diff options
22 files changed, 288 insertions, 68 deletions
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index eee6f1ce..a5c85aa6 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -63,7 +63,6 @@ parameter_defaults: - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhNotifier - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentIpmi - OS::TripleO::Services::CeilometerAgentNotification diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 111005ac..f1594d2d 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -152,8 +152,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume log.debug('manifest %s' % manifest) log.debug('config_image %s' % config_image) log.debug('volumes %s' % volumes) - hostname = short_hostname() - sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume + sh_script = '/var/lib/docker-puppet/docker-puppet.sh' with open(sh_script, 'w') as script_file: os.chmod(script_file.name, 0755) @@ -162,43 +161,40 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume mkdir -p /etc/puppet cp -a /tmp/puppet-etc/* /etc/puppet rm -Rf /etc/puppet/ssl # not in use and causes permission errors - echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json + echo "{\\"step\\": $STEP}" > /etc/puppet/hieradata/docker.json TAGS="" - if [ -n "%(puppet_tags)s" ]; then - TAGS='--tags "%(puppet_tags)s"' + if [ -n "$PUPPET_TAGS" ]; then + TAGS="--tags \"$PUPPET_TAGS\"" fi - FACTER_hostname=%(hostname)s FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp + FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp # Disables archiving - if [ -z "%(no_archive)s" ]; then - rm -Rf /var/lib/config-data/%(name)s + if [ -z "$NO_ARCHIVE" ]; then + rm -Rf /var/lib/config-data/${NAME} # copying etc should be enough for most services - mkdir -p /var/lib/config-data/%(name)s/etc - cp -a /etc/* /var/lib/config-data/%(name)s/etc/ + mkdir -p /var/lib/config-data/${NAME}/etc + cp -a /etc/* /var/lib/config-data/${NAME}/etc/ if [ -d /root/ ]; then - cp -a /root/ /var/lib/config-data/%(name)s/root/ + cp -a /root/ /var/lib/config-data/${NAME}/root/ fi if [ -d /var/lib/ironic/tftpboot/ ]; then - mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/ - cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/tftpboot/ + mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ + cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/ fi if [ -d /var/lib/ironic/httpboot/ ]; then - mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/ - cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/httpboot/ + mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ + cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/ fi # apache services may files placed in /var/www/ if [ -d /var/www/ ]; then - mkdir -p /var/lib/config-data/%(name)s/var/www - cp -a /var/www/* /var/lib/config-data/%(name)s/var/www/ + mkdir -p /var/lib/config-data/${NAME}/var/www + cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/ fi fi - """ % {'puppet_tags': puppet_tags, 'name': config_volume, - 'hostname': hostname, - 'no_archive': os.environ.get('NO_ARCHIVE', ''), - 'step': os.environ.get('STEP', '6')}) + """) with tempfile.NamedTemporaryFile() as tmp_man: with open(tmp_man.name, 'w') as man_file: @@ -211,6 +207,11 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume dcmd = ['/usr/bin/docker', 'run', '--user', 'root', '--name', 'docker-puppet-%s' % config_volume, + '--env', 'PUPPET_TAGS=%s' % puppet_tags, + '--env', 'NAME=%s' % config_volume, + '--env', 'HOSTNAME=%s' % short_hostname(), + '--env', 'NO_ARCHIVE=%s' % os.environ.get('NO_ARCHIVE', ''), + '--env', 'STEP=%s' % os.environ.get('STEP', '6'), '--volume', '%s:/etc/config.pp:ro' % tmp_man.name, '--volume', '/etc/puppet/:/tmp/puppet-etc/:ro', '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 9fa90082..514d2f8d 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -26,6 +26,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -63,6 +70,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/glance-api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + /var/lib/kolla/config_files/glance_api_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_3: @@ -91,15 +100,35 @@ outputs: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_4: - glance_api: - start_order: 2 - image: *glance_image - net: host - privileged: false - restart: always - volumes: *glance_volumes - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - glance_api: + start_order: 2 + image: *glance_image + net: host + privileged: false + restart: always + volumes: *glance_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - glance_api_tls_proxy: + start_order: 2 + image: *glance_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index fc228155..ff18f177 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index fe565411..886a0d80 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index bcf24c33..d183cc24 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -26,6 +26,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -64,27 +71,48 @@ outputs: - path: /var/log/swift owner: swift:swift recurse: true + /var/lib/kolla/config_files/swift_proxy_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: step_4: - swift_proxy: - image: *swift_proxy_image - net: host - user: swift - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - # FIXME I'm mounting /etc/swift as rw. Are the rings written to - # at all during runtime? - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /run:/run - - /srv/node:/srv/node - - /dev:/dev - - /var/log/containers/swift:/var/log/swift - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - swift_proxy: + image: *swift_proxy_image + net: host + user: swift + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro + # FIXME I'm mounting /etc/swift as rw. Are the rings written to + # at all during runtime? + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev + - /var/log/containers/swift:/var/log/swift + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - swift_proxy_tls_proxy: + image: *swift_proxy_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 5ba044ea..07abf07d 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -59,7 +59,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: - command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf + command: /usr/sbin/httpd -DFOREGROUND /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf permissions: @@ -73,6 +73,9 @@ outputs: net: host privileged: false restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -108,5 +111,4 @@ outputs: upgrade_tasks: - name: Stop and disable zaqar service tags: step2 - service: name=openstack-zaqar.service state=stopped enabled=no - + service: name=httpd state=stopped enabled=no diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 73b91727..33afbc66 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -8,15 +8,22 @@ resource_registry: OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml # NOTE: add roles to be docker enabled as we support them. - OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml - OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml - OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml - OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml + OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml + OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml + OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml + OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml + OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml + OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index f1c90e2d..6fd71013 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -32,5 +32,6 @@ parameter_defaults: - OS::TripleO::Services::Collectd - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker diff --git a/environments/neutron-ml2-vpp.yaml b/environments/neutron-ml2-vpp.yaml new file mode 100644 index 00000000..1dec395c --- /dev/null +++ b/environments/neutron-ml2-vpp.yaml @@ -0,0 +1,22 @@ +# Environment file used to enable networking-vpp ML2 mechanism driver + +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronVppAgent: ../puppet/services/neutron-vpp-agent.yaml + OS::TripleO::Services::Etcd: ../puppet/services/etcd.yaml + OS::TripleO::Services::Vpp: ../puppet/services/vpp.yaml + +parameter_defaults: + #Comma delimited list of <physical_network>:<VPP Interface>. + #Example: "datacentre:GigabitEthernet2/2/0" + #NeutronVPPAgentPhysnets: "" + + NeutronMechanismDrivers: vpp + NeutronNetworkType: vlan + NeutronServicePlugins: router + NeutronTypeDrivers: vlan,flat + ExtraConfig: + # Use Linux Bridge driver for DHCP and L3 agent. + neutron::agents::dhcp::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" + neutron::agents::l3::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" diff --git a/environments/services-docker/undercloud-aodh.yaml b/environments/services-docker/undercloud-aodh.yaml index 236512f6..95d4a873 100644 --- a/environments/services-docker/undercloud-aodh.yaml +++ b/environments/services-docker/undercloud-aodh.yaml @@ -1,5 +1,5 @@ resource_registry: - OS::TripleO::Services::UndercloudAodhApi: ../docker/services/aodh-api.yaml - OS::TripleO::Services::UndercloudAodhEvaluator: ../docker/services/aodh-evaluator.yaml - OS::TripleO::Services::UndercloudAodhNotifier: ../docker/services/aodh-notifier.yaml - OS::TripleO::Services::UndercloudAodhListener: ../docker/services/aodh-listener.yaml + OS::TripleO::Services::UndercloudAodhApi: ../../docker/services/aodh-api.yaml + OS::TripleO::Services::UndercloudAodhEvaluator: ../../docker/services/aodh-evaluator.yaml + OS::TripleO::Services::UndercloudAodhNotifier: ../../docker/services/aodh-notifier.yaml + OS::TripleO::Services::UndercloudAodhListener: ../../docker/services/aodh-listener.yaml diff --git a/environments/services-docker/undercloud-gnocchi.yaml b/environments/services-docker/undercloud-gnocchi.yaml index 55b0ac2d..4b898cb3 100644 --- a/environments/services-docker/undercloud-gnocchi.yaml +++ b/environments/services-docker/undercloud-gnocchi.yaml @@ -1,4 +1,4 @@ resource_registry: - OS::TripleO::Services::UndercloudGnocchiApi: ../docker/services/gnocchi-api.yaml - OS::TripleO::Services::UndercloudGnocchiMetricd: ../docker/services/gnocchi-metricd.yaml - OS::TripleO::Services::UndercloudGnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::UndercloudGnocchiApi: ../../docker/services/gnocchi-api.yaml + OS::TripleO::Services::UndercloudGnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml + OS::TripleO::Services::UndercloudGnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml diff --git a/environments/services-docker/undercloud-panko.yaml b/environments/services-docker/undercloud-panko.yaml index ffe3b6da..8384f311 100644 --- a/environments/services-docker/undercloud-panko.yaml +++ b/environments/services-docker/undercloud-panko.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::UndercloudPankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::UndercloudPankoApi: ../../docker/services/panko-api.yaml diff --git a/environments/services/ceilometer-expirer.yaml b/environments/services/ceilometer-expirer.yaml new file mode 100644 index 00000000..d20ee255 --- /dev/null +++ b/environments/services/ceilometer-expirer.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CeilometerExpirer: ../../puppet/services/ceilometer-expirer.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index ea080be9..74776e7a 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -189,7 +189,7 @@ resource_registry: OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector.yaml - OS::TripleO::Services::CeilometerExpirer: puppet/services/ceilometer-expirer.yaml + OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer.yaml OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml @@ -254,6 +254,7 @@ resource_registry: OS::TripleO::Services::OctaviaWorker: OS::Heat::None OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml OS::TripleO::Services::Vpp: OS::Heat::None + OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 714434b1..eb22f33e 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -2,6 +2,8 @@ heat_template_version: ocata description: > OpenStack Ceilometer Expirer service configured with Puppet + Note, This service is deprecated and will be removed in + future releases. parameters: ServiceNetMap: diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer.yaml new file mode 100644 index 00000000..ec018e4f --- /dev/null +++ b/puppet/services/disabled/ceilometer-expirer.yaml @@ -0,0 +1,30 @@ +heat_template_version: pike + +description: > + OpenStack Ceilometer Expirer service, disabled since pike + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the disabled Ceilometer Expirer role. + value: + service_name: ceilometer_expirer + upgrade_tasks: + - name: Stop and disable ceilometer_expirer service on upgrade + tags: step1 + service: name=openstack-ceilometer-expirer state=stopped enabled=no diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 58b2b7bf..c42b0530 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -231,6 +231,7 @@ outputs: content: {get_param: KeystoneFernetKey0} '/etc/keystone/fernet-keys/1': content: {get_param: KeystoneFernetKey1} + keystone::fernet_replace_keys: false keystone::debug: {get_param: Debug} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml new file mode 100644 index 00000000..7c2db445 --- /dev/null +++ b/puppet/services/neutron-vpp-agent.yaml @@ -0,0 +1,48 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron ML2/VPP agent configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: > + Mapping of service_name -> network name. Typically set via + parameter_defaults in the resource registry. This mapping overrides those + in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronVPPAgentPhysnets: + description: > + List of <physical_network>:<VPP Interface> + Example: "physnet1:GigabitEthernet2/2/0,physnet2:GigabitEthernet2/3/0" + type: comma_delimited_list + default: "" + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron ML2/VPP agent service. + value: + service_name: neutron_vpp_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets} + step_config: | + include ::tripleo::profile::base::neutron::agents::vpp
\ No newline at end of file diff --git a/releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml b/releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml new file mode 100644 index 00000000..9088f963 --- /dev/null +++ b/releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - With expirer deprecated and disabled by default, there is an upgrade + impact here. If you had expirer enabled in ocata and you upgrade to + pike the expirer will not be enabled anymore. If you wish to use + expirer, ensure you include the ceilometer-expirer.yaml + to your upgrade deploy command. Also note that with collector + disabled, there is no need for expirer to be running. +deprecations: + - Deprecate and turn off expirer service as collector. Without collector + and standard storage, expirer has no use. diff --git a/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml new file mode 100644 index 00000000..2f8ae146 --- /dev/null +++ b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml @@ -0,0 +1,3 @@ +--- +features: + - Adds support for networking-vpp ML2 mechanism driver and agent. diff --git a/roles_data.yaml b/roles_data.yaml index 5c9aa132..e0867cbc 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -98,7 +98,6 @@ - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::Horizon @@ -142,6 +141,7 @@ - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Docker - name: Compute @@ -175,6 +175,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker |