diff options
73 files changed, 2647 insertions, 1035 deletions
@@ -44,3 +44,18 @@ doc/_build # Built by pbr (python setup.py sdist): AUTHORS ChangeLog + +extraconfig/all_nodes/mac_hostname.yaml +extraconfig/all_nodes/random_string.yaml +extraconfig/all_nodes/swap-partition.yaml +extraconfig/all_nodes/swap.yaml +extraconfig/tasks/major_upgrade_pacemaker_init.yaml +network/service_net_map.yaml +overcloud-resource-registry-puppet.yaml +overcloud.yaml +puppet/blockstorage-config.yaml +puppet/cephstorage-config.yaml +puppet/compute-config.yaml +puppet/controller-config.yaml +puppet/objectstorage-config.yaml +puppet/post.yaml @@ -1,3 +1,12 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/tripleo-heat-templates.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + ====================== tripleo-heat-templates ====================== diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 1a5242a9..ee5bd648 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -1,6 +1,9 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml parameter_defaults: ControllerServices: @@ -47,10 +50,32 @@ parameter_defaults: - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true - # we don't deploy Swift so we switch to file backend. - GlanceBackend: 'file' - GnocchiBackend: 'file' + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + CinderEnableIscsiBackend: false diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index b8bc5762..97fec24c 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -1,7 +1,8 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::BarbicanApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/barbican-api.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml parameter_defaults: ControllerServices: @@ -42,6 +43,8 @@ parameter_defaults: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index e540bc55..092426cb 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -1,11 +1,11 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::SaharaApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-engine.yaml - OS::TripleO::Services::MistralApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-api.yaml - OS::TripleO::Services::MistralEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-engine.yaml - OS::TripleO::Services::MistralExecutor: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-executor.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml parameter_defaults: ControllerServices: @@ -49,3 +49,4 @@ parameter_defaults: Debug: true # we don't deploy Swift so we switch to file backend. GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml new file mode 100644 index 00000000..4aa18709 --- /dev/null +++ b/ci/environments/scenario004-multinode.yaml @@ -0,0 +1,62 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephRgw + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' diff --git a/ci/pingtests/scenario001-multinode.yaml b/ci/pingtests/scenario001-multinode.yaml index 9dcbd390..ede83db0 100644 --- a/ci/pingtests/scenario001-multinode.yaml +++ b/ci/pingtests/scenario001-multinode.yaml @@ -72,12 +72,22 @@ resources: router_id: { get_resource: router } subnet_id: { get_resource: private_subnet } + volume1: + type: OS::Cinder::Volume + properties: + name: Volume1 + image: { get_param: image } + size: 1 + server1: type: OS::Nova::Server + depends_on: volume1 properties: name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } flavor: { get_resource: test_flavor } - image: { get_param: image } key_name: { get_resource: key_pair } networks: - port: { get_resource: server1_port } @@ -118,19 +128,21 @@ resources: ram: 512 vcpus: 1 - gnocchi_res_alarm: - type: OS::Aodh::GnocchiResourcesAlarm - properties: - description: Do stuff with gnocchi - metric: cpu_util - aggregation_method: mean - granularity: 60 - evaluation_periods: 1 - threshold: 50 - alarm_actions: [] - resource_type: instance - resource_id: { get_resource: server1 } - comparison_operator: gt +# Disabling this resource now +# https://bugs.launchpad.net/tripleo/+bug/1646506 +# gnocchi_res_alarm: +# type: OS::Aodh::GnocchiResourcesAlarm +# properties: +# description: Do stuff with gnocchi +# metric: cpu_util +# aggregation_method: mean +# granularity: 60 +# evaluation_periods: 1 +# threshold: 50 +# alarm_actions: [] +# resource_type: instance +# resource_id: { get_resource: server1 } +# comparison_operator: gt asg: type: OS::Heat::AutoScalingGroup diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml index d7a30fd9..1ab7eef9 100644 --- a/ci/pingtests/scenario002-multinode.yaml +++ b/ci/pingtests/scenario002-multinode.yaml @@ -144,6 +144,11 @@ resources: ram: 512 vcpus: 1 + zaqar_queue: + type: OS::Zaqar::Queue + properties: + name: pingtest-queue + outputs: server1_private_ip: description: IP address of server1 in private network diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml new file mode 100644 index 00000000..17792cd1 --- /dev/null +++ b/ci/pingtests/scenario004-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario004. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/deployed-server/README.rst b/deployed-server/README.rst index ce74e77b..f269b6a4 100644 --- a/deployed-server/README.rst +++ b/deployed-server/README.rst @@ -119,10 +119,15 @@ from the deployment command, the script should be ready to run: [NovaCompute]: CREATE_IN_PROGRESS state changed The user running the script must be able to ssh as root to each server. Define -the hostnames of the deployed servers you intend to use for each role type:: - - export controller_hosts="controller0 controller1 controller2" - export compute_hosts="compute0" +the the names of your custom roles (if applicable) and hostnames of the deployed +servers you intend to use for each role type. For each role name, a +corresponding <role-name>_hosts variable should also be defined, e.g.:: + + export ROLES="Controller NewtorkNode StorageNode Compute" + export Controller_hosts="10.0.0.1 10.0.0.2 10.0.0.3" + export NetworkNode_hosts="10.0.0.4 10.0.0.5 10.0.0.6" + export StorageNode_hosts="10.0.0.7 10.0.08" + export Compute_hosts="10.0.0.9 10.0.0.10 10.0.0.11" Then run the script on the undercloud with a stackrc file sourced, and the script will copy the needed os-collect-config.conf configuration to each diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index d5c5460d..99fc26bb 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -69,21 +69,10 @@ resources: #!/bin/bash set -eux mkdir -p $heat_outputs_path - host=$(hostnamectl --static) - echo -n "$host " > $heat_outputs_path.hosts_entry - host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")") - echo -n "$host_ip " >> $heat_outputs_path.hosts_entry - echo >> $heat_outputs_path.hosts_entry - cat $heat_outputs_path.hosts_entry - echo -n $host_ip > $heat_outputs_path.ip_address - cat $heat_outputs_path.ip_address + host=$(hostnamectl --transient) echo -n $host > $heat_outputs_path.hostname cat $heat_outputs_path.hostname outputs: - - name: hosts_entry - description: hosts_entry - - name: ip_address - description: ip_address - name: hostname description: hostname @@ -108,8 +97,4 @@ outputs: ctlplane: - {get_attr: [ControlPlanePort, ip_address]} name: - value: {get_attr: [HostsEntryDeployment, hostname]} - hosts_entry: - value: {get_attr: [HostsEntryDeployment, hosts_entry]} - ip_address: - value: {get_attr: [HostsEntryDeployment, ip_address]} + value: {get_attr: [HostsEntryDeployment, hostname]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index d6219e85..c3ce7183 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -11,14 +11,22 @@ OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""} CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""} SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"} SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32" +OVERCLOUD_ROLES=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} + +# Set the _hosts vars for the default roles based on the old var names that +# were all caps for backwards compatibility. +Controller_hosts=${Controller_hosts:-"$CONTROLLER_HOSTS"} +Compute_hosts=${Compute_hosts:-"$COMPUTE_HOSTS"} +BlockStorage_hosts=${BlockStorage_hosts:-"$BLOCKSTORAGE_HOSTS"} +ObjectStorage_hosts=${ObjectStorage_hosts:-"$OBJECTSTORAGE_HOSTS"} +CephStorage_hosts=${CephStorage_hosts:-"$CEPHSTORAGE_HOSTS"} + +# Set the _hosts_a vars for each role defined +for role in $OVERCLOUD_ROLES; do + eval hosts=\${${role}_hosts} + read -a ${role}_hosts_a <<< $hosts +done -read -a Controller_hosts_a <<< $CONTROLLER_HOSTS -read -a Compute_hosts_a <<< $COMPUTE_HOSTS -read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS -read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS -read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS - -roles=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} admin_user_id=$(openstack user show admin -c id -f value) admin_project_id=$(openstack project show admin -c id -f value) @@ -44,7 +52,7 @@ function check_stack { } -for role in $roles; do +for role in $OVERCLOUD_ROLES; do while ! check_stack overcloud; do sleep $SLEEP_TIME done diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index acb44ce5..e7e276b2 100644..100755 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -43,6 +43,7 @@ AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ -v /var/lib/cloud:/var/lib/cloud \ -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ -v /etc/sysconfig/docker:/etc/sysconfig/docker \ + -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index de17cffe..6cb92c83 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -252,27 +252,6 @@ resources: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: [servers, {{role.name}}]} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - {{role.name}}ContainersConfig_Step1: type: OS::Heat::StructuredConfig depends_on: CopyJsonDeployment @@ -291,7 +270,7 @@ resources: {{role.name}}ContainersDeployment_Step1: type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig] + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] properties: name: {{role.name}}ContainersDeployment_Step1 servers: {get_param: [servers, {{role.name}}]} diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index c01b4888..6e912faa 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -3,5 +3,6 @@ parameter_defaults: EnableInternalTLS: true resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml new file mode 100644 index 00000000..7e10014b --- /dev/null +++ b/environments/major-upgrade-composable-steps.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml new file mode 100644 index 00000000..ee137925 --- /dev/null +++ b/environments/services/zaqar.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 70a0d31f..e91c7bc3 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 21f8876a..c9096f44 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 6afb3a63..365b0a54 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -62,3 +62,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml index 833c3bc2..a513120d 100644 --- a/firstboot/os-net-config-mappings.yaml +++ b/firstboot/os-net-config-mappings.yaml @@ -38,7 +38,7 @@ resources: str_replace: template: | #!/bin/sh - eth_addr=$(/sbin/ifconfig eth0 | grep ether | awk '{print $2}') + eth_addr=$(cat /sys/class/net/*/address | tr '\n' ',') mkdir -p /etc/os-net-config # Create an os-net-config mapping file, note this defaults to @@ -51,7 +51,7 @@ resources: input = sys.stdin.readline() or '{}' data = json.loads(input) for node in data: - if '${eth_addr}' in data[node].values(): + if any(x in '$eth_addr'.split(',') for x in data[node].values()): interface_mapping = {'interface_mapping': data[node]} with open('/etc/os-net-config/mapping.yaml', 'w') as f: yaml.safe_dump(interface_mapping, f, default_flow_style=False) diff --git a/hosts-config.yaml b/hosts-config.yaml index b5a22b7f..a24b9bb4 100644 --- a/hosts-config.yaml +++ b/hosts-config.yaml @@ -8,11 +8,18 @@ parameters: resources: hostsConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config - config: - hosts: {get_param: hosts} + group: script + inputs: + - name: hosts + default: + list_join: + - ' ' + - str_split: + - '\n' + - {get_param: hosts} + config: {get_file: scripts/hosts-config.sh} outputs: config_id: @@ -25,3 +32,6 @@ outputs: hostname-based access to the deployed nodes (useful for testing without setting up a DNS). value: {get_attr: [hostsConfigImpl, config, hosts]} + OS::stack_id: + description: The ID of the hostsConfigImpl resource. + value: {get_resource: hostsConfigImpl} diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml new file mode 100644 index 00000000..db9b4919 --- /dev/null +++ b/network/config/multiple-nics/compute-dvr.yaml @@ -0,0 +1,162 @@ +heat_template_version: '2016-10-14' +description: > + Software Config to drive os-net-config to configure multiple interfaces for the + compute role with external bridge for DVR. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: 10.0.0.1 + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface + name: nic5 + use_dhcp: false + primary: true + # External bridge for DVR (no IP address required) + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + members: + - type: interface + name: nic6 + primary: true + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: interface + # name: nic7 + # use_dhcp: false + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index aeda0a9f..0178c4dd 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -276,3 +276,21 @@ Ironic: uri_suffixes: '': /v1 port: 6385 + +Zaqar: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 8888 + +ZaqarWebSocket: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 9000 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 5e582d41..7ebb318f 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -79,6 +79,12 @@ parameters: SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: http, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: @@ -6291,3 +6297,489 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + ZaqarAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + ZaqarInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarInternal, port] + protocol: + get_param: [EndpointMap, ZaqarInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + ZaqarPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarPublic, port] + protocol: + get_param: [EndpointMap, ZaqarPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + ZaqarWebSocketAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + ZaqarWebSocketInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketInternal, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + ZaqarWebSocketPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketPublic, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 30b9f2b9..77a48658 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -100,6 +100,10 @@ resource_registry: # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + # Upgrade resources + OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml + OS::TripleO::UpgradeSteps: OS::Heat::None + # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml @@ -215,6 +219,7 @@ resource_registry: OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::Zaqar: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index ba1c6b36..39a092b1 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -187,7 +187,7 @@ resources: type: string value: list_join: - - '\n' + - "\n" - - str_replace: template: IP HOST params: @@ -370,7 +370,7 @@ resources: properties: hosts: list_join: - - '\n' + - "\n" - - if: - add_vips_to_etc_hosts - {get_attr: [VipHosts, value]} @@ -378,7 +378,7 @@ resources: - {% for role in roles %} - list_join: - - '\n' + - "\n" - {get_attr: [{{role.name}}, hosts_entry]} {% endfor %} @@ -604,6 +604,21 @@ resources: {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} {% endfor %} + # Upgrade steps for all roles + AllNodesUpgradeSteps: + type: OS::TripleO::UpgradeSteps + depends_on: AllNodesDeploySteps + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + role_data: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} + + outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. @@ -636,3 +651,9 @@ outputs: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + RoleData: + description: The configuration data associated with each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index cc5e4eac..0a8bec6e 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -71,140 +71,132 @@ resources: allNodesConfigImpl: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - bootstrap_node: - mapped_data: - bootstrap_nodeid: {get_input: bootstrap_nodeid} - bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} - all_nodes: - mapped_data: - map_merge: - - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} - - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} - - enabled_services: {get_param: enabled_services} - # This writes out a mapping of service_name_enabled: 'true' - # For any services not enabled, hiera foo_enabled will - # return nil, as it's undefined - - map_merge: - repeat: - template: - # Note this must be string 'true' due to - # https://bugs.launchpad.net/heat/+bug/1617203 - SERVICE_enabled: 'true' - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - # Dynamically generate per-service network data - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: + datafiles: + bootstrap_node: + bootstrap_nodeid: {get_input: bootstrap_nodeid} + bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} + all_nodes: + map_merge: + - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} + - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} + - enabled_services: {get_param: enabled_services} + # This writes out a mapping of service_name_enabled: 'true' + # For any services not enabled, hiera foo_enabled will + # return nil, as it's undefined + - map_merge: + repeat: + template: + # Note this must be string 'true' due to + # https://bugs.launchpad.net/heat/+bug/1617203 + SERVICE_enabled: 'true' + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + # Dynamically generate per-service network data + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_network: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + # Keystone doesn't provide separate entries for the public + # and admin endpoints, so we need to add them here manually + # like we do in the vip-config below + - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} + keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} + # provides a mapping of service_name_ips to a list of IPs + - {get_param: service_ips} + - {get_param: service_node_names} + - {get_param: short_service_node_names} + - controller_node_ips: + list_join: + - ',' + - {get_param: controller_ips} + controller_node_names: + list_join: + - ',' + - {get_param: controller_names} + memcached_node_ips_v6: + repeat: + template: "inet6:[NAME]" + for_each: + NAME: {get_param: memcache_node_ips} + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} + vip_data: + map_merge: + # Dynamically generate per-service VIP data based on enabled_services + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetVipMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: - map_merge: repeat: template: - SERVICE_network: SERVICE_network + SERVICE_vip: SERVICE_network for_each: SERVICE: str_split: [',', {get_param: enabled_services}] - values: {get_param: ServiceNetMap} - # Keystone doesn't provide separate entries for the public - # and admin endpoints, so we need to add them here manually - # like we do in the vip-config below - - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} - keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} - # provides a mapping of service_name_ips to a list of IPs - - {get_param: service_ips} - - {get_param: service_node_names} - - {get_param: short_service_node_names} - - controller_node_ips: - list_join: - - ',' - - {get_param: controller_ips} - controller_node_names: - list_join: - - ',' - - {get_param: controller_names} - memcached_node_ips_v6: - str_replace: - template: "['inet6:[SERVERS_LIST]']" - params: - SERVERS_LIST: - list_join: - - "]','inet6:[" - - {get_param: memcache_node_ips} - - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - stack_action: {get_param: StackAction} - vip_data: - mapped_data: - map_merge: - # Dynamically generate per-service VIP data based on enabled_services - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g internal_api with the IP from NetVipMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: - - map_replace: - - map_merge: - repeat: - template: - SERVICE_vip: SERVICE_network - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - - values: {get_param: ServiceNetMap} - - values: {get_param: NetVipMap} - - keystone_admin_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] - keystone_public_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] - public_virtual_ip: {get_param: [NetVipMap, external]} - controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - storage_virtual_ip: {get_param: [NetVipMap, storage]} - storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - redis_vip: {get_param: RedisVirtualIP} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} - tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} - cloud_name_external: {get_param: cloud_name_external} - cloud_name_internal_api: {get_param: cloud_name_internal_api} - cloud_name_storage: {get_param: cloud_name_storage} - cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} - cloud_name_ctlplane: {get_param: cloud_name_ctlplane} - # TLS parameters - certmonger_ca: {get_param: CertmongerCA} - enable_internal_tls: {get_param: EnableInternalTLS} + - values: {get_param: NetVipMap} + - keystone_admin_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] + keystone_public_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] + public_virtual_ip: {get_param: [NetVipMap, external]} + controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + storage_virtual_ip: {get_param: [NetVipMap, storage]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + redis_vip: {get_param: RedisVirtualIP} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} + tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} + cloud_name_external: {get_param: cloud_name_external} + cloud_name_internal_api: {get_param: cloud_name_internal_api} + cloud_name_storage: {get_param: cloud_name_storage} + cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} + cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + # TLS parameters + certmonger_ca: {get_param: CertmongerCA} + enable_internal_tls: {get_param: EnableInternalTLS} outputs: config_id: diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 34f10a21..36587a41 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -217,6 +217,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -239,39 +329,39 @@ resources: BlockStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: - mapped_data: {get_param: BlockStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - volume: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig + - service_names + - service_configs + - volume + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + volume_extraconfig: {get_param: BlockStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + volume: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -311,48 +401,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -370,47 +425,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [BlockStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the block storage server value: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 0854330e..558f97d8 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -223,6 +223,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -244,39 +334,39 @@ resources: CephStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: - mapped_data: {get_param: CephStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - ceph: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig + - service_names + - service_configs + - ceph + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + ceph_extraconfig: {get_param: CephStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + ceph: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -322,48 +412,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -381,47 +436,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [CephStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the ceph storage server value: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 070f19c5..818f18c8 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -226,6 +226,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig properties: @@ -251,45 +341,45 @@ resources: NovaComputeConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: - mapped_data: {get_param: NovaComputeExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - compute: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig + - service_names + - service_configs + - compute + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre + - nova_nuage_data # Optionally provided by ComputeExtraConfigPre + - midonet_data # Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + - cisco_aci_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + compute_extraconfig: {get_param: NovaComputeExtraConfig} + extraconfig: {get_param: ExtraConfig} + compute: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment @@ -364,48 +454,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -425,47 +480,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [NovaCompute, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 3fc691a0..2781daa0 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -245,6 +245,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: @@ -299,57 +389,57 @@ resources: ControllerConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - mapped_data: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - controller: - mapped_data: # data supplied directly to this deployment configuration, etc - bootstack_nodeid: {get_input: bootstack_nodeid} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig + - service_configs + - service_names + - controller + - bootstrap_node # provided by BootstrapNodeConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + controller_extraconfig: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} + extraconfig: {get_param: ExtraConfig} + controller: + # data supplied directly to this deployment configuration, etc + bootstack_nodeid: {get_input: bootstack_nodeid} + # Pacemaker + enable_load_balancer: {get_input: enable_load_balancer} - # Pacemaker - enable_load_balancer: {get_input: enable_load_balancer} - - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + # Misc + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: @@ -407,48 +497,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -468,47 +523,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [Controller, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 8bcbbf4c..4e1ad89f 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -8,7 +8,7 @@ trap cleanup EXIT if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do - curl --globoff -o $TMP_DATA/file_data "$artifact_urls" + curl --globoff -o $TMP_DATA/file_data "$URL" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then yum install -y $TMP_DATA/file_data elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml new file mode 100644 index 00000000..44be7c65 --- /dev/null +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -0,0 +1,72 @@ +heat_template_version: 2015-10-15 + +description: Enroll nodes to FreeIPA + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + CloudDomain: + description: > + The configured cloud domain; this will also be used as the kerberos realm + type: string + + FreeIPAOTP: + description: 'OTP that will be used for FreeIPA enrollment' + type: string + hidden: true + FreeIPAServer: + description: 'FreeIPA server DNS name' + type: string + FreeIPAIPAddress: + default: '' + description: 'FreeIPA server IP Address' + type: string + +resources: + FreeIPAEnrollmentConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: otp + - name: ipa_server + - name: ipa_domain + - name: ipa_ip + config: | + #!/bin/sh + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi + # Set the node's domain if needed + if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then + hostnamectl set-hostname "$(hostname).${ipa_domain}" + fi + yum install -y ipa-client + # Enroll. If there is already keytab, we have already done this. + if [ ! -f /etc/krb5.keytab ]; then + ipa-client-install --server ${ipa_server} -w ${otp} \ + --domain=${ipa_domain} -U + fi + # Get a TGT + kinit -k -t /etc/krb5.keytab + + FreeIPAControllerEnrollmentDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: FreeIPAEnrollmentDeployment + config: {get_resource: FreeIPAEnrollmentConfig} + server: {get_param: server} + input_values: + otp: {get_param: FreeIPAOTP} + ipa_server: {get_param: FreeIPAServer} + ipa_domain: {get_param: CloudDomain} + ipa_ip: {get_param: FreeIPAIPAddress} + +outputs: + deploy_stdout: + description: Output of the FreeIPA enrollment deployment + value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml new file mode 100644 index 00000000..f8dad433 --- /dev/null +++ b/puppet/major_upgrade_steps.j2.yaml @@ -0,0 +1,98 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade steps for all roles' + +parameters: + servers: + type: json + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + UpdateIdentifier: + type: string + description: > + Setting to a previously unused value during stack-update will trigger + the Upgrade resources to re-run on all roles. + + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + +resources: + + # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + +{% for role in roles %} + {{role.name}}Upgrade_Init: + type: OS::Heat::StructuredDeploymentGroup + properties: + name: {{role.name}}Upgrade_Init + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: UpgradeInitConfig} +{% endfor %} + +# Upgrade Steps for all roles +# FIXME(shardy): would be nice to make the number of steps configurable +{% for step in range(1, 8) %} + {% for role in roles %} + # Step {{step}} resources + {{role.name}}UpgradeConfig_Step{{step}}: + type: OS::TripleO::UpgradeConfig + # The UpgradeConfig resources could actually be created without + # serialization, but the event output is easier to follow if we + # do, and there should be minimal performance hit (creating the + # config is cheap compared to the time to apply the deployment). + depends_on: + {% if step == 1 %} + - {{role.name}}Upgrade_Init + {% else %} + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} + step: {{step}} + + {{role.name}}Upgrade_Step{{step}}: + type: OS::Heat::StructuredDeploymentGroup + {% if step > 1 %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {{role.name}}Upgrade_Step{{step}} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}} + input_values: + role: {{role.name}} + update_identifier: {get_param: UpdateIdentifier} + {% endfor %} +{% endfor %} + +outputs: + # Output the config for each role, just use Step1 as the config should be + # the same for all steps (only the tag provided differs) + upgrade_configs: + description: The per-role upgrade configuration used + value: +{% for role in roles %} + {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} +{% endfor %} + diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index be638c56..2c76492a 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -217,6 +217,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -228,40 +318,39 @@ resources: SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: - mapped_data: {get_param: ObjectStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - object: - mapped_data: # data supplied directly to this deployment configuration, etc - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig + - service_names + - service_configs + - object + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + object_extraconfig: {get_param: ObjectStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + object: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment @@ -310,48 +399,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -369,47 +423,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [SwiftStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the swift storage server value: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index ad5e4794..9726d978 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -5,13 +5,17 @@ parameters: description: Flavor for the {{role}} node. default: baremetal type: string +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor +{% endif %} {{role}}Image: type: string default: overcloud-full +{% if disable_constraints is not defined %} constraints: - custom_constraint: glance.image +{% endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -20,8 +24,10 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair +{% endif %} ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -229,6 +235,96 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: @@ -250,41 +346,41 @@ resources: {{role}}Config: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - {{role.lower()}}_extraconfig - - extraconfig - - service_names - - service_configs - - {{role.lower()}} - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - {{role.lower()}}_extraconfig: - mapped_data: {get_param: {{role}}ExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - {{role.lower()}}: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - {{role.lower()}}_extraconfig + - extraconfig + - service_names + - service_configs + - {{role.lower()}} + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig} + extraconfig: {get_param: ExtraConfig} + {{role.lower()}}: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -330,48 +426,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -389,47 +450,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [{{role}}, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for {{role}} server value: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 8fe51fa3..856b306e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -22,8 +22,8 @@ Config Settings Each service may define a config_settings output variable which returns Hiera settings to be configured. -Steps ------ +Deployment Steps +---------------- Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests @@ -49,8 +49,28 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) - 6) Fencing (Pacemaker) +Upgrade Steps +------------- + +Each service template may optionally define a `upgrade_tasks` key, which is a +list of ansible tasks to be performed during the upgrade process. + +Similar to the step_config, we allow a series of steps for the per-service +upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first +step, "step2" for the second, etc. + + Steps/tages correlate to the following: + + 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster + + 2) Stop all control-plane services, ready for upgrade + + 3) Perform a package update, (either specific packages or the whole system) + + 4) Start services needed for migration tasks (e.g DB) + + 5) Perform any migration tasks, e.g DB sync commands -Note: Not all roles currently support all steps: + 6) Start control-plane services - * ObjectStorage role only supports steps 2, 3 and 4 + 7) Any additional online migration tasks (e.g data migrations) diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index daed1665..0cc7ad8b 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -55,7 +55,7 @@ outputs: aodh::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' @@ -68,7 +68,7 @@ outputs: aodh::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 87e53f13..1d76b9a3 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -35,8 +35,8 @@ outputs: httpd-NETWORK: service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' service_key: '/etc/pki/tls/private/httpd-NETWORK.key' - hostname: "%{::fqdn_NETWORK}" - principal: "HTTP/%{::fqdn_NETWORK}" + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: NETWORK: # NOTE(jaosorior) Get unique network names to create diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index b266674f..24687d03 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -24,7 +24,7 @@ parameters: hidden: true BarbicanWorkers: description: Set the number of workers for barbican::wsgi::apache - default: '"%{::processorcount}"' + default: '%{::processorcount}' type: string Debug: default: '' @@ -93,7 +93,7 @@ outputs: barbican::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::db::database_connection: diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 97b255a9..2e2d3f2d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -75,7 +75,7 @@ outputs: ceilometer::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} @@ -83,7 +83,7 @@ outputs: ceilometer::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index ded1bc03..060ae32d 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -31,9 +31,9 @@ parameters: type: string hidden: true CeilometerMeterDispatcher: - default: 'gnocchi' - description: Dispatcher to process meter data - type: string + default: ['gnocchi'] + description: Comma-seperated list of Dispatcher to process meter data + type: comma_delimited_list constraints: - allowed_values: ['gnocchi', 'database'] CeilometerEventDispatcher: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 786e9ddd..8faf5640 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -119,36 +119,33 @@ outputs: NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: - str_replace: - template: "{ - client.admin: { - secret: 'ADMIN_KEY', - mode: '0600', - cap_mon: 'allow *', - cap_osd: 'allow *', + map_replace: + - client.admin: + secret: {get_param: CephAdminKey} + mode: '0600' + cap_mon: 'allow *' + cap_osd: 'allow *' cap_mds: 'allow *' - }, - client.bootstrap-osd: { - secret: 'ADMIN_KEY', - keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + client.bootstrap-osd: + secret: {get_param: CephAdminKey} + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring' cap_mon: 'allow profile bootstrap-osd' - }, - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: CephClientKey} - ADMIN_KEY: {get_param: CephAdminKey} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + CEPH_CLIENT_KEY: + secret: {get_param: CephClientKey} + mode: '0644' + cap_mon: 'allow r' + cap_osd: + str_replace: + template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + params: + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + - keys: + CEPH_CLIENT_KEY: + list_join: ['.', ['client', {get_param: CephClientUserName}]] service_config_settings: glance_api: glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 89c1a5ee..4b85d28f 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -68,6 +68,7 @@ outputs: ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::user: 'swift' ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 803d8b83..6cb2b194 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -42,7 +42,7 @@ parameters: CinderWorkers: type: string description: Set the number of workers for cinder::wsgi::apache - default: '"%{::os_workers}"' + default: '%{::os_workers}' EnableInternalTLS: type: boolean default: false @@ -101,7 +101,7 @@ outputs: cinder::api::bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} @@ -115,7 +115,7 @@ outputs: cinder::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} - diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 651bf4b1..abe752e2 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -87,8 +87,16 @@ outputs: tripleo::profile::base::database::mysql::bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + upgrade_tasks: + - name: Stop service + tags: step2 + service: name=mariadb state=stopped + - name: Start service + tags: step4 + service: name=mariadb state=started + diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 4ed3c007..2fab0eb6 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -39,6 +39,6 @@ outputs: # internal_api_subnet - > IP/CIDR redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 - redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' - redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" + redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index ac15de4f..b3d39e0f 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -91,7 +91,7 @@ outputs: gnocchi::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} @@ -105,7 +105,7 @@ outputs: gnocchi::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index c8edade5..675a79ec 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -77,3 +77,10 @@ outputs: - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] step_config: | include ::tripleo::profile::base::haproxy + upgrade_tasks: + - name: Stop haproxy service + tags: step1 + service: name=haproxy state=stopped + - name: Start haproxy service + tags: step4 # Needed at step 4 for mysql + service: name=haproxy state=started diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 4ac9fc30..f173aa63 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -68,7 +68,7 @@ outputs: list_join: - '' - - 'http://' - - '%{hiera("ironic_conductor_http_host")}:' + - "%{hiera('ironic_conductor_http_host')}:" - {get_param: IronicIPXEPort} ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index fb0d32b6..b4f1a100 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Keepalived service configured with Puppet @@ -36,6 +36,11 @@ parameters: default: 'overcloud-keepalived' type: string +conditions: + + control_iface_empty: {equals : [{get_param: ControlVirtualInterface}, '']} + public_iface_empty: {equals : [{get_param: PublicVirtualInterface}, '']} + outputs: role_data: description: Role data for the Keepalived role. @@ -43,10 +48,27 @@ outputs: service_name: keepalived monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} - tripleo.keepalived.firewall_rules: - '106 keepalived vrrp': - proto: vrrp + map_merge: + - tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp + - + if: + - control_iface_empty + - {} + - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + - + if: + - public_iface_empty + - {} + - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived + upgrade_tasks: + - name: Stop keepalived service + tags: step1 + service: name=keepalived state=stopped + - name: Start keepalived service + tags: step4 # Needed at step 4 for mysql + service: name=keepalived state=started + diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index fe023a6a..e48d7037 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -89,7 +89,7 @@ parameters: KeystoneWorkers: type: string description: Set the number of workers for keystone::wsgi::apache - default: '"%{::os_workers}"' + default: '%{::os_workers}' MonitoringSubscriptionKeystone: default: 'overcloud-keystone' type: string @@ -195,13 +195,13 @@ outputs: keystone::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::servername_admin: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} @@ -219,13 +219,13 @@ outputs: keystone::admin_bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::public_bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the @@ -248,3 +248,14 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Stop keystone service (running under httpd) + tags: step2 + service: name=httpd state=stopped + - name: Sync keystone DB + tags: step5 + command: keystone-manage db_sync + - name: Start keystone service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 0b2cef07..3d03c313 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -84,16 +84,12 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron::core_plugin: {get_param: NeutronCorePlugin} - neutron::service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} + neutron::service_plugins: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 - neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::host: '%{::fqdn}' neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a2157555..dfa8c062 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -68,8 +68,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::router_delete_namespaces: True - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} + - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} tripleo.neutron_l3.firewall_rules: '106 neutron_l3 vrrp': proto: vrrp diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 8be4c6d6..c87de285 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -72,6 +72,6 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' - neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' + neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cca0deee..e2b90b7b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -94,21 +94,9 @@ outputs: - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} - neutron::agents::ml2::ovs::bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron::agents::ml2::ovs::tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron::agents::ml2::ovs::extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} + neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings} + neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 5dbae3dc..88b5064c 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -83,46 +83,14 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron::plugins::ml2::type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron::plugins::ml2::flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron::plugins::ml2::extension_drivers: - str_replace: - template: PLUGIN_EXTENSIONS - params: - PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} - neutron::plugins::ml2::network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron::plugins::ml2::tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron::plugins::ml2::vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron::plugins::ml2::tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} + - neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers} + neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks} + neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions} + neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} + neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} + neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 49bd84bc..50e4c996 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -87,8 +87,8 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - nova::cron::archive_deleted_rows::hour: '"*/12"' - nova::cron::archive_deleted_rows::destination: '"/dev/null"' + - nova::cron::archive_deleted_rows::hour: '*/12' + nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: '113 nova_api': dport: @@ -108,7 +108,7 @@ outputs: nova::api::api_bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::service_name: 'httpd' @@ -122,7 +122,7 @@ outputs: nova::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 74a95d20..20bf2e42 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -109,7 +109,7 @@ outputs: nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' - nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::host: '%{::fqdn}' nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7f2510e..908b676e 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -52,7 +52,7 @@ parameters: For different formats, refer to the nova.conf documentation for pci_passthrough_whitelist configuration type: json - default: '' + default: {} NovaVcpuPinSet: description: > A list or range of physical CPU cores to reserve for virtual machine @@ -97,11 +97,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::compute::libvirt::manage_libvirt_services: false - nova::compute::pci_passthrough: - str_replace: - template: "'JSON_PARAM'" - params: - JSON_PARAM: {get_param: NovaPCIPassthrough} + nova::compute::pci_passthrough: {get_param: NovaPCIPassthrough} nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} # we manage migration in nova common puppet profile @@ -117,7 +113,7 @@ outputs: - '.' - - 'client' - {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index 7deaf0ca..f2905903 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -40,7 +40,7 @@ outputs: - tripleo::profile::pacemaker::database::mysql::bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 63f631a0..a8bd5e8a 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -55,7 +55,7 @@ outputs: panko::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} panko::api::service_name: 'httpd' @@ -68,7 +68,7 @@ outputs: panko::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 44a09a42..b77e0a91 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -97,6 +97,13 @@ outputs: # internal_api_subnet - > IP/CIDR rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} - step_config: | include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + tags: step6 + service: name=rabbitmq-server state=started + diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index ffe2d2d4..13df5bbe 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -108,3 +108,8 @@ outputs: expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + upgrade_tasks: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 124f5fe8..69912fa5 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,3 +32,7 @@ outputs: tripleo::packages::enable_install: {get_param: EnablePackageInstall} step_config: | include ::tripleo::packages + upgrade_tasks: + - name: Update all packages + tags: step3 + yum: name=* state=latest diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml new file mode 100644 index 00000000..77240c3c --- /dev/null +++ b/puppet/services/zaqar.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Zaqar service. Shared for all Heat services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ZaqarPassword: + description: The password for Zaqar + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + service_name: zaqar + config_settings: + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + service_config_settings: + keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::zaqar diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml new file mode 100644 index 00000000..c67e10b3 --- /dev/null +++ b/puppet/upgrade_config.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade for via ansible by applying a step related tag' + +parameters: + UpgradeStepConfig: + type: json + description: Config (ansible yaml) that will be used to step through the deployment. + default: '' + + step: + type: string + description: Step number of the upgrade + +resources: + + AnsibleConfig: + type: OS::Heat::Value + properties: + value: + str_replace: + template: CONFIG + params: + CONFIG: + - hosts: localhost + connection: local + tasks: {get_param: UpgradeStepConfig} + + AnsibleUpgradeConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: ansible + options: + tags: + str_replace: + template: "stepSTEP" + params: + STEP: {get_param: step} + inputs: + - name: role + config: {get_attr: [AnsibleConfig, value]} + +outputs: + OS::stack_id: + description: The software config which runs ansible with tags + value: {get_resource: AnsibleUpgradeConfigImpl} + upgrade_config: + description: The configuration file used for upgrade + value: {get_attr: [AnsibleConfig, value]} diff --git a/requirements.txt b/requirements.txt index 4e46b891..9c4a708a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ pbr>=0.5.21,<1.0 +Jinja2>=2.8 # BSD License (3 clause) diff --git a/roles_data.yaml b/roles_data.yaml index d7ed80c5..81ddf9ca 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -96,6 +96,7 @@ - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar - name: Compute CountDefault: 1 diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh new file mode 100755 index 00000000..f456b316 --- /dev/null +++ b/scripts/hosts-config.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -eux +set -o pipefail + +write_entries() { + local file="$1" + local entries="$2" + + # Don't do anything if the file isn't there + if [ ! -f "$file" ]; then + return + fi + + if grep -q "^# HEAT_HOSTS_START" "$file"; then + temp=$(mktemp) + awk -v v="$entries" '/^# HEAT_HOSTS_START/ { + print $0 + print v + f=1 + }f &&!/^# HEAT_HOSTS_END$/{next}/^# HEAT_HOSTS_END$/{f=0}!f' "$file" > "$temp" + echo "INFO: Updating hosts file $file, check below for changes" + diff "$file" "$temp" || true + cat "$temp" > "$file" + else + echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file" + echo "$entries" >> "$file" + echo -ne "# HEAT_HOSTS_END\n\n" >> "$file" + fi + +} + +if [ ! -z "$hosts" ]; then + for tmpl in /etc/cloud/templates/hosts.*.tmpl ; do + write_entries "$tmpl" "$hosts" + done + write_entries "/etc/hosts" "$hosts" +else + echo "No hosts in Heat, nothing written." +fi diff --git a/tools/process-templates.py b/tools/process-templates.py new file mode 100755 index 00000000..a15b00e2 --- /dev/null +++ b/tools/process-templates.py @@ -0,0 +1,125 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import jinja2 +import os +import sys +import yaml + + +def parse_opts(argv): + parser = argparse.ArgumentParser( + description='Configure host network interfaces using a JSON' + ' config file format.') + parser.add_argument('-p', '--base_path', metavar='BASE_PATH', + help="""base path of templates to process.""", + default='.') + parser.add_argument('-r', '--roles-data', metavar='ROLES_DATA', + help="""relative path to the roles_data.yaml file.""", + default='roles_data.yaml') + parser.add_argument('--safe', + action='store_true', + help="""Enable safe mode (do not overwrite files).""", + default=False) + opts = parser.parse_args(argv[1:]) + + return opts + + +def _j2_render_to_file(j2_template, j2_data, outfile_name=None, + overwrite=True): + yaml_f = outfile_name or j2_template.replace('.j2.yaml', '.yaml') + print('rendering j2 template to file: %s' % outfile_name) + + if not overwrite and os.path.exists(outfile_name): + print('ERROR: path already exists for file: %s' % outfile_name) + sys.exit(1) + + try: + # Render the j2 template + template = jinja2.Environment().from_string(j2_template) + r_template = template.render(**j2_data) + except jinja2.exceptions.TemplateError as ex: + error_msg = ("Error rendering template %s : %s" + % (yaml_f, six.text_type(ex))) + print(error_msg) + raise Exception(error_msg) + with open(outfile_name, 'w') as out_f: + out_f.write(r_template) + + +def process_templates(template_path, role_data_path, overwrite): + + with open(role_data_path) as role_data_file: + role_data = yaml.safe_load(role_data_file) + + j2_excludes_path = os.path.join(template_path, 'j2_excludes.yaml') + with open(j2_excludes_path) as role_data_file: + j2_excludes = yaml.safe_load(role_data_file) + + role_names = [r.get('name') for r in role_data] + r_map = {} + for r in role_data: + r_map[r.get('name')] = r + excl_templates = ['%s/%s' % (template_path, e) + for e in j2_excludes.get('name')] + + if os.path.isdir(template_path): + for subdir, dirs, files in os.walk(template_path): + for f in files: + file_path = os.path.join(subdir, f) + # We do two templating passes here: + # 1. *.role.j2.yaml - we template just the role name + # and create multiple files (one per role) + # 2. *.j2.yaml - we template with all roles_data, + # and create one file common to all roles + if f.endswith('.role.j2.yaml'): + print("jinja2 rendering role template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering roles %s" % "," + .join(role_names)) + for role in role_names: + j2_data = {'role': role} + # (dprince) For the undercloud installer we don't + # want to have heat check nova/glance API's + if r_map[role].get('disable_constraints', False): + j2_data['disable_constraints'] = True + out_f = "-".join( + [role.lower(), + os.path.basename(f).replace('.role.j2.yaml', + '.yaml')]) + out_f_path = os.path.join(subdir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path, overwrite) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): + print("jinja2 rendering normal template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + j2_data = {'roles': role_data} + out_f = file_path.replace('.j2.yaml', '.yaml') + _j2_render_to_file(template_data, j2_data, out_f, + overwrite) + + else: + print('Unexpected argument %s' % template_path) + +opts = parse_opts(sys.argv) + +role_data_path = os.path.join(opts.base_path, opts.roles_data) + +process_templates(opts.base_path, role_data_path, (not opts.safe)) @@ -11,4 +11,9 @@ deps = -r{toxinidir}/requirements.txt commands = {posargs} [testenv:pep8] -commands = python ./tools/yaml-validate.py . +commands = + python ./tools/process-templates.py + python ./tools/yaml-validate.py . + +[testenv:templates] +commands = python ./tools/process-templates.py |