diff options
25 files changed, 190 insertions, 39 deletions
diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml new file mode 100644 index 00000000..227f28fe --- /dev/null +++ b/docker/services/manila-share.yaml @@ -0,0 +1,118 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaShareImage: + description: image + default: 'centos-binary-manila-share:latest' + type: string + DockerManilaConfigImage: + description: image + default: 'centos-binary-manila-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaBase: + type: ../../puppet/services/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: {get_attr: [ManilaBase, role_data, config_settings]} + step_config: &step_config + get_attr: [ManilaBase, role_data, step_config] + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph-ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_share: + image: &manila_share_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ] + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/manila:/var/log/manila + - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/environments/services-docker/manila.yaml b/environments/services-docker/manila.yaml index 795309f6..eacdb1a1 100644 --- a/environments/services-docker/manila.yaml +++ b/environments/services-docker/manila.yaml @@ -1,3 +1,4 @@ resource_registry: OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 6c46133a..31d0c1e0 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -193,6 +193,32 @@ resources: template: | #!/bin/bash set -x + + # OvS Permission issue temporary workaround + # https://bugzilla.redhat.com/show_bug.cgi?id=1459436 + # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html + ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service" + + if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then + sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path + else + echo "RuntimeDirectoryMode=0775" >> $ovs_service_path + fi + + if ! grep -Fxq "Group=qemu" $ovs_service_path ; then + echo "Group=qemu" >> $ovs_service_path + fi + + if ! grep -Fxq "UMask=0002" $ovs_service_path ; then + echo "UMask=0002" >> $ovs_service_path + fi + + ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl' + if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then + sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path + fi + + # DO NOT use --detailed-exitcodes puppet apply --logdest console \ --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index d1dd5d1d..367f50d7 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -371,3 +371,15 @@ function fixup_wrong_ipv6_vip { fi ) } + +# https://bugs.launchpad.net/tripleo/+bug/1704131 guard against yum update +# waiting for an existing process until the heat stack time out +function check_for_yum_lock { + if [[ -f /var/run/yum.pid ]] ; then + ERR="ERROR existing yum.pid detected - can't continue! Please ensure +there is no other package update process for the duration of the minor update +worfklow. Exiting." + echo $ERR + exit 1 + fi +} diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 0c4a7928..8f804583 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -93,6 +93,7 @@ if [[ "$pacemaker_status" == "active" ]] ; then fi else echo "Upgrading openstack-puppet-modules and its dependencies" + check_for_yum_lock yum -q -y update openstack-puppet-modules yum deplist openstack-puppet-modules | awk '/dependency/{print $2}' | xargs yum -q -y update echo "Upgrading other packages is handled by config management tooling" @@ -102,8 +103,9 @@ fi command=${command:-update} full_command="yum -q -y $command $command_arguments" -echo "Running: $full_command" +echo "Running: $full_command" +check_for_yum_lock result=$($full_command) return_code=$? echo "$result" diff --git a/network/external.yaml b/network/external.yaml index 277c7614..5b1023d7 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -15,7 +15,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean ExternalNetEnableDHCP: default: false diff --git a/network/external_v6.yaml b/network/external_v6.yaml index e577c1ca..29930bbb 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ExternalNetShared: default: false diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 563e6d41..554b900e 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -15,7 +15,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean InternalApiNetEnableDHCP: default: false diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 05a740b3..a089aa79 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean InternalApiNetShared: default: false diff --git a/network/management_v6.yaml b/network/management_v6.yaml index a44d34d3..e2527c42 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ManagementNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ManagementNetShared: default: false diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index 75818bf0..a6971b0f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -64,6 +64,7 @@ parameters: ManagementIpSubnet: default: '' type: string + description: IP address/subnet on the management network ManagementIpUri: default: '' type: string diff --git a/network/storage.yaml b/network/storage.yaml index 0fb9cc00..5c68c4c7 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageNetEnableDHCP: default: false diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index 9869f0da..23c5b4b7 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageMgmtNetEnableDHCP: default: false diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index d6b1652a..ea60b5e7 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageMgmtNetShared: default: false diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index 0ec34add..52bd42a4 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageNetShared: default: false diff --git a/network/tenant.yaml b/network/tenant.yaml index 4881308d..c50dca27 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -15,7 +15,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean TenantNetEnableDHCP: default: false diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index bbc2b6bf..c77c2cbe 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean TenantNetShared: default: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 14bb0fb1..0fc410d6 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -581,8 +581,6 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} {% endfor %} - # FIXME(shardy): These require further work to move into service_ips - memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} @@ -871,10 +869,7 @@ outputs: {% endfor %} ServerOsCollectConfigData: description: The os-collect-config configuration associated with each server resource - value: -{% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}, attributes, os_collect_config]} -{% endfor %} + value: {get_attr: [ServerOsCollectConfigData, value]} VipMap: description: Mapping of each network to VIP addresses. Also includes the Redis VIP. value: diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b1284452..b29a8a98 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -30,8 +30,6 @@ parameters: type: json controller_names: type: comma_delimited_list - memcache_node_ips: - type: comma_delimited_list NetVipMap: type: json RedisVirtualIP: @@ -170,11 +168,6 @@ resources: list_join: - ',' - {get_param: controller_names} - memcached_node_ips_v6: - repeat: - template: "inet6:[NAME]" - for_each: - NAME: {get_param: memcache_node_ips} deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} stack_action: {get_param: StackAction} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index cdc2ec68..933b5e60 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -27,10 +27,6 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string - EnableLoadBalancer: - default: true - description: Whether to deploy a LoadBalancer on the Controller - type: boolean ExtraConfig: default: {} description: | @@ -525,7 +521,6 @@ resources: config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: - enable_load_balancer: {get_param: EnableLoadBalancer} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -567,8 +562,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: {get_param: ExtraConfig} controller: - enable_load_balancer: {get_input: enable_load_balancer} - # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 28552301..cbeef6c5 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -69,11 +69,11 @@ parameters: type: json CephValidationRetries: type: number - default: 5 + default: 40 description: Number of retry attempts for Ceph validation CephValidationDelay: type: number - default: 10 + default: 30 description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 5bdc3b88..35dcc196 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -26,6 +26,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used. + type: boolean HAProxyStatsPassword: description: Password for HAProxy stats endpoint hidden: true @@ -100,6 +104,7 @@ outputs: tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled} + enable_load_balancer: {get_param: EnableLoadBalancer} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 4493721c..2c23cf55 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -53,8 +53,7 @@ parameters: type: comma_delimited_list NeutronEnableDVR: default: False - description: | - Enable support for distributed routing in the OVS Agent. + description: Enable Neutron DVR. type: boolean NeutronEnableARPResponder: default: false diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index 0659a945..433556f3 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -28,14 +28,14 @@ parameters: type: json RabbitUserName: default: guest - description: The username for Qdr + description: The username for RabbitMQ type: string RabbitPassword: - description: The password for Qdr + description: The password for RabbitMQ type: string hidden: true RabbitClientPort: - description: Listening port for Qdr + description: Set rabbit subscriber port, change this if using SSL default: 5672 type: number MonitoringSubscriptionQdr: diff --git a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml new file mode 100644 index 00000000..f8c06fd6 --- /dev/null +++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Fixed the openvswitch permission to allow ovs to access vhost + sockets created by qemu. This is a workaround until openvswitch + provides the actual solution. + |