometer::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CeilometerDebug } ceilometer::keystone::authtoken::project_name: 'service' ceilometer::keystone::authtoken::user_domain_name: 'Default' ceilometer::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 2ba5aa52..f7dfe5e1 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -12,6 +12,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CinderDebug: + default: '' + description: Set to True to enable debugging on Cinder services. + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -93,6 +97,9 @@ parameters: Cron to move deleted instances to another table - Log destination default: '/var/log/cinder/cinder-rowsflush.log' +conditions: + service_debug_unset: {equals : [{get_param: CinderDebug}, '']} + outputs: role_data: description: Role data for the Cinder base service. @@ -109,7 +116,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - cinder::debug: {get_param: Debug} + cinder::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CinderDebug } cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 8fbcd99d..5bca94d7 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + CongressDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: CongressDebug}, '']} + outputs: role_data: description: Role data for the Congress role. @@ -79,7 +86,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - congress::debug: {get_param: Debug} + congress::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CongressDebug } congress::rpc_backend: rabbit congress::rabbit_userid: {get_param: RabbitUserName} congress::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index 9b7b47ef..7be394b6 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,24 +27,12 @@ parameters: via parameter_defaults in the resource registry. type: json -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::expirer::enable_cron: false - step_config: | - include ::tripleo::profile::base::ceilometer::expirer + upgrade_tasks: + - name: Remove ceilometer expirer cron tab on upgrade + tags: step1 + shell: '/usr/bin/crontab -u ceilometer -r' diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 28151744..7812c8e2 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + GlanceDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string GlancePassword: description: The password for the glance service and db account, used by the glance services. type: string @@ -59,10 +63,6 @@ parameters: CephClientUserName: default: openstack type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string @@ -128,6 +128,7 @@ parameters: conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} + service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} resources: @@ -170,7 +171,11 @@ outputs: glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true - glance::api::debug: {get_param: Debug} + glance::api::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GlanceDebug } glance::policy::policies: {get_param: GlanceApiPolicies} tripleo.glance_api.firewall_rules: '112 glance_api': diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 80ef7171..e6a172a0 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -34,6 +34,10 @@ parameters: default: 30 description: Delay between processing metrics. type: number + NumberOfStorageSacks: + default: '128' + description: Number of storage sacks to create. + type: string GnocchiPassword: description: The password for the gnocchi service and db account. type: string @@ -52,6 +56,13 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + GnocchiDebug: + default: '' + description: Set to True to enable debugging Gnocchi services. + type: string + +conditions: + service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']} outputs: aux_parameters: @@ -65,7 +76,11 @@ outputs: config_settings: #Gnocchi engine gnocchi_redis_password: {get_param: RedisPassword} - gnocchi::debug: {get_param: Debug} + gnocchi::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GnocchiDebug } gnocchi::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} @@ -76,7 +91,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - gnocchi::db::sync::extra_opts: '' + gnocchi::db::sync::extra_opts: + list_join: + - ' ' + - - '--num-storage-sacks' + - {get_param: NumberOfStorageSacks} gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay} gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 3 diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index dfd823db..d89fe46a 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -8,6 +8,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HeatDebug: + default: '' + description: Set to True to enable debugging Heat services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -112,6 +116,9 @@ parameters: description: Maximum raw byte size of the Heat API JSON request body. type: number +conditions: + service_debug_unset: {equals : [{get_param: HeatDebug}, '']} + outputs: role_data: description: Shared role data for the Heat services. @@ -122,7 +129,11 @@ outputs: heat::rabbit_password: {get_param: RabbitPassword} heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} heat::rabbit_port: {get_param: RabbitClientPort} - heat::debug: {get_param: Debug} + heat::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: HeatDebug } heat::enable_proxy_headers_parsing: true heat::rpc_response_timeout: 600 # We need this because the default heat policy.json no longer works on TripleO diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 562afe16..93bced8b 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -14,6 +14,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HorizonDebug: + default: false + description: Set to True to enable debugging Horizon service. + type: string DefaultPasswords: default: {} type: json @@ -62,7 +66,7 @@ parameters: conditions: - debug_empty: {equals : [{get_param: Debug}, '']} + debug_unset: {equals : [{get_param: Debug}, '']} outputs: role_data: @@ -104,9 +108,9 @@ outputs: memcached_ipv6: {get_param: MemcachedIPv6} - if: - - debug_empty - - {} - - horizon::django_debug: {get_param: Debug} + - debug_unset + - horizon::django_debug: { get_param: HorizonDebug } + - horizon::django_debug: { get_param: Debug } step_config: | include ::tripleo::profile::base::horizon # Ansible tasks to handle upgrade diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index da485161..41d6cedc 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + IronicDebug: + default: '' + description: Set to True to enable debugging Ironic services. + type: string IronicPassword: description: The password for the Ironic service and db account, used by the Ironic services type: string @@ -53,6 +57,9 @@ parameters: an SSL connection to the RabbitMQ host. type: string +conditions: + service_debug_unset: {equals : [{get_param: IronicDebug}, '']} + outputs: role_data: description: Role data for the Ironic role. @@ -69,7 +76,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - ironic::debug: {get_param: Debug} + ironic::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: IronicDebug } ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 7262e478..f3a9cbc4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -63,6 +63,10 @@ parameters: Debug: type: string default: '' + KeystoneDebug: + default: '' + description: Set to True to enable debugging Keystone service. + type: string AdminEmail: default: 'admin@example.com' description: The email for the keystone admin account. @@ -198,6 +202,7 @@ resources: conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} + service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']} outputs: role_data: @@ -242,7 +247,11 @@ outputs: '/etc/keystone/fernet-keys/1': content: {get_param: KeystoneFernetKey1} keystone::fernet_replace_keys: false - keystone::debug: {get_param: Debug} + keystone::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: KeystoneDebug } keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index a299fffa..d0ee2125 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ManilaDebug: + default: '' + description: Set to True to enable debugging Manila services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -53,6 +57,9 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: ManilaDebug}, '']} + outputs: role_data: description: Role data for the Manila Base service. @@ -63,7 +70,11 @@ outputs: manila::rabbit_password: {get_param: RabbitPassword} manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} manila::rabbit_port: {get_param: RabbitClientPort} - manila::debug: {get_param: Debug} + manila::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ManilaDebug } manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 manila::sql_connection: diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 2e708650..8b3655dd 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -31,6 +31,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + MistralDebug: + default: '' + description: Set to True to enable debugging Mistral services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -58,6 +62,9 @@ parameters: default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: MistralDebug}, '']} + outputs: role_data: description: Shared role data for the Mistral services. @@ -78,7 +85,11 @@ outputs: mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} mistral::rabbit_port: {get_param: RabbitClientPort} - mistral::debug: {get_param: Debug} + mistral::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: MistralDebug } mistral::keystone_password: {get_param: MistralPassword} mistral::keystone_tenant: 'service' mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 57581b58..3c7518b3 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -50,6 +50,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NeutronDebug: + default: '' + description: Set to True to enable debugging Neutron services. + type: string EnableConfigPurge: type: boolean default: false @@ -90,6 +94,7 @@ parameters: conditions: dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} + service_debug_unset: {equals : [{get_param: NeutronDebug}, '']} outputs: role_data: @@ -104,7 +109,11 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::core_plugin: {get_param: NeutronCorePlugin} neutron::service_plugins: {get_param: NeutronServicePlugins} - neutron::debug: {get_param: Debug} + neutron::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronDebug } neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::dns_domain: {get_param: NeutronDnsDomain} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ea21af8a..ea584932 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -68,6 +68,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NovaDebug: + default: '' + description: Set to True to enable debugging Nova services. + type: string EnableConfigPurge: type: boolean default: false @@ -136,6 +140,7 @@ parameters: conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} + service_debug_unset: {equals : [{get_param: NovaDebug}, '']} outputs: role_data: @@ -193,7 +198,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - nova::debug: {get_param: Debug} + nova::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NovaDebug } nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index e39e997a..68a71e42 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -105,6 +105,22 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - nova::compute::vcpu_pin_set: NovaVcpuPinSet + nova::compute::reserved_host_memory: NovaReservedHostMemory + - values: {get_param: [RoleParameters]} + - values: + NovaVcpuPinSet: {get_param: NovaVcpuPinSet} + NovaReservedHostMemory: {get_param: NovaReservedHostMemory} + outputs: role_data: description: Role data for the Nova Compute service. @@ -117,14 +133,18 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [RoleParametersValue, value] - nova::compute::libvirt::manage_libvirt_services: false nova::compute::pci_passthrough: str_replace: template: "JSON_PARAM" params: - JSON_PARAM: {get_param: NovaPCIPassthrough} - nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} - nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} + map_replace: + - map_replace: + - JSON_PARAM: NovaPCIPassthrough + - values: {get_param: [RoleParameters]} + - values: + NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 19dc5b47..0809b3e4 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -30,6 +30,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + OctaviaDebug: + default: '' + description: Set to True to enable debugging Octavia services. + type: string EnableConfigPurge: type: boolean default: false @@ -55,13 +59,20 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} + outputs: role_data: description: Base role data for Octavia services value: service_name: octavia_base config_settings: - octavia::debug: {get_param: Debug} + octavia::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: OctaviaDebug } octavia::purge_config: {get_param: EnableConfigPurge} octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL} octavia::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 84817bcf..a94d4ea5 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -34,11 +34,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + PankoDebug: + default: '' + description: Set to True to enable debugging Panko services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: PankoDebug}, '']} + outputs: role_data: description: Role data for the Panko role. @@ -55,7 +62,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - panko::debug: {get_param: Debug} + panko::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: PankoDebug } panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' panko::keystone::authtoken::user_domain_name: 'Default' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 1ee6d175..c294e744 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -52,11 +52,18 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + SaharaDebug: + default: '' + description: Set to True to enable debugging Sahara services. + type: string SaharaPlugins: default: ["ambari","cdh","mapr","vanilla","spark","storm"] description: Sahara enabled plugin list type: comma_delimited_list +conditions: + service_debug_unset: {equals : [{get_param: SaharaDebug}, '']} + outputs: role_data: description: Role data for the Sahara base service. @@ -77,7 +84,11 @@ outputs: sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} - sahara::debug: {get_param: Debug} + sahara::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: SaharaDebug } # Remove admin_password when https://review.openstack.org/442619 is merged. sahara::admin_password: {get_param: SaharaPassword} sahara::use_neutron: true diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index e121feb3..5ced8c3c 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + TackerDebug: + default: '' + description: Set to True to enable debugging Tacker service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: TackerDebug}, '']} + outputs: role_data: description: Role data for the Tacker role. @@ -80,7 +87,11 @@ outputs: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tacker::debug: {get_param: Debug} + tacker::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: TackerDebug } tacker::rpc_backend: rabbit tacker::rabbit_userid: {get_param: RabbitUserName} tacker::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 6bc296a3..416d86df 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ZaqarDebug: + default: '' + description: Set to True to enable debugging Zaqar service. + type: string ZaqarPassword: description: The password for Zaqar type: string @@ -54,6 +58,7 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} + service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} resources: @@ -78,7 +83,11 @@ outputs: zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - zaqar::debug: {get_param: Debug} + zaqar::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} zaqar::wsgi::apache::ssl: false diff --git a/releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml b/releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml new file mode 100644 index 00000000..e5adb6a9 --- /dev/null +++ b/releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support to configure number of sacks in gnocchi. diff --git a/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml new file mode 100644 index 00000000..da9af4a3 --- /dev/null +++ b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Allow to configure debug per service. + The feature is backward compatible with existing Debug parameter. + Adding a new parameter per service, e.g. GlanceDebug. Set to False, + it will disable debug for the service, even if Debug is set to True. + If Debug is set to False but GlanceDebug is set to True, Glance debug + will be enabled. diff --git a/releasenotes/notes/example-roles-d27c748090f6a154.yaml b/releasenotes/notes/example-roles-d27c748090f6a154.yaml new file mode 100644 index 00000000..e27674da --- /dev/null +++ b/releasenotes/notes/example-roles-d27c748090f6a154.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + A set of example roles has been created in the roles folder in + tripleo-heat-templates. Management of services for roles should occur + in these role files rather than in roles_data.yaml. diff --git a/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml new file mode 100644 index 00000000..7854fa5c --- /dev/null +++ b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats + configured with ceilometer user will be removed to ensure the expirer + script is not running. diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml new file mode 100644 index 00000000..d242a5bb --- /dev/null +++ b/roles/BlockStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: BlockStorage # +############################################################################### +- name: BlockStorage + description: | + Cinder Block Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml new file mode 100644 index 00000000..d3de6bae --- /dev/null +++ b/roles/CephStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: CephStorage # +############################################################################### +- name: CephStorage + description: | + Ceph OSD Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Compute.yaml b/roles/Compute.yaml new file mode 100644 index 00000000..73ec6595 --- /dev/null +++ b/roles/Compute.yaml @@ -0,0 +1,40 @@ +############################################################################### +# Role: Compute # +############################################################################### +- name: Compute + description: | + Basic Compute Node role + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp diff --git a/roles/Controller.yaml b/roles/Controller.yaml new file mode 100644 index 00000000..7511d4c0 --- /dev/null +++ b/roles/Controller.yaml @@ -0,0 +1,120 @@ +############################################################################### +# Role: Controller # +############################################################################### +- name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml new file mode 100644 index 00000000..2d1702e8 --- /dev/null +++ b/roles/ControllerOpenstack.yaml @@ -0,0 +1,98 @@ +############################################################################### +# Role: ControllerOpenstack # +############################################################################### +- name: ControllerOpenstack + description: | + Controller role that does not contain the database, messaging and networking + components. Use in combination with the Database, Messaging and Networker + roles. + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar + diff --git a/roles/Database.yaml b/roles/Database.yaml new file mode 100644 index 00000000..3ef751a7 --- /dev/null +++ b/roles/Database.yaml @@ -0,0 +1,23 @@ +############################################################################### +# Role: Database # +############################################################################### +- name: Database + description: | + Standalone database role with the database being managed via Pacemaker + HostnameFormatDefault: '%stackname%-database-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml new file mode 100644 index 00000000..cbef61ab --- /dev/null +++ b/roles/Messaging.yaml @@ -0,0 +1,22 @@ +############################################################################### +# Role: Messaging # +############################################################################### +- name: Messaging + description: | + Standalone messaging role with RabbitMQ being managed via Pacemaker + HostnameFormatDefault: '%stackname%-messaging-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Networker.yaml b/roles/Networker.yaml new file mode 100644 index 00000000..b393fa7b --- /dev/null +++ b/roles/Networker.yaml @@ -0,0 +1,36 @@ +############################################################################### +# Role: Networker # +############################################################################### +- name: Networker + description: | + Standalone networking role to run Neutron services their own. Includes + Pacemaker integration via PacemakerRemote + HostnameFormatDefault: '%stackname%-networker-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpvpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::PacemakerRemote + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml new file mode 100644 index 00000000..3741ca66 --- /dev/null +++ b/roles/ObjectStorage.yaml @@ -0,0 +1,26 @@ +############################################################################### +# Role: ObjectStorage # +############################################################################### +- name: ObjectStorage + description: | + Swift Object Storage node role + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/README.rst b/roles/README.rst new file mode 100644 index 00000000..6c742332 --- /dev/null +++ b/roles/README.rst @@ -0,0 +1,206 @@ +Roles +===== + +The yaml files in this directory can be combined into a single roles_data.yaml +and be used with TripleO to create custom deployments. + +Use tripleoclient to build your own custom roles_data.yaml for your +environment. + +roles_data.yaml +--------------- + +The roles_data.yaml specifies which roles (groups of nodes) will be deployed. +Note this file is used as an input the the various \*.j2.yaml jinja2 templates, +so that they are converted into \*.yaml during the plan creation. This occurs +via a mistral action/workflow. The file format of this file is a yaml list. + +Role YAML files +=============== + +Each role yaml file should contain only a single role. The filename should +match the role name. The name of the role is mandatory and must be unique. + +The role files in this folder should contain at least a role name and the +default list of services for the role. + +Role Options +------------ + +* CountDefault: (number) optional, default number of nodes, defaults to 0 + sets the default for the {{role.name}}Count parameter in overcloud.yaml + +* HostnameFormatDefault: (string) optional default format string for hostname + defaults to '%stackname%-{{role.name.lower()}}-%index%' + sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml + +* disable_constraints: (boolean) optional, whether to disable Nova and Glance + constraints for each role specified in the templates. + +* disable_upgrade_deployment: (boolean) optional, whether to run the + ansible upgrade steps for all services that are deployed on the role. If set + to True, the operator will drive the upgrade for this role's nodes. + +* upgrade_batch_size: (number): batch size for upgrades where tasks are + specified by services to run in batches vs all nodes at once. + This defaults to 1, but larger batches may be specified here. + +* ServicesDefault: (list) optional default list of services to be deployed + on the role, defaults to an empty list. Sets the default for the + {{role.name}}Services parameter in overcloud.yaml + +* tags: (list) list of tags used by other parts of the deployment process to + find the role for a specific type of functionality. Currently a role + with both 'primary' and 'controller' is used as the primary role for the + deployment process. If no roles have have 'primary' and 'controller', the + first role in this file is used as the primary role. + +* description: (string) as few sentences describing the role and information + pertaining to the usage of the role. + +Working with Roles +================== +The tripleoclient provides a series of commands that can be used to view +roles and generate a roles_data.yaml file for deployment. + +Listing Available Roles +----------------------- +The ``openstack overcloud role list`` command can be used to view the list +of roles provided by tripleo-heat-templates. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role list [-h] [--roles-path <roles directory>] + + List availables roles + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role list + BlockStorage + CephStorage + Compute + Controller + ControllerOpenstack + Database + Messaging + Networker + ObjectStorage + Telemetry + Undercloud + +Viewing Role Details +-------------------- +The ``openstack overcloud role show`` command can be used as a quick way to +view some of the information about a role. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role show [-h] [--roles-path <roles directory>] + <role> + + Show information about a given role + + positional arguments: + <role> Role to display more information about. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role show Compute + ############################################################################### + # Role Data for 'Compute' + ############################################################################### + HostnameFormatDefault: '%stackname%-novacompute-%index%' + ServicesDefault: + * OS::TripleO::Services::AuditD + * OS::TripleO::Services::CACerts + * OS::TripleO::Services::CephClient + * OS::TripleO::Services::CephExternal + * OS::TripleO::Services::CertmongerUser + * OS::TripleO::Services::Collectd + * OS::TripleO::Services::ComputeCeilometerAgent + * OS::TripleO::Services::ComputeNeutronCorePlugin + * OS::TripleO::Services::ComputeNeutronL3Agent + * OS::TripleO::Services::ComputeNeutronMetadataAgent + * OS::TripleO::Services::ComputeNeutronOvsAgent + * OS::TripleO::Services::Docker + * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Kernel + * OS::TripleO::Services::MySQLClient + * OS::TripleO::Services::NeutronSriovAgent + * OS::TripleO::Services::NeutronVppAgent + * OS::TripleO::Services::NovaCompute + * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::Ntp + * OS::TripleO::Services::OpenDaylightOvs + * OS::TripleO::Services::Securetty + * OS::TripleO::Services::SensuClient + * OS::TripleO::Services::Snmp + * OS::TripleO::Services::Sshd + * OS::TripleO::Services::Timezone + * OS::TripleO::Services::TripleoFirewall + * OS::TripleO::Services::TripleoPackages + * OS::TripleO::Services::Vpp + name: 'Compute' + +Generate roles_data.yaml +------------------------ +The ``openstack overcloud roles generate`` command can be used to generate +a roles_data.yaml file for deployments. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud roles generate [-h] + [--roles-path <roles directory>] + [-o <output file>] + <role> [<role> ...] + + Generate roles_data.yaml file + + positional arguments: + <role> List of roles to use to generate the roles_data.yaml + file for the deployment. NOTE: Ordering is important + if no role has the "primary" and "controller" tags. If + no role is tagged then the first role listed will be + considered the primary role. This usually is the + controller role. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + -o <output file>, --output-file <output file> + File to capture all output to. For example, + roles_data.yaml + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml new file mode 100644 index 00000000..0f60364b --- /dev/null +++ b/roles/Telemetry.yaml @@ -0,0 +1,30 @@ +############################################################################### +# Role: Telemetry # +############################################################################### +- name: Telemetry + description: | + Telemetry role that has all the telemetry services. + HostnameFormatDefault: '%stackname%-telemetry-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml new file mode 100644 index 00000000..0a9bcadf --- /dev/null +++ b/roles/Undercloud.yaml @@ -0,0 +1,55 @@ +############################################################################### +# Role: Undercloud # +############################################################################### +- name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. + CountDefault: 1 + disable_constraints: True + tags: + - primary + - controller + ServicesDefault: + - OS::TripleO::Services::Apache + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::UndercloudAodhApi + - OS::TripleO::Services::UndercloudAodhEvaluator + - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::UndercloudGnocchiApi + - OS::TripleO::Services::UndercloudGnocchiMetricd + - OS::TripleO::Services::UndercloudGnocchiStatsd + - OS::TripleO::Services::UndercloudPankoApi + - OS::TripleO::Services::Zaqar diff --git a/roles_data.yaml b/roles_data.yaml index 86cd3f0d..c536e834 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -1,248 +1,237 @@ -# Specifies which roles (groups of nodes) will be deployed -# Note this is used as an input to the various *.j2.yaml -# jinja2 templates, so that they are converted into *.yaml -# during the plan creation (via a mistral action/workflow). -# -# The format is a list, with the following format: -# -# * name: (string) mandatory, name of the role, must be unique -# -# CountDefault: (number) optional, default number of nodes, defaults to 0 -# sets the default for the {{role.name}}Count parameter in overcloud.yaml -# -# HostnameFormatDefault: (string) optional default format string for hostname -# defaults to '%stackname%-{{role.name.lower()}}-%index%' -# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml -# -# disable_constraints: (boolean) optional, whether to disable Nova and Glance -# constraints for each role specified in the templates. -# -# disable_upgrade_deployment: (boolean) optional, whether to run the -# ansible upgrade steps for all services that are deployed on the role. If set -# to True, the operator will drive the upgrade for this role's nodes. -# -# upgrade_batch_size: (number): batch size for upgrades where tasks are -# specified by services to run in batches vs all nodes at once. -# This defaults to 1, but larger batches may be specified here. -# -# ServicesDefault: (list) optional default list of services to be deployed -# on the role, defaults to an empty list. Sets the default for the -# {{role.name}}Services parameter in overcloud.yaml -# -# tags: (list) list of tags used by other parts of the deployment process to -# find the role for a specific type of functionality. Currently a role -# with both 'primary' and 'controller' is used as the primary role for the -# deployment process. If no roles have have 'primary' and 'controller', the -# first role in this file is used as the primary role. -# +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Controller # +############################################################################### - name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. CountDefault: 1 tags: - primary - controller + HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - - OS::TripleO::Services::CinderBackup - - OS::TripleO::Services::CinderScheduler - - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::NeutronL2gwAgent - - OS::TripleO::Services::NeutronLinuxbridgeAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy - - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::ExternalSwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::Timezone - # FIXME: This service was disabled in Pike and this entry should be removed - # in Queens. - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::TripleO::Services::ManilaApi - - OS::TripleO::Services::ManilaScheduler - - OS::TripleO::Services::ManilaBackendGeneric - - OS::TripleO::Services::ManilaBackendNetapp - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylightApi - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::Tacker - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::NeutronML2FujitsuCfab - - OS::TripleO::Services::NeutronML2FujitsuFossw - - OS::TripleO::Services::CinderHPELeftHandISCSI - - OS::TripleO::Services::Etcd - - OS::TripleO::Services::AuditD - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::Zaqar +############################################################################### +# Role: Compute # +############################################################################### - name: Compute + description: | + Basic Compute Node role CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent - - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - +############################################################################### +# Role: BlockStorage # +############################################################################### - name: BlockStorage + description: | + Cinder Block Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: ObjectStorage # +############################################################################### - name: ObjectStorage + description: | + Swift Object Storage node role disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: CephStorage # +############################################################################### - name: CephStorage + description: | + Ceph OSD Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker + - OS::TripleO::Services::TripleoPackages diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d57c8fc6..ad760fd6 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -1,49 +1,58 @@ +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Undercloud # +############################################################################### - name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. CountDefault: 1 disable_constraints: True tags: - primary - controller ServicesDefault: - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::MySQL - - OS::TripleO::Services::MongoDb - - OS::TripleO::Services::Keystone - OS::TripleO::Services::Apache - - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Memcached - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement - - OS::TripleO::Services::NovaMetadata - - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MistralEngine - - OS::TripleO::Services::MistralApi - - OS::TripleO::Services::MistralExecutor - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhEvaluator - - OS::TripleO::Services::UndercloudAodhNotifier - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification - OS::TripleO::Services::UndercloudGnocchiApi - OS::TripleO::Services::UndercloudGnocchiMetricd - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi - - OS::TripleO::Services::UndercloudCeilometerAgentCentral - - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::Zaqar |