diff options
23 files changed, 105 insertions, 49 deletions
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index a6f35711..2203665a 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -4,7 +4,6 @@ resource_registry: OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml - OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh index 7266ca57..c86e771c 100644 --- a/deployed-server/deployed-server-bootstrap-centos.sh +++ b/deployed-server/deployed-server-bootstrap-centos.sh @@ -8,7 +8,8 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/deployed-server/deployed-server-bootstrap-rhel.sh b/deployed-server/deployed-server-bootstrap-rhel.sh index 36ff0077..10b4999b 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.sh +++ b/deployed-server/deployed-server-bootstrap-rhel.sh @@ -8,6 +8,7 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 0f079436..8f95208f 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -205,7 +205,8 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: - dcmd.extend(['--volume', volume]) + if volume: + dcmd.extend(['--volume', volume]) dcmd.extend(['--entrypoint', sh_script]) diff --git a/docker/services/README.rst b/docker/services/README.rst index 219f35eb..465e4abe 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -23,7 +23,7 @@ puppet (our configuration tool of choice) into the Kolla base images. The undercloud nova-scheduler also requires openstack-tripleo-common to provide custom filters. -To build Kolla images for TripleO adjust your kolla config to build your +To build Kolla images for TripleO adjust your kolla config [*]_ to build your centos base image with puppet using the example below: .. code-block:: @@ -37,6 +37,10 @@ kolla-build --base centos --template-override template-overrides.j2 .. +.. [*] See the + `override file <https://github.com/openstack/tripleo-common/blob/master/contrib/tripleo_kolla_template_overrides.j2>`_ + which can be used to build Kolla packages that work with TripleO, and an + `example build script <https://github.com/dprince/undercloud_containers/blob/master/build_kolla.sh>_. Docker settings --------------- diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 265558a4..15795828 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -102,8 +102,8 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_image volumes: - - "mongodb:/var/lib/mongodb/" - - "logs:/var/log/kolla:ro" + - /var/lib/mongodb:/var/lib/mongodb + - logs:/var/log/kolla:ro host_prep_tasks: - name: create /var/lib/mongodb file: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 63713677..e50315ba 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -33,7 +33,7 @@ parameters: KeystoneTokenProvider: description: The keystone token format type: string - default: 'uuid' + default: 'fernet' constraints: - allowed_values: ['uuid', 'fernet'] @@ -89,16 +89,6 @@ outputs: owner: keystone perm: '0600' source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 - - dest: /etc/keystone/fernet-keys/0 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0 - optional: {if: [keystone_fernet_tokens, false, true]} - - dest: /etc/keystone/fernet-keys/1 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1 - optional: {if: [keystone_fernet_tokens, false, true]} - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf owner: root perm: '0644' @@ -145,6 +135,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log + - + if: + - keystone_fernet_tokens + - /var/lib/config-data/keystone/etc/keystone/fernet-keys:/etc/keystone/fernet-keys:ro + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 7fc00b47..957eed7f 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -83,6 +83,15 @@ outputs: - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova - - libvirtd:/var/lib/libvirt + - /var/lib/libvirt:/var/lib/libvirt environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/libvirt + file: + path: /var/lib/libvirt + state: directory + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=nova-compute state=stopped enabled=no diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 170468a5..3d849f59 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -85,6 +85,10 @@ outputs: - /run:/run - /dev:/dev - /etc/iscsi:/etc/iscsi - - nova_compute:/var/lib/nova/ + - /var/lib/nova/:/var/lib/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=nova-compute state=stopped enabled=no diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 85fabe5a..480bb80e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -88,7 +88,19 @@ outputs: - /var/lib/nova:/var/lib/nova # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - - libvirtd:/var/lib/libvirt - - nova_libvirt_qemu:/etc/libvirt/qemu + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create libvirt persistent data directories + file: + path: "{{ item }}" + state: directory + with_items: + - /etc/libvirt/qemu + - /var/lib/libvirt + upgrade_tasks: + - name: Stop and disable libvirtd service + tags: step2 + service: name=libvirtd state=stopped enabled=no diff --git a/environments/services/panko.yaml b/environments/services/panko.yaml deleted file mode 100644 index 28bf99f6..00000000 --- a/environments/services/panko.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resource_registry: - OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index e99f770f..7b780112 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -579,12 +579,24 @@ resources: PingTestIps: list_join: - ' ' - - - {get_attr: [{{primary_role_name}}, resource.0.external_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.internal_api_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.storage_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.storage_mgmt_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.tenant_ip_address]} - - {get_attr: [{{primary_role_name}}, resource.0.management_ip_address]} + - - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, external_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, internal_api_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, storage_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, storage_mgmt_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, tenant_ip_address]} + - yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [Controller, management_ip_address]} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index b52955ef..26f1a96f 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -94,11 +94,7 @@ outputs: tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: - str_replace: - template: SERVERS - params: - SERVERS: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index fd1ee24b..20f64162 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -90,6 +90,7 @@ outputs: service_config_settings: keystone: congress::keystone::auth::tenant: 'service' + congress::keystone::auth::region: {get_param: KeystoneRegion} congress::keystone::auth::password: {get_param: CongressPassword} congress::keystone::auth::public_url: {get_param: [EndpointMap, CongressPublic, uri]} congress::keystone::auth::internal_url: {get_param: [EndpointMap, CongressInternal, uri]} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 808f1353..7078b60f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -23,6 +23,10 @@ parameters: description: Configures MySQL max_connections config setting type: number default: 4096 + MysqlIncreaseFileLimit: + description: Flag to increase MySQL open-files-limit to 16384 + type: boolean + default: true MysqlRootPassword: type: string hidden: true @@ -96,6 +100,8 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::generate_dropin_file_limit: + {get_param: MysqlIncreaseFileLimit} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d7555561..b45c084a 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -32,10 +32,6 @@ parameters: CephClientUserName: default: openstack type: string - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint RedisPassword: description: The password for the redis service account. type: string diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index bb102c08..7a24ffdd 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -57,6 +57,9 @@ parameters: default: tag: openstack.neutron.api path: /var/log/neutron/server.log + EnableInternalTLS: + type: boolean + default: false # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. @@ -71,10 +74,6 @@ parameters: removed in Ocata. Future releases will enable L3 HA by default if it is appropriate for the deployment type. Alternate mechanisms will be available to override. - EnableInternalTLS: - type: boolean - default: false - parameter_groups: - label: deprecated description: | @@ -204,3 +203,5 @@ outputs: tags: step1 when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index e25bc495..2c7ab57c 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -69,7 +69,10 @@ outputs: service_name: neutron_ovs_dpdk_agent config_settings: map_merge: - - get_attr: [NeutronOvsAgent, role_data, config_settings] + - map_replace: + - get_attr: [NeutronOvsAgent, role_data, config_settings] + - keys: + tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 3db0848e..5cf416f3 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -60,11 +60,7 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: OpenDaylightProviderMappings} + neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml b/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml new file mode 100644 index 00000000..682171c1 --- /dev/null +++ b/releasenotes/notes/fix-cinder-nfs-share-usage-0968f88eff7ffb99.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Fixes an issue when using the CinderNfsServers + parameter_defaults setting. It now works using a + single share as well as a comma-separated list of + shares. diff --git a/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml b/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml new file mode 100644 index 00000000..bb18aed8 --- /dev/null +++ b/releasenotes/notes/fix-neutron-dpdk-firewall-436aee39a0d7ed65.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Fixes firewall rules from neutron OVS agent not being + inherited correctly and applied in neutron OVS DPDK + template. diff --git a/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml b/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml new file mode 100644 index 00000000..79cea05e --- /dev/null +++ b/releasenotes/notes/fix-odl-provider-mapping-hiera-5b3472184be490e2.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Fixes OpenDaylightProviderMappings parsing on a + comma delimited list. diff --git a/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml new file mode 100644 index 00000000..d2b2eb94 --- /dev/null +++ b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - openstack-selinux is now installed by the deployed-server + bootstrap scripts. Previously, it was not installed, so + if SELinux was set to enforcing, all OpenStack policy + was missing. |