diff options
27 files changed, 205 insertions, 221 deletions
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 20e37e37..102787a6 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -52,6 +52,8 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index cfb05077..7b917aef 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -6,11 +6,11 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml - OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml - OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml - OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml + OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 7354898b..6c58a589 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -55,7 +55,11 @@ outputs: description: Role data for the collectd role. value: service_name: {get_attr: [CollectdBase, role_data, service_name]} - config_settings: {get_attr: [CollectdBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CollectdBase, role_data, config_settings] + - tripleo::profile::base::metrics::collectd::enable_file_logging: true + collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log step_config: &step_config get_attr: [CollectdBase, role_data, step_config] service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} @@ -71,6 +75,10 @@ outputs: kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + permissions: + - path: /var/log/collectd + owner: collectd:collectd + recurse: true docker_config: step_3: collectd: @@ -84,11 +92,17 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro + - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro + - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro + - /var/log/containers/collectd:/var/log/collectd:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/collectd + state: directory upgrade_tasks: - name: Stop and disable collectd service tags: step2 service: name=collectd.service state=stopped enabled=no - diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml new file mode 100644 index 00000000..b0ad3760 --- /dev/null +++ b/docker/services/database/mysql-client.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Configuration for containerized MySQL clients + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} + # BEGIN DOCKER SETTINGS # + step_config: "" + puppet_config: + config_volume: mysql_client + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::base::database::mysql::client" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + # no need for a docker config, this service only generates configuration files + docker_config: {} diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index a32176af..1c8aa5bd 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -61,6 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicApiBase, role_data, config_settings] + - apache::default_vhost: false step_config: &step_config get_attr: [IronicApiBase, role_data, step_config] service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} @@ -75,7 +76,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: /var/lib/kolla/config_files/ironic_api.json: - command: /usr/bin/ironic-api + command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/ironic owner: ironic:ironic @@ -113,7 +114,7 @@ outputs: start_order: 10 image: *ironic_image net: host - privileged: false + user: root restart: always volumes: list_concat: @@ -121,6 +122,10 @@ outputs: - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 47d0f579..a203d436 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -14,7 +14,8 @@ parameters: type: string DockerManilaConfigImage: description: image - default: 'centos-binary-manila-base:latest' + default: 'centos-binary-manila-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -40,6 +41,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -73,20 +77,27 @@ outputs: owner: manila:manila recurse: true docker_config: - step_3: - manila_api_db_sync: - user: root + step_2: + manila_init_logs: image: &manila_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila'] + step_3: + manila_api_db_sync: + user: root + image: *manila_api_image net: host detach: false volumes: - - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'" step_4: manila_api: @@ -94,11 +105,12 @@ outputs: net: host restart: always volumes: - - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/manila:/var/log/manila + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/environments/docker.yaml b/environments/docker.yaml index 6a5ec87a..3ddc7e3a 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -30,6 +30,7 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..96632bc2 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,19 +59,6 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. - -conditions: - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -149,11 +136,7 @@ resources: name: RHELUnregistrationDeployment server: {get_param: server} config: {get_resource: RHELUnregistration} - actions: - if: - - deployment_actions_empty - - [] - - ['DELETE'] # Only do this on DELETE + actions: ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -186,11 +169,7 @@ resources: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index 79cb7cbc..48ba5263 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -7,19 +7,6 @@ description: > parameters: server: type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. - -conditions: - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -37,11 +24,6 @@ resources: name: SomeDeployment server: {get_param: server} config: {get_resource: SomeConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE actions: ['CREATE'] # Only do this on CREATE RebootConfig: @@ -62,9 +44,5 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index fe52ef7e..41d8f4f6 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -19,13 +19,6 @@ parameters: {{role}}HostCpusList: type: string default: "" - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. parameter_group: - label: deprecated @@ -45,10 +38,6 @@ conditions: equals: - get_param: {{role}}TunedProfileName - "" - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -73,11 +62,7 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} @@ -103,11 +88,7 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 21309dd5..74e716ad 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -11,20 +11,9 @@ parameters: type: json description: Role Specific parameters default: {} - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: HostParametersConfig: @@ -48,11 +37,7 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} @@ -78,11 +63,7 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index 02fdbf1c..e4ba0cc4 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -7,13 +7,6 @@ parameters: server: description: ID of the node to apply this config to type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. resources: SshHostPubKeyConfig: @@ -35,7 +28,6 @@ resources: properties: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} - actions: {get_param: deployment_actions} outputs: diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index 8fe2d270..864da24b 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -110,7 +110,7 @@ EOF_CAT } if [ -n '$network_config' ]; then - if [ -z "${disable_configure_safe_defaults:-''}" ]; then + if [ -z "${disable_configure_safe_defaults:-}" ]; then trap configure_safe_defaults EXIT fi diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index d3d8cbdb..ba8e5568 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -42,7 +42,7 @@ parameters: CinderApiNetwork: internal_api CinderIscsiNetwork: storage CongressApiNetwork: internal_api - GlanceApiNetwork: storage + GlanceApiNetwork: internal_api IronicApiNetwork: ctlplane IronicNetwork: ctlplane IronicInspectorNetwork: ctlplane diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 95dcf0b5..551a88ca 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: BlockStorage} @@ -511,21 +507,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: BlockStorageDeployment properties: server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 6674a8ac..4336f3e7 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -383,7 +383,6 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -490,9 +489,6 @@ resources: CephStorageExtraConfigPre: depends_on: CephStorageDeployment type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -501,9 +497,6 @@ resources: NodeExtraConfig: depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -525,21 +518,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: CephStorageDeployment properties: server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 37eb98d1..7bcee47d 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -386,7 +386,6 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -513,9 +512,6 @@ resources: ComputeExtraConfigPre: depends_on: NovaComputeDeployment type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -524,9 +520,6 @@ resources: NodeExtraConfig: depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -549,21 +542,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: NovaComputeDeployment properties: server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 01f54df0..6a032656 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -406,7 +406,6 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -553,9 +552,6 @@ resources: ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -564,9 +560,6 @@ resources: NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -589,21 +582,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: ControllerDeployment properties: server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 4e1ad89f..6e7f0ec1 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -16,7 +16,7 @@ if [ -n "$artifact_urls" ]; then tar xvzf $TMP_DATA/file_data popd else - echo "ERROR: Unsupported file format." + echo "ERROR: Unsupported file format: $URL" exit 1 fi rm $TMP_DATA/file_data diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index e6348420..40a5d441 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: SwiftStorage} @@ -510,21 +506,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: SwiftStorageHieraDeploy properties: server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 3be2861c..320bf991 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -399,7 +399,6 @@ resources: properties: server: {get_resource: {{role}}} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -512,9 +511,6 @@ resources: {{role}}ExtraConfigPre: depends_on: {{role}}Deployment type: OS::TripleO::{{role}}ExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -523,9 +519,6 @@ resources: NodeExtraConfig: depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -548,21 +541,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: {{role}}Deployment properties: server: {get_resource: {{role}}} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 2bde9033..882ba299 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -118,6 +118,16 @@ outputs: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} principal: str_replace: template: "mysql/%{hiera('cloud_name_NETWORK')}" @@ -132,6 +142,9 @@ outputs: - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: vip + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: node - null upgrade_tasks: - name: Check for galera root password diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index df406a8c..9567a73f 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -52,3 +52,23 @@ outputs: - 26379 step_config: | include ::tripleo::profile::base::database::redis + upgrade_tasks: + - name: Check if redis is deployed + command: systemctl is-enabled redis + tags: common + ignore_errors: True + register: redis_enabled + - name: "PreUpgrade step0,validation: Check if redis is running" + shell: > + /usr/bin/systemctl show 'redis' --property ActiveState | + grep '\bactive\b' + when: redis_enabled.rc == 0 + tags: step0,validation + - name: Stop redis service + tags: step1 + when: redis_enabled.rc == 0 + service: name=redis state=stopped + - name: Install redis package if it was disabled + tags: step3 + yum: name=redis state=latest + when: redis_enabled.rc != 0 diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 092d0720..1f97b8ba 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -89,7 +89,6 @@ outputs: horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: - add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' options: ['FollowSymLinks','MultiViews'] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 945033a1..0e8eacf1 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -43,8 +43,21 @@ parameters: e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + IronicBase: type: ./ironic-base.yaml properties: @@ -63,6 +76,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::user_domain_name: 'Default' @@ -80,7 +94,17 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::api::service_name: 'httpd' ironic::policy::policies: {get_param: IronicApiPolicies} + ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} + ironic::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS} tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -106,6 +130,9 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: - - name: Stop ironic_api service + - name: Stop ironic_api service (before httpd support) + tags: step1 + service: name=openstack-ironic-api state=stopped enabled=no + - name: Stop ironic_api service (running under httpd) tags: step1 - service: name=openstack-ironic-api state=stopped + service: name=httpd state=stopped diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d8e942d0..0a7659e0 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -61,6 +66,8 @@ outputs: # internal_api_subnet - > IP/CIDR tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: get_param: [ServiceNetMap, MysqlNetwork] + tripleo::profile::pacemaker::database::mysql::ca_file: + get_param: InternalTLSCAFile step_config: | include ::tripleo::profile::pacemaker::database::mysql metadata_settings: diff --git a/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml new file mode 100644 index 00000000..18474cf3 --- /dev/null +++ b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Incorrect network used for Glance API service. |