aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--.testr.conf4
-rwxr-xr-xdocker/docker-puppet.py40
-rw-r--r--docker/services/aodh-api.yaml5
-rw-r--r--docker/services/cinder-api.yaml156
-rw-r--r--docker/services/cinder-backup.yaml132
-rw-r--r--docker/services/cinder-scheduler.yaml120
-rw-r--r--docker/services/cinder-volume.yaml163
-rw-r--r--docker/services/congress-api.yaml5
-rw-r--r--docker/services/database/mysql.yaml5
-rw-r--r--docker/services/database/redis.yaml2
-rw-r--r--docker/services/glance-api.yaml5
-rw-r--r--docker/services/gnocchi-api.yaml5
-rw-r--r--docker/services/heat-engine.yaml5
-rw-r--r--docker/services/horizon.yaml4
-rw-r--r--docker/services/ironic-api.yaml4
-rw-r--r--docker/services/iscsid.yaml109
-rw-r--r--docker/services/keystone.yaml5
-rw-r--r--docker/services/manila-scheduler.yaml105
-rw-r--r--docker/services/memcached.yaml1
-rw-r--r--docker/services/mistral-api.yaml8
-rw-r--r--docker/services/multipathd.yaml89
-rw-r--r--docker/services/neutron-api.yaml5
-rw-r--r--docker/services/nova-api.yaml12
-rw-r--r--docker/services/nova-consoleauth.yaml108
-rw-r--r--docker/services/nova-vnc-proxy.yaml108
-rw-r--r--docker/services/pacemaker/haproxy.yaml23
-rw-r--r--docker/services/panko-api.yaml5
-rw-r--r--docker/services/rabbitmq.yaml2
-rw-r--r--docker/services/sahara-api.yaml119
-rw-r--r--docker/services/sahara-engine.yaml110
-rw-r--r--docker/services/sensu-client.yaml131
-rw-r--r--docker/services/swift-ringbuilder.yaml15
-rw-r--r--docker/services/tacker.yaml5
-rw-r--r--environments/cinder-dellsc-config.yaml1
-rw-r--r--environments/docker.yaml8
-rw-r--r--environments/enable-tls.yaml1
-rw-r--r--environments/host-config-and-reboot.j2.yaml18
-rw-r--r--environments/host-config-pre-network.j2.yaml16
-rw-r--r--environments/hyperconverged-ceph.yaml1
-rw-r--r--environments/network-isolation.j2.yaml2
-rw-r--r--environments/predictable-placement/custom-hostnames.yaml33
-rw-r--r--environments/services-docker/manila.yaml1
-rw-r--r--environments/services-docker/sahara.yaml3
-rw-r--r--environments/services-docker/sensu-client.yaml3
-rw-r--r--environments/tls-endpoints-public-dns.yaml6
-rw-r--r--environments/tls-endpoints-public-ip.yaml6
-rw-r--r--environments/tls-everywhere-endpoints-dns.yaml6
-rw-r--r--extraconfig/pre_network/ansible_host_config.yaml (renamed from extraconfig/pre_network/ansible_host_config.ansible)8
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.role.j2.yaml10
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.yaml85
-rw-r--r--network/endpoints/endpoint_data.yaml2
-rw-r--r--network/endpoints/endpoint_map.yaml6
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--overcloud.j2.yaml1
-rw-r--r--puppet/blockstorage-role.yaml6
-rw-r--r--puppet/cephstorage-role.yaml6
-rw-r--r--puppet/compute-role.yaml6
-rw-r--r--puppet/controller-role.yaml6
-rw-r--r--puppet/objectstorage-role.yaml6
-rw-r--r--puppet/role.role.j2.yaml6
-rw-r--r--puppet/services/cinder-backend-dellsc.yaml4
-rw-r--r--puppet/services/cinder-backend-netapp.yaml8
-rw-r--r--puppet/services/cinder-volume.yaml16
-rw-r--r--puppet/services/horizon.yaml2
-rw-r--r--puppet/services/keystone.yaml36
-rw-r--r--puppet/services/neutron-sriov-agent.yaml22
-rw-r--r--puppet/services/panko-api.yaml4
-rw-r--r--releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml6
-rw-r--r--releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml10
-rw-r--r--releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml5
-rw-r--r--releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml4
-rw-r--r--releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml11
-rw-r--r--roles/BlockStorage.yaml1
-rw-r--r--roles/Compute.yaml1
-rw-r--r--roles/Controller.yaml1
-rw-r--r--roles/Undercloud.yaml1
-rw-r--r--roles_data.yaml3
-rw-r--r--roles_data_undercloud.yaml1
-rw-r--r--sample-env-generator/README.rst149
-rw-r--r--sample-env-generator/sample-environments.yaml17
-rw-r--r--test-requirements.txt8
-rw-r--r--tox.ini10
-rw-r--r--tripleo_heat_templates/__init__.py0
-rwxr-xr-xtripleo_heat_templates/environment_generator.py189
-rw-r--r--tripleo_heat_templates/tests/__init__.py0
-rw-r--r--tripleo_heat_templates/tests/test_environment_generator.py396
87 files changed, 2645 insertions, 131 deletions
diff --git a/.gitignore b/.gitignore
index cea6064d..2d067214 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,8 +22,10 @@ lib64
pip-log.txt
# Unit test / coverage reports
+cover
.coverage
.tox
+.testrepository
nosetests.xml
# Translations
diff --git a/.testr.conf b/.testr.conf
new file mode 100644
index 00000000..5837838f
--- /dev/null
+++ b/.testr.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 OS_LOG_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./tripleo_heat_templates ./tripleo_heat_templates $LISTOPT $IDOPTION
+test_id_option=--load-list $IDFILE
+test_list_option=--list
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index 340a9e9f..4d9d40d4 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -190,37 +190,23 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
if [ -n "$PUPPET_TAGS" ]; then
TAGS="--tags \"$PUPPET_TAGS\""
fi
+
+ # workaround LP1696283
+ mkdir -p /etc/ssh
+ touch /etc/ssh/ssh_known_hosts
+
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
- rm -Rf /var/lib/config-data/${NAME}
-
- # copying etc should be enough for most services
- mkdir -p /var/lib/config-data/${NAME}/etc
- cp -a /etc/* /var/lib/config-data/${NAME}/etc/
-
- # workaround LP1696283
- mkdir -p /var/lib/config-data/${NAME}/etc/ssh
- touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts
-
- if [ -d /root/ ]; then
- cp -a /root/ /var/lib/config-data/${NAME}/root/
- fi
- if [ -d /var/lib/ironic/tftpboot/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
- cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/
- fi
- if [ -d /var/lib/ironic/httpboot/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
- cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/
- fi
-
- # apache services may files placed in /var/www/
- if [ -d /var/www/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/www
- cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/
- fi
+ archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www")
+ rsync_srcs=""
+ for d in "${archivedirs[@]}"; do
+ if [ -d "$d" ]; then
+ rsync_srcs+=" $d"
+ fi
+ done
+ rsync -a -R --delay-updates --delete-after $rsync_srcs /var/lib/config-data/${NAME}
# Write a checksum of the config-data dir, this is used as a
# salt to trigger container restart when the config changes
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 4b93ddd7..bda5469a 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -86,16 +86,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
aodh_init_log:
- start_order: 0
image: *aodh_image
user: root
volumes:
- /var/log/containers/aodh:/var/log/aodh
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh']
+ step_3:
aodh_db_sync:
- start_order: 1
image: *aodh_image
net: host
privileged: false
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
new file mode 100644
index 00000000..94bd66d8
--- /dev/null
+++ b/docker/services/cinder-api.yaml
@@ -0,0 +1,156 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderApiImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder API role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_2:
+ cinder_api_init_logs:
+ image: &cinder_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_3:
+ cinder_api_db_sync:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ command:
+ - '/usr/bin/bootstrap_host_exec'
+ - 'cinder_api'
+ - "su cinder -s /bin/bash -c 'cinder-manage db sync'"
+ step_4:
+ cinder_api:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ restart: always
+ # NOTE(mandre) kolla image changes the user to 'cinder', we need it
+ # to be root to run httpd
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/cinder/var/www/:/var/www/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/cinder
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable cinder_api service
+ tags: step2
+ service: name=httpd state=stopped enabled=no
diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
new file mode 100644
index 00000000..0958a7e8
--- /dev/null
+++ b/docker/services/cinder-backup.yaml
@@ -0,0 +1,132 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Backup service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderBackupImage:
+ description: image
+ default: 'centos-binary-cinder-backup:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-backup.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_backup.json:
+ command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/lib/cinder
+ owner: cinder:cinder
+ recurse: true
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_backup_init_logs:
+ start_order: 0
+ image: &cinder_backup_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_backup:
+ image: *cinder_backup_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/lib/cinder
+ - /var/log/containers/cinder
+ upgrade_tasks:
+ - name: Stop and disable cinder_backup service
+ tags: step2
+ service: name=openstack-cinder-backup state=stopped enabled=no
diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml
new file mode 100644
index 00000000..8199c34b
--- /dev/null
+++ b/docker/services/cinder-scheduler.yaml
@@ -0,0 +1,120 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Scheduler service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderSchedulerImage:
+ description: image
+ default: 'centos-binary-cinder-scheduler:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-scheduler.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Scheduler role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_scheduler.json:
+ command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_2:
+ cinder_scheduler_init_logs:
+ image: &cinder_scheduler_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_scheduler:
+ image: *cinder_scheduler_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ upgrade_tasks:
+ - name: Stop and disable cinder_scheduler service
+ tags: step2
+ service: name=openstack-cinder-scheduler state=stopped enabled=no
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
new file mode 100644
index 00000000..4ee1996c
--- /dev/null
+++ b/docker/services/cinder-volume.yaml
@@ -0,0 +1,163 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Volume service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderVolumeImage:
+ description: image
+ default: 'centos-binary-cinder-volume:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ # custom parameters for the Cinder volume role
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderLVMLoopDeviceSize:
+ default: 10280
+ description: The size of the loopback file used by the cinder LVM driver.
+ type: number
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-volume.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_volume.json:
+ command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_volume_init_logs:
+ start_order: 0
+ image: &cinder_volume_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_volume:
+ image: *cinder_volume_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ - /var/lib/cinder
+ #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true
+ - name: cinder create LVM volume group dd
+ command:
+ list_join:
+ - ''
+ - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
+ - str_replace:
+ template: VALUE
+ params:
+ VALUE: {get_param: CinderLVMLoopDeviceSize}
+ - 'M'
+ args:
+ creates: /var/lib/cinder/cinder-volumes
+ - name: cinder create LVM volume group
+ shell: |
+ if ! losetup /dev/loop2; then
+ losetup /dev/loop2 /var/lib/cinder/cinder-volumes
+ fi
+ if ! pvdisplay | grep cinder-volumes; then
+ pvcreate /dev/loop2
+ fi
+ if ! vgdisplay | grep cinder-volumes; then
+ vgcreate cinder-volumes /dev/loop2
+ fi
+ args:
+ executable: /bin/bash
+ creates: /dev/loop2
+ upgrade_tasks:
+ - name: Stop and disable cinder_volume service
+ tags: step2
+ service: name=openstack-cinder-volume state=stopped enabled=no
diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml
index 3ee1d91d..92b0eeb9 100644
--- a/docker/services/congress-api.yaml
+++ b/docker/services/congress-api.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
congress_init_logs:
- start_order: 0
image: &congress_image
list_join:
- '/'
@@ -94,8 +93,8 @@ outputs:
volumes:
- /var/log/containers/congress:/var/log/congress
command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
+ step_3:
congress_db_sync:
- start_order: 1
image: *congress_image
net: host
privileged: false
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index c73db857..9eabb719 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -87,17 +87,16 @@ outputs:
recurse: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
- step_2:
+ step_1:
mysql_init_logs:
- start_order: 0
image: *mysql_image
privileged: false
user: root
volumes:
- /var/log/containers/mysql:/var/log/mariadb
command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
+ step_2:
mysql_bootstrap:
- start_order: 1
detach: false
image: *mysql_image
net: host
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml
index 9e84dd5f..9d0d30c8 100644
--- a/docker/services/database/redis.yaml
+++ b/docker/services/database/redis.yaml
@@ -79,6 +79,7 @@ outputs:
step_1:
redis_init_logs:
start_order: 0
+ detach: false
image: *redis_image
privileged: false
user: root
@@ -86,6 +87,7 @@ outputs:
- /var/log/containers/redis:/var/log/redis
command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
redis:
+ start_order: 1
image: *redis_image
net: host
privileged: false
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index c3af5231..5c244012 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -85,17 +85,16 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
- step_3:
+ step_2:
glance_init_logs:
- start_order: 0
image: *glance_image
privileged: false
user: root
volumes:
- /var/log/containers/glance:/var/log/glance
command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
+ step_3:
glance_api_db_sync:
- start_order: 1
image: *glance_image
net: host
privileged: false
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index e3b72bc5..bd1c3168 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -86,16 +86,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
gnocchi_init_log:
- start_order: 0
image: *gnocchi_image
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
+ step_3:
gnocchi_db_sync:
- start_order: 1
image: *gnocchi_image
net: host
detach: false
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 0adad538..7a3312dd 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -80,16 +80,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
heat_init_log:
- start_order: 0
image: *heat_engine_image
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
+ step_3:
heat_engine_db_sync:
- start_order: 1
image: *heat_engine_image
net: host
privileged: false
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 022eb5dd..13bd091c 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -86,7 +86,7 @@ outputs:
owner: apache:apache
recurse: false
docker_config:
- step_3:
+ step_2:
horizon_fix_perms:
image: *horizon_image
user: root
@@ -99,8 +99,8 @@ outputs:
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/lib/config-data/horizon/etc/:/etc/
+ step_3:
horizon:
- start_order: 1
image: *horizon_image
net: host
privileged: false
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index 650ce4cf..a32176af 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
ironic_init_logs:
- start_order: 0
image: &ironic_image
list_join:
- '/'
@@ -94,6 +93,7 @@ outputs:
volumes:
- /var/log/containers/ironic:/var/log/ironic
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
+ step_3:
ironic_db_sync:
start_order: 1
image: *ironic_image
diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml
new file mode 100644
index 00000000..53f5aff2
--- /dev/null
+++ b/docker/services/iscsid.yaml
@@ -0,0 +1,109 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Iscsid service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIscsidImage:
+ description: image
+ default: 'centos-binary-iscsid:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Iscsid API role.
+ value:
+ service_name: iscsid
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: iscsid
+ #puppet_tags: file
+ step_config: ''
+ config_image: &iscsid_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/iscsid.json:
+ command: /usr/sbin/iscsid -f
+ docker_config:
+ step_3:
+ iscsid:
+ start_order: 2
+ image: *iscsid_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /etc/iscsi
+ file:
+ path: /etc/iscsi
+ state: directory
+ - name: stat /lib/systemd/system/iscsid.socket
+ stat: path=/lib/systemd/system/iscsid.socket
+ register: stat_iscsid_socket
+ - name: Stop and disable iscsid.socket service
+ service: name=iscsid.socket state=stopped enabled=no
+ when: stat_iscsid_socket.stat.exists
+ upgrade_tasks:
+ - name: stat /lib/systemd/system/iscsid.service
+ stat: path=/lib/systemd/system/iscsid.service
+ register: stat_iscsid_service
+ - name: Stop and disable iscsid service
+ tags: step2
+ service: name=iscsid state=stopped enabled=no
+ when: stat_iscsid_service.stat.exists
+ - name: stat /lib/systemd/system/iscsid.socket
+ stat: path=/lib/systemd/system/iscsid.socket
+ register: stat_iscsid_socket
+ - name: Stop and disable iscsid.socket service
+ tags: step2
+ service: name=iscsid.socket state=stopped enabled=no
+ when: stat_iscsid_socket.stat.exists
+ metadata_settings: {}
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 5b253b46..4cd44f21 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -95,16 +95,15 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
keystone_init_log:
- start_order: 0
image: *keystone_image
user: root
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
volumes:
- /var/log/containers/keystone:/var/log/keystone
+ step_3:
keystone_db_sync:
- start_order: 1
image: *keystone_image
net: host
privileged: false
diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml
new file mode 100644
index 00000000..fbc80fc5
--- /dev/null
+++ b/docker/services/manila-scheduler.yaml
@@ -0,0 +1,105 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila Scheduler service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerManilaSchedulerImage:
+ description: image
+ default: 'centos-binary-manila-scheduler:latest'
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ default: 'centos-binary-manila-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ ManilaSchedulerPuppetBase:
+ type: ../../puppet/services/manila-scheduler.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Manila Scheduler role.
+ value:
+ service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]}
+ service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,manila_scheduler_paste_ini
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/manila_scheduler.json:
+ command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_4:
+ manila_scheduler:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ]
+ net: host
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /var/log/containers/manila:/var/log/manila
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: Create persistent manila logs directory
+ file:
+ path: /var/log/containers/manila
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable manila_scheduler service
+ tags: step2
+ service: name=openstack-manila-scheduler state=stopped enabled=no
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index d85a0878..d4539649 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -72,6 +72,7 @@ outputs:
step_1:
memcached_init_logs:
start_order: 0
+ detach: false
image: *memcached_image
privileged: false
user: root
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index cc7e613e..30c3cde1 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
mistral_init_logs:
- start_order: 0
image: &mistral_image
list_join:
- '/'
@@ -94,8 +93,9 @@ outputs:
volumes:
- /var/log/containers/mistral:/var/log/mistral
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
+ step_3:
mistral_db_sync:
- start_order: 1
+ start_order: 0
image: *mistral_image
net: host
privileged: false
@@ -109,7 +109,7 @@ outputs:
- /var/log/containers/mistral:/var/log/mistral
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
- start_order: 2
+ start_order: 1
image: *mistral_image
net: host
privileged: false
diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml
new file mode 100644
index 00000000..d8927d4b
--- /dev/null
+++ b/docker/services/multipathd.yaml
@@ -0,0 +1,89 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Multipathd service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMultipathdImage:
+ description: image
+ default: 'centos-binary-multipathd:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Multipathd API role.
+ value:
+ service_name: multipathd
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: multipathd
+ #puppet_tags: file
+ step_config: ''
+ config_image: &multipathd_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/multipathd.json:
+ command: /usr/sbin/multipathd -d
+ docker_config:
+ step_3:
+ multipathd:
+ start_order: 1
+ image: *multipathd_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ upgrade_tasks:
+ - name: Stop and disable multipathd service
+ tags: step2
+ service: name=multipathd state=stopped enabled=no
+ metadata_settings: {}
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index fbdf75ab..6c2d4cae 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -92,9 +92,8 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
neutron_init_logs:
- start_order: 0
image: &neutron_api_image
list_join:
- '/'
@@ -104,8 +103,8 @@ outputs:
volumes:
- /var/log/containers/neutron:/var/log/neutron
command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
+ step_3:
neutron_db_sync:
- start_order: 1
image: *neutron_api_image
net: host
privileged: false
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 2375dada..c97f45de 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -86,9 +86,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
nova_init_logs:
- start_order: 0
image: &nova_api_image
list_join:
- '/'
@@ -98,8 +97,9 @@ outputs:
volumes:
- /var/log/containers/nova:/var/log/nova
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ step_3:
nova_api_db_sync:
- start_order: 1
+ start_order: 0
image: *nova_api_image
net: host
detach: false
@@ -116,7 +116,7 @@ outputs:
# to be capable of upgrading a baremetal setup. This is to ensure the name
# of the cell is 'default'
nova_api_map_cell0:
- start_order: 2
+ start_order: 1
image: *nova_api_image
net: host
detach: false
@@ -124,7 +124,7 @@ outputs:
volumes: *nova_api_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
- start_order: 3
+ start_order: 2
image: *nova_api_image
net: host
detach: false
@@ -136,7 +136,7 @@ outputs:
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
nova_db_sync:
- start_order: 4
+ start_order: 3
image: *nova_api_image
net: host
detach: false
diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml
new file mode 100644
index 00000000..19f25d8e
--- /dev/null
+++ b/docker/services/nova-consoleauth.yaml
@@ -0,0 +1,108 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Consoleauth service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaConsoleauthImage:
+ description: image
+ default: 'centos-binary-nova-consoleauth:latest'
+ type: string
+ DockerNovaConfigImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NovaConsoleauthPuppetBase:
+ type: ../../puppet/services/nova-consoleauth.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Consoleauth service.
+ value:
+ service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_consoleauth.json:
+ command: /usr/bin/nova-consoleauth
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_4:
+ nova_consoleauth:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ]
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_consoleauth service
+ tags: step2
+ service: name=openstack-nova-consoleauth state=stopped enabled=no
diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml
new file mode 100644
index 00000000..97d2d154
--- /dev/null
+++ b/docker/services/nova-vnc-proxy.yaml
@@ -0,0 +1,108 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Vncproxy service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaVncProxyImage:
+ description: image
+ default: 'centos-binary-nova-novncproxy:latest'
+ type: string
+ DockerNovaConfigImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NovaVncProxyPuppetBase:
+ type: ../../puppet/services/nova-vnc-proxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Vncproxy service.
+ value:
+ service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NovaVncProxyPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_vnc_proxy.json:
+ command: /usr/bin/nova-novncproxy --web /usr/share/novnc/
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_4:
+ nova_vnc_proxy:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ]
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_vnc_proxy service
+ tags: step2
+ service: name=openstack-nova-novncproxy state=stopped enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index ae19652e..7557afd6 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -60,11 +60,7 @@ outputs:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
- step_config:
- list_join:
- - "\n"
- - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
@@ -74,8 +70,8 @@ outputs:
list_join:
- "\n"
- - "exec {'wait-for-settle': command => '/bin/true' }"
- - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
- - *noop_pcmk
+ - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+ - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
config_image: *haproxy_image
kolla_config:
@@ -88,6 +84,7 @@ outputs:
detach: false
net: host
user: root
+ privileged: true
command:
- '/bin/bash'
- '-c'
@@ -98,14 +95,20 @@ outputs:
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
- TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG:
list_join:
- ';'
- - - *noop_firewall
- - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+ - - 'include ::tripleo::profile::base::pacemaker'
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
image: *haproxy_image
volumes:
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index c381c0da..585148e5 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -87,16 +87,15 @@ outputs:
owner: panko:panko
recurse: true
docker_config:
- step_3:
+ step_2:
panko_init_log:
- start_order: 0
image: *panko_image
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
+ step_3:
panko_db_sync:
- start_order: 1
image: *panko_image
net: host
detach: false
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 609aec06..06d663c9 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -89,6 +89,7 @@ outputs:
step_1:
rabbitmq_init_logs:
start_order: 0
+ detach: false
image: *rabbitmq_image
privileged: false
user: root
@@ -97,6 +98,7 @@ outputs:
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
rabbitmq_bootstrap:
start_order: 1
+ detach: false
image: *rabbitmq_image
net: host
privileged: false
diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml
new file mode 100644
index 00000000..10670796
--- /dev/null
+++ b/docker/services/sahara-api.yaml
@@ -0,0 +1,119 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Sahara service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSaharaApiImage:
+ description: image
+ default: 'centos-binary-sahara-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SaharaApiPuppetBase:
+ type: ../../puppet/services/sahara-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara API role.
+ value:
+ service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaApiPuppetBase, role_data, config_settings]
+ - sahara::sync_db: false
+ step_config: &step_config
+ get_attr: [SaharaApiPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: sahara
+ puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+ step_config: *step_config
+ config_image: &sahara_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sahara-api.json:
+ command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf
+ permissions:
+ - path: /var/lib/sahara
+ owner: sahara:sahara
+ recurse: true
+ - path: /var/log/sahara
+ owner: sahara:sahara
+ recurse: true
+ docker_config:
+ step_3:
+ sahara_db_sync:
+ image: *sahara_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &sahara_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/sahara:/var/lib/sahara
+ - /var/log/containers/sahara:/var/log/sahara
+ command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'"
+ step_4:
+ sahara_api:
+ image: *sahara_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *sahara_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /var/lib/sahara
+ file:
+ path: /var/lib/sahara
+ state: directory
+ - name: create persistent sahara logs directory
+ file:
+ path: /var/log/containers/sahara
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable sahara_api service
+ tags: step2
+ service: name=openstack-sahara-api state=stopped enabled=no
diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml
new file mode 100644
index 00000000..41b5790b
--- /dev/null
+++ b/docker/services/sahara-engine.yaml
@@ -0,0 +1,110 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Sahara service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSaharaEngineImage:
+ description: image
+ default: 'centos-binary-sahara-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SaharaEnginePuppetBase:
+ type: ../../puppet/services/sahara-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara Engine role.
+ value:
+ service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaEnginePuppetBase, role_data, config_settings]
+ - sahara::sync_db: false
+ step_config: &step_config
+ get_attr: [SaharaEnginePuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: sahara
+ puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+ step_config: *step_config
+ config_image: &sahara_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sahara-engine.json:
+ command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf
+ permissions:
+ - path: /var/lib/sahara
+ owner: sahara:sahara
+ recurse: true
+ - path: /var/log/sahara
+ owner: sahara:sahara
+ recurse: true
+ docker_config:
+ step_4:
+ sahara_engine:
+ image: *sahara_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: &sahara_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+ - /var/lib/sahara:/var/lib/sahara
+ - /var/log/containers/sahara:/var/log/sahara
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /var/lib/sahara
+ file:
+ path: /var/lib/sahara
+ state: directory
+ - name: create persistent sahara logs directory
+ file:
+ path: /var/log/containers/sahara
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable sahara_engine service
+ tags: step2
+ service: name=openstack-sahara-engine state=stopped enabled=no
diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml
new file mode 100644
index 00000000..e6bdf155
--- /dev/null
+++ b/docker/services/sensu-client.yaml
@@ -0,0 +1,131 @@
+heat_template_version: pike
+
+description: >
+ Containerized Sensu client service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSensuClientImage:
+ description: image
+ default: 'centos-binary-sensu-client:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ SensuDockerCheckCommand:
+ type: string
+ default: |
+ for i in $(docker ps --format '{{.ID}}'); do
+ if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
+ if [ "$result" != 'healthy' ]; then
+ echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2;
+ fi
+ fi
+ done
+ SensuDockerCheckInterval:
+ type: number
+ description: The frequency in seconds the docker health check is executed.
+ default: 10
+ SensuDockerCheckHandlers:
+ default: []
+ description: The Sensu event handler to use for events
+ created by the docker health check.
+ type: comma_delimited_list
+ SensuDockerCheckOccurrences:
+ type: number
+ description: The number of event occurrences before sensu-plugin-aware handler should take action.
+ default: 3
+ SensuDockerCheckRefresh:
+ type: number
+ description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
+ default: 90
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SensuClientBase:
+ type: ../../puppet/services/monitoring/sensu-client.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sensu client role.
+ value:
+ service_name: {get_attr: [SensuClientBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SensuClientBase, role_data, config_settings]
+ - sensu::checks:
+ check-docker-health:
+ standalone: true
+ command: {get_param: SensuDockerCheckCommand}
+ interval: {get_param: SensuDockerCheckInterval}
+ handlers: {get_param: SensuDockerCheckHandlers}
+ occurrences: {get_param: SensuDockerCheckOccurrences}
+ refresh: {get_param: SensuDockerCheckRefresh}
+ step_config: &step_config
+ get_attr: [SensuClientBase, role_data, step_config]
+ service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: sensu
+ puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
+ step_config: *step_config
+ config_image: &sensu_client_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sensu-client.json:
+ command: /usr/bin/sensu-client -d /etc/sensu/conf.d/
+ docker_config:
+ step_3:
+ sensu_client:
+ image: *sensu_client_image
+ net: host
+ privileged: true
+ # NOTE(mmagr) kolla image changes the user to 'sensu', we need it
+ # to be root have rw permission to docker.sock to run successfully
+ # "docker inspect" command
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable sensu-client service
+ tags: step2
+ service: name=sensu-client.service state=stopped enabled=no
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
index bfd445d0..075d8d7c 100644
--- a/docker/services/swift-ringbuilder.yaml
+++ b/docker/services/swift-ringbuilder.yaml
@@ -58,6 +58,14 @@ parameters:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
+ SwiftRingGetTempurl:
+ default: ''
+ description: A temporary Swift URL to download rings from.
+ type: string
+ SwiftRingPutTempurl:
+ default: ''
+ description: A temporary Swift URL to upload rings to.
+ type: string
resources:
@@ -75,14 +83,17 @@ outputs:
description: Role data for Swift Ringbuilder configuration in containers.
value:
service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
- config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
step_config: &step_config
get_attr: [SwiftRingbuilderBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'swift'
- puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+ puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config: *step_config
config_image:
list_join:
diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml
index 2fc99d6f..df9750c9 100644
--- a/docker/services/tacker.yaml
+++ b/docker/services/tacker.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
tacker_init_logs:
- start_order: 0
image: &tacker_image
list_join:
- '/'
@@ -94,8 +93,8 @@ outputs:
volumes:
- /var/log/containers/tacker:/var/log/tacker
command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker']
+ step_3:
tacker_db_sync:
- start_order: 1
image: *tacker_image
net: host
privileged: false
diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml
index 99e517bf..681a2fe9 100644
--- a/environments/cinder-dellsc-config.yaml
+++ b/environments/cinder-dellsc-config.yaml
@@ -19,3 +19,4 @@ parameter_defaults:
CinderDellScSecondarySanLogin: 'Admin'
CinderDellScSecondarySanPassword: ''
CinderDellScSecondaryScApiPort: 3033
+ CinderDellScExcludedDomainIp: ''
diff --git a/environments/docker.yaml b/environments/docker.yaml
index d28b5218..5de0c8d9 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -18,7 +18,9 @@ resource_registry:
OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
@@ -47,6 +49,12 @@ resource_registry:
OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
+ OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
+ OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml
+ OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml
+ OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
+ OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
+ OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 39ded654..481459cb 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -2,6 +2,7 @@
# For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used.
parameter_defaults:
+ HorizonSecureCookies: True
SSLCertificate: |
The contents of your certificate go here
SSLIntermediateCertificate: ''
diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml
new file mode 100644
index 00000000..d5f69ec5
--- /dev/null
+++ b/environments/host-config-and-reboot.j2.yaml
@@ -0,0 +1,18 @@
+resource_registry:
+{% for role in roles %}
+ OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/host_config_and_reboot.yaml
+{% endfor %}
+
+#parameter_defaults:
+ # Note: There are no global parameters which can be applied to all roles as
+ # these configuration have to be specific to role.
+
+ # Sample parameters for Compute and ComputeOvsDpdk roles
+ #ComputeParameters:
+ #KernelArgs: ""
+ #TunedProfileName: ""
+ #HostIsolatedCoreList: ""
+ #ComputeOvsDpdkParameters:
+ #KernelArgs: ""
+ #TunedProfileName: ""
+ #HostIsolatedCoreList: ""
diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml
deleted file mode 100644
index c79e28b4..00000000
--- a/environments/host-config-pre-network.j2.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-resource_registry:
-# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc.,
-{%- for role in roles -%}
-{% if "Compute" in role.name %}
- OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml
-{%- endif -%}
-{% endfor %}
-
-#parameter_defaults:
- # Sample parameters for Compute and ComputeOvsDpdk roles
- #ComputeKernelArgs: ""
- #ComputeTunedProfileName: ""
- #ComputeHostCpuList: ""
- #ComputeOvsDpdkKernelArgs: ""
- #ComputeOvsDpdkTunedProfileName: ""
- #ComputeOvsDpdkHostCpuList: ""
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 0f7e1143..05a3a391 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -36,3 +36,4 @@ parameter_defaults:
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Iscsid
diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml
index 3ef9b275..6a7318fc 100644
--- a/environments/network-isolation.j2.yaml
+++ b/environments/network-isolation.j2.yaml
@@ -13,7 +13,7 @@
resource_registry:
# networks as defined in network_data.yaml
{%- for network in networks if network.enabled|default(true) %}
- OS::TripleO::Network::{{network.name}}: ../network/{{network.name.lower()}}.yaml
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
{%- endfor %}
# Port assignments for the VIPs
diff --git a/environments/predictable-placement/custom-hostnames.yaml b/environments/predictable-placement/custom-hostnames.yaml
new file mode 100644
index 00000000..0d9d520b
--- /dev/null
+++ b/environments/predictable-placement/custom-hostnames.yaml
@@ -0,0 +1,33 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Custom Hostnames
+# description: |
+# Hostname format for each role
+# Note %index% is translated into the index of the node, e.g 0/1/2 etc
+# and %stackname% is replaced with OS::stack_name in the template below.
+# If you want to use the heat generated names, pass '' (empty string).
+parameter_defaults:
+ # Format for BlockStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ BlockStorageHostnameFormat: '%stackname%-blockstorage-%index%'
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # Format for ObjectStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ObjectStorageHostnameFormat: '%stackname%-objectstorage-%index%'
+
diff --git a/environments/services-docker/manila.yaml b/environments/services-docker/manila.yaml
index 6f7608c1..795309f6 100644
--- a/environments/services-docker/manila.yaml
+++ b/environments/services-docker/manila.yaml
@@ -1,2 +1,3 @@
resource_registry:
OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml
diff --git a/environments/services-docker/sahara.yaml b/environments/services-docker/sahara.yaml
new file mode 100644
index 00000000..d0bf9fe1
--- /dev/null
+++ b/environments/services-docker/sahara.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml
diff --git a/environments/services-docker/sensu-client.yaml b/environments/services-docker/sensu-client.yaml
new file mode 100644
index 00000000..c03104d2
--- /dev/null
+++ b/environments/services-docker/sensu-client.yaml
@@ -0,0 +1,3 @@
+
+resource_registry:
+ OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 44432210..92b696b7 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -100,9 +100,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 5ac2918b..c879ff94 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -100,9 +100,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
- PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
+ PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 3f1bd04e..84cabf10 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -100,9 +100,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
- PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
+ PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
diff --git a/extraconfig/pre_network/ansible_host_config.ansible b/extraconfig/pre_network/ansible_host_config.yaml
index c126c1a1..f4f1a14a 100644
--- a/extraconfig/pre_network/ansible_host_config.ansible
+++ b/extraconfig/pre_network/ansible_host_config.yaml
@@ -28,8 +28,8 @@
lineinfile:
dest: /etc/tuned/cpu-partitioning-variables.conf
regexp: '^isolated_cores=.*'
- line: 'isolated_cores={{ _HOST_CPUS_LIST_ }}'
- when: _HOST_CPUS_LIST_|default("") != ""
+ line: 'isolated_cores={{ _TUNED_CORES_ }}'
+ when: _TUNED_CORES_|default("") != ""
- name: Tune-d provile activation
shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }}
@@ -52,7 +52,7 @@
when:
- item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo"
# This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage)
- # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4']['address'] is undefined
- - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4']['address'] is undefined
+ # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4'] is undefined
+ - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4'] is undefined
with_items:
- "{{ ifcfg_files.files }}"
diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
index 658fea77..41d8f4f6 100644
--- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
@@ -7,6 +7,9 @@ description: >
parameters:
server:
type: string
+ # Deprecated Parameters, these configuration are deprecated in favor or role-specific parameters.
+ # Use: extraconfig/pre_network/host_config_and_reboot.yaml.
+ # Deprecated in Pike and will be removed in Queens.
{{role}}KernelArgs:
type: string
default: ""
@@ -17,6 +20,13 @@ parameters:
type: string
default: ""
+parameter_group:
+ - label: deprecated
+ parameters:
+ - {{role}}KernelArgs
+ - {{role}}TunedProfileName
+ - {{role}}HostCpusList
+
conditions:
param_exists:
or:
diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
new file mode 100644
index 00000000..74e716ad
--- /dev/null
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -0,0 +1,85 @@
+heat_template_version: pike
+
+description: >
+ All configurations which require reboot should be initiated via PreNetworkConfig. After
+ this configuration is completed, the corresponding node will be rebooted.
+
+parameters:
+ server:
+ type: string
+ RoleParameters:
+ type: json
+ description: Role Specific parameters
+ default: {}
+
+conditions:
+ is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
+
+resources:
+ HostParametersConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_host_config_required
+ properties:
+ group: ansible
+ inputs:
+ - name: _KERNEL_ARGS_
+ - name: _TUNED_PROFILE_NAME_
+ - name: _TUNED_CORES_
+ outputs:
+ - name: result
+ config:
+ get_file: ansible_host_config.yaml
+
+ HostParametersDeployment:
+ type: OS::Heat::SoftwareDeployment
+ condition: is_host_config_required
+ properties:
+ name: HostParametersDeployment
+ server: {get_param: server}
+ config: {get_resource: HostParametersConfig}
+ actions: ['CREATE'] # Only do this on CREATE
+ input_values:
+ _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
+ _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
+ _TUNED_CORES_: {get_param: [RoleParameters, HostIsolatedCoreList]}
+
+ RebootConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_host_config_required
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ # Stop os-collect-config to avoid any race collecting another
+ # deployment before reboot happens
+ systemctl stop os-collect-config.service
+ /sbin/reboot
+
+ RebootDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: HostParametersDeployment
+ condition: is_host_config_required
+ properties:
+ name: RebootDeployment
+ server: {get_param: server}
+ config: {get_resource: RebootConfig}
+ actions: ['CREATE'] # Only do this on CREATE
+ signal_transport: NO_SIGNAL
+
+outputs:
+ result:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, result]
+ stdout:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_stdout]
+ stderr:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_stderr]
+ status_code:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_status_code]
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index f5f2b97e..ece40085 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -134,7 +134,7 @@ Panko:
net_param: Public
Admin:
net_param: PankoApi
- port: 8779
+ port: 8977
Cinder:
Internal:
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index 4509bca9..42d1fbd0 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -117,9 +117,9 @@ parameters:
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
- PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS}
- PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS}
- PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS}
+ PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
+ PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
+ PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index ee192750..0dc93f5c 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -264,6 +264,7 @@ resource_registry:
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
+ OS::TripleO::Services::Iscsid: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index f8655b18..c7db59f8 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -446,6 +446,7 @@ resources:
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
+ RoleParameters: {get_param: {{role.name}}Parameters}
{% endfor %}
{% for role in roles %}
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 60ddeb8a..08bc03a5 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -139,6 +139,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -372,6 +376,7 @@ resources:
type: OS::TripleO::BlockStorage::PreNetworkConfig
properties:
server: {get_resource: BlockStorage}
+ RoleParameters: {get_param: RoleParameters}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -466,6 +471,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 9d30ab29..3f596423 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -145,6 +145,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -378,6 +382,7 @@ resources:
type: OS::TripleO::CephStorage::PreNetworkConfig
properties:
server: {get_resource: CephStorage}
+ RoleParameters: {get_param: RoleParameters}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -471,6 +476,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 06a31ec9..8a3c487a 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -157,6 +157,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -381,6 +385,7 @@ resources:
type: OS::TripleO::Compute::PreNetworkConfig
properties:
server: {get_resource: NovaCompute}
+ RoleParameters: {get_param: RoleParameters}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@@ -479,6 +484,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index cccfdef1..6bc23669 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -171,6 +171,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
parameter_groups:
- label: deprecated
@@ -401,6 +405,7 @@ resources:
type: OS::TripleO::Controller::PreNetworkConfig
properties:
server: {get_resource: Controller}
+ RoleParameters: {get_param: RoleParameters}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
@@ -541,6 +546,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 19ea1b65..c35bb250 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -139,6 +139,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -372,6 +376,7 @@ resources:
type: OS::TripleO::ObjectStorage::PreNetworkConfig
properties:
server: {get_resource: SwiftStorage}
+ RoleParameters: {get_param: RoleParameters}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -451,6 +456,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 7af90e24..b7f47594 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -161,6 +161,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -394,6 +398,7 @@ resources:
type: OS::TripleO::{{role}}::PreNetworkConfig
properties:
server: {get_resource: {{role}}}
+ RoleParameters: {get_param: RoleParameters}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -493,6 +498,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml
index a201134c..c0bffb18 100644
--- a/puppet/services/cinder-backend-dellsc.yaml
+++ b/puppet/services/cinder-backend-dellsc.yaml
@@ -61,6 +61,9 @@ parameters:
CinderDellScSecondaryScApiPort:
type: number
default: 3033
+ CinderDellScExcludedDomainIp:
+ type: string
+ default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -105,5 +108,6 @@ outputs:
cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin}
cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword}
cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort}
+ cinder::backend::dellsc_iscsi::excluded_domain_ip: {get_param: CinderDellScExcludedDomainIp}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
index bddc8e1a..fbde4c0a 100644
--- a/puppet/services/cinder-backend-netapp.yaml
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -93,6 +93,12 @@ parameters:
CinderNetappWebservicePath:
type: string
default: '/devmgr/v2'
+ CinderNetappNasSecureFileOperations:
+ type: string
+ default: 'false'
+ CinderNetappNasSecureFilePermissions:
+ type: string
+ default: 'false'
# DEPRECATED options for compatibility with older versions
CinderNetappEseriesHostType:
type: string
@@ -133,5 +139,7 @@ outputs:
cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+ cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations}
+ cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index fe95222b..1f8c345d 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -40,6 +40,20 @@ parameters:
NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true.
type: comma_delimited_list
+ CinderNasSecureFileOperations:
+ default: false
+ description: >
+ Controls whether security enhanced NFS file operations are enabled.
+ Valid values are 'auto', 'true' or 'false'. Effective when
+ CinderEnableNfsBackend is true.
+ type: string
+ CinderNasSecureFilePermissions:
+ default: false
+ description: >
+ Controls whether security enhanced NFS file permissions are enabled.
+ Valid values are 'auto', 'true' or 'false'. Effective when
+ CinderEnableNfsBackend is true.
+ type: string
CinderRbdPoolName:
default: volumes
type: string
@@ -105,6 +119,8 @@ outputs:
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 93bced8b..092d0720 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -55,7 +55,7 @@ parameters:
HorizonSecureCookies:
description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
type: boolean
- default: true
+ default: false
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index f3a9cbc4..af494016 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -113,10 +113,23 @@ parameters:
description: The second Keystone credential key. Must be a valid key.
KeystoneFernetKey0:
type: string
- description: The first Keystone fernet key. Must be a valid key.
+ default: ''
+ description: (DEPRECATED) The first Keystone fernet key. Must be a valid key.
KeystoneFernetKey1:
type: string
- description: The second Keystone fernet key. Must be a valid key.
+ default: ''
+ description: (DEPRECATED) The second Keystone fernet key. Must be a valid key.
+ KeystoneFernetKeys:
+ type: json
+ description: Mapping containing keystone's fernet keys and their paths.
+ ManageKeystoneFernetKeys:
+ type: boolean
+ default: true
+ description: Whether TripleO should manage the keystone fernet keys or not.
+ If set to true, the fernet keys will get the values from the
+ saved keys repository in mistral (the KeystoneFernetKeys
+ variable). If set to false, only the stack creation
+ initializes the keys, but subsequent updates won't touch them.
KeystoneLoggingSource:
type: json
default:
@@ -187,6 +200,17 @@ parameters:
default: {}
hidden: true
+parameter_groups:
+- label: deprecated
+ description: |
+ The following parameters are deprecated and will be removed. They should not
+ be relied on for new deployments. If you have concerns regarding deprecated
+ parameters, please contact the TripleO development team on IRC or the
+ OpenStack mailing list.
+ parameters:
+ - KeystoneFernetKey0
+ - KeystoneFernetKey1
+
resources:
ApacheServiceBase:
@@ -241,12 +265,8 @@ outputs:
content: {get_param: KeystoneCredential0}
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
- keystone::fernet_keys:
- '/etc/keystone/fernet-keys/0':
- content: {get_param: KeystoneFernetKey0}
- '/etc/keystone/fernet-keys/1':
- content: {get_param: KeystoneFernetKey1}
- keystone::fernet_replace_keys: false
+ keystone::fernet_keys: {get_param: KeystoneFernetKeys}
+ keystone::fernet_replace_keys: {get_param: ManageKeystoneFernetKeys}
keystone::debug:
if:
- service_debug_unset
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
index c124d1e6..090640ed 100644
--- a/puppet/services/neutron-sriov-agent.yaml
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -65,6 +65,24 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings
+ neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices
+ tripleo::host::sriov::number_of_vfs: NeutronSriovNumVFs
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings}
+ NeutronExcludeDevices: {get_param: NeutronExcludeDevices}
+ NeutronSriovNumVFs: {get_param: NeutronSriovNumVFs}
+
outputs:
role_data:
description: Role data for the Neutron SR-IOV nic agent service.
@@ -73,8 +91,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
- neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
- tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ - get_attr: [RoleParametersValue, value]
step_config: |
include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index a41e34f7..0289b7a7 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -84,8 +84,8 @@ outputs:
tripleo.panko_api.firewall_rules:
'140 panko-api':
dport:
- - 8779
- - 13779
+ - 8977
+ - 13977
panko::api::host:
str_replace:
template:
diff --git a/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
new file mode 100644
index 00000000..64a4d7e7
--- /dev/null
+++ b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - This introduces the ManageKeystoneFernetKeys parameter, which tells
+ heat/puppet if it should replace the existing fernet keys on a stack
+ deployment or not. This is useful if the deployer wants to do key rotations
+ out of band.
diff --git a/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml
new file mode 100644
index 00000000..1e2673f1
--- /dev/null
+++ b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml
@@ -0,0 +1,10 @@
+---
+features:
+ - The KeystoneFernetKeys parameter was introduced, which is able to take any
+ amount of keys as long as it's in the right format. It's generated by the
+ same mechanism as the rest of the passwords; so it's value is also
+ available via mistral's "password" environment variable. This will also
+ allow for rotations to be made via mistral and via stack updates.
+deprecations:
+ - The individual keystone fernet key parameters (KeystoneFernetKey0 and
+ KeystoneFernetKey1) were deprecated in favor of KeystoneFernetKeys.
diff --git a/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
new file mode 100644
index 00000000..73b9f9c9
--- /dev/null
+++ b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add parameters to control the Cinder NAS security settings associated
+ with the NFS and NetApp Cinder back ends. The settings are disabled
+ by default.
diff --git a/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml
new file mode 100644
index 00000000..353d16db
--- /dev/null
+++ b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - Changed panko api port to run on 8977 instead of 8779. 8779 is reserved
+ for trove. Hence changing to avoid conflicts.
diff --git a/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml
new file mode 100644
index 00000000..95e9260b
--- /dev/null
+++ b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - PreNetworkConfig is modified to support role-specific parameters.
+upgrade:
+ - PreNetworkConfig takes a new parameter, RoleParameters. All the templates
+ associated with PreNetworkConfig should add this new parameter during
+ upgrade.
+deprecations:
+ - Parameters {{role}}KernelArgs, {{role}}TunedProfileName and
+ {{role}}HostCpusList are deprecated. Alternatively, role-specific
+ parameter support has been added with the same names.
diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml
index 16873fd1..b0117400 100644
--- a/roles/BlockStorage.yaml
+++ b/roles/BlockStorage.yaml
@@ -16,6 +16,7 @@
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
diff --git a/roles/Compute.yaml b/roles/Compute.yaml
index d6bd1f3c..75a6f608 100644
--- a/roles/Compute.yaml
+++ b/roles/Compute.yaml
@@ -25,6 +25,7 @@
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
index cccb75af..b0a13138 100644
--- a/roles/Controller.yaml
+++ b/roles/Controller.yaml
@@ -63,6 +63,7 @@
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
index 0a9bcadf..bcdedc71 100644
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@@ -19,6 +19,7 @@
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MistralApi
diff --git a/roles_data.yaml b/roles_data.yaml
index 23f8d19a..f96e5625 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -66,6 +66,7 @@
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
@@ -154,6 +155,7 @@
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
@@ -189,6 +191,7 @@
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index d6a30a1e..50083ce4 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -22,6 +22,7 @@
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MistralApi
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst
new file mode 100644
index 00000000..71e9810a
--- /dev/null
+++ b/sample-env-generator/README.rst
@@ -0,0 +1,149 @@
+Sample Environment Generator
+----------------------------
+
+This is a tool to automate the generation of our sample environment
+files. It takes a yaml file as input, and based on the environments
+defined in that file generates a number of sample environment files
+from the parameters in the Heat templates.
+
+Usage
+=====
+
+The simplest case is when an existing sample environment needs to be
+updated to reflect changes in the templates. Use the tox ``genconfig``
+target to do this::
+
+ tox -e genconfig
+
+.. note:: The tool should be run from the root directory of the
+ ``tripleo-heat-templates`` project.
+
+If a new sample environment is needed, it should be added to the
+``sample-env-generator/sample-environments.yaml`` file. The existing
+entries in the file can be used as examples, and a more detailed
+explanation of the different available keys is below:
+
+- **name**: the output file will be this name + .yaml, in the
+ ``environments`` directory.
+- **title**: a human-readable title for the environment.
+- **description**: A description of the environment. Will be included
+ as a comment at the top of the sample file.
+- **files**: The Heat templates containing the parameter definitions
+ for the environment. Should be specified as a path relative to the
+ root of the ``tripleo-heat-templates`` project. For example:
+ ``puppet/extraconfig/tls/tls-cert-inject.yaml:``. Each filename
+ should be a YAML dictionary that contains a ``parameters`` entry.
+- **parameters**: There should be one ``parameters`` entry per file in the
+ ``files`` section (see the example configuration below).
+ This can be either a list of parameters related to
+ the environment, which is necessary for templates like
+ overcloud.yaml, or the string 'all', which indicates that all
+ parameters from the file should be included.
+- **static**: Can be used to specify that certain parameters must
+ not be changed. Examples would be the EnableSomething params
+ in the templates. When writing a sample config for Something,
+ ``EnableSomething: True`` would be a static param, since it
+ would be nonsense to include the environment with it set to any other
+ value.
+- **sample_values**: Sometimes it is useful to include a sample value
+ for a parameter that is not the parameter's actual default.
+ An example of this is the SSLCertificate param in the enable-tls
+ environment file.
+- **resource_registry**: Many environments also need to pass
+ resource_registry entries when they are used. This can be used
+ to specify that in the configuration file.
+
+Some behavioral notes:
+
+- Parameters without default values will be marked as mandatory to indicate
+ that the user must set a value for them.
+- It is no longer recommended to set parameters using the ``parameters``
+ section. Instead, all parameters should be set as ``parameter_defaults``
+ which will work regardless of whether the parameter is top-level or nested.
+ Therefore, the tool will always set parameters in the ``parameter_defaults``
+ section.
+- Parameters whose name begins with the _ character are treated as private.
+ This indicates that the parameter value will be passed in from another
+ template and does not need to be exposed directly to the user.
+
+If adding a new environment, don't forget to add the new file to the
+git repository so it will be included with the review.
+
+Example
+=======
+
+Given a Heat template named ``example.yaml`` that looks like::
+
+ parameters:
+ EnableExample:
+ default: False
+ description: Enable the example feature
+ type: boolean
+ ParamOne:
+ default: one
+ description: First example param
+ type: string
+ ParamTwo:
+ description: Second example param
+ type: number
+ _PrivateParam:
+ default: does not matter
+ description: Will not show up
+ type: string
+
+And an environment generator entry that looks like::
+
+ environments:
+ -
+ name: example
+ title: Example Environment
+ description: |
+ An example environment demonstrating how to use the sample
+ environment generator. This text will be included at the top
+ of the generated file as a comment.
+ files:
+ example.yaml:
+ parameters: all
+ sample_values:
+ EnableExample: True
+ static:
+ - EnableExample
+ resource_registry:
+ OS::TripleO::ExampleData: ../extraconfig/example.yaml
+
+The generated environment file would look like::
+
+ # *******************************************************************
+ # This file was created automatically by the sample environment
+ # generator. Developers should use `tox -e genconfig` to update it.
+ # Users are recommended to make changes to a copy of the file instead
+ # of the original, if any customizations are needed.
+ # *******************************************************************
+ # title: Example Environment
+ # description: |
+ # An example environment demonstrating how to use the sample
+ # environment generator. This text will be included at the top
+ # of the generated file as a comment.
+ parameter_defaults:
+ # First example param
+ # Type: string
+ ParamOne: one
+
+ # Second example param
+ # Mandatory. This parameter must be set by the user.
+ # Type: number
+ ParamTwo: <None>
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Enable the example feature
+ # Type: boolean
+ EnableExample: True
+
+ # *********************
+ # End static parameters
+ # *********************
+ resource_registry:
+ OS::TripleO::ExampleData: ../extraconfig/example.yaml
diff --git a/sample-env-generator/sample-environments.yaml b/sample-env-generator/sample-environments.yaml
new file mode 100644
index 00000000..ffda7aca
--- /dev/null
+++ b/sample-env-generator/sample-environments.yaml
@@ -0,0 +1,17 @@
+environments:
+ -
+ name: predictable-placement/custom-hostnames
+ title: Custom Hostnames
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - BlockStorageHostnameFormat
+ - ObjectStorageHostnameFormat
+ - CephStorageHostnameFormat
+ description: |
+ Hostname format for each role
+ Note %index% is translated into the index of the node, e.g 0/1/2 etc
+ and %stackname% is replaced with OS::stack_name in the template below.
+ If you want to use the heat generated names, pass '' (empty string).
diff --git a/test-requirements.txt b/test-requirements.txt
index 76f03d75..df5af85d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,3 +7,11 @@ six>=1.9.0 # MIT
sphinx!=1.6.1,>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
reno!=2.3.1,>=1.8.0 # Apache-2.0
+coverage>=4.0,!=4.4 # Apache-2.0
+fixtures>=3.0.0 # Apache-2.0/BSD
+python-subunit>=0.0.18 # Apache-2.0/BSD
+testrepository>=0.0.18 # Apache-2.0/BSD
+testscenarios>=0.4 # Apache-2.0/BSD
+testtools>=1.4.0 # MIT
+mock>=2.0 # BSD
+oslotest>=1.10.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index b92e5456..74f1b5f6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,12 +1,14 @@
[tox]
minversion = 1.6
skipsdist = True
+envlist = py35,py27,pep8
[testenv]
usedevelop = True
install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
+commands = python setup.py testr --slowest --testr-args='{posargs}'
[testenv:venv]
commands = {posargs}
@@ -22,3 +24,11 @@ commands = python ./tools/process-templates.py
[testenv:releasenotes]
commands = bash -c tools/releasenotes_tox.sh
+
+[testenv:cover]
+commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_templates --testr-args='{posargs}'
+
+[testenv:genconfig]
+commands =
+ python ./tools/process-templates.py
+ python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml
diff --git a/tripleo_heat_templates/__init__.py b/tripleo_heat_templates/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tripleo_heat_templates/__init__.py
diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py
new file mode 100755
index 00000000..e2f48720
--- /dev/null
+++ b/tripleo_heat_templates/environment_generator.py
@@ -0,0 +1,189 @@
+#!/usr/bin/env python
+
+# Copyright 2015 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import errno
+import os
+import sys
+import yaml
+
+
+_PARAM_FORMAT = u""" # %(description)s
+ %(mandatory)s# Type: %(type)s
+ %(name)s: %(default)s
+"""
+_STATIC_MESSAGE_START = (
+ ' # ******************************************************\n'
+ ' # Static parameters - these are values that must be\n'
+ ' # included in the environment but should not be changed.\n'
+ ' # ******************************************************\n'
+ )
+_STATIC_MESSAGE_END = (' # *********************\n'
+ ' # End static parameters\n'
+ ' # *********************\n'
+ )
+_FILE_HEADER = (
+ '# *******************************************************************\n'
+ '# This file was created automatically by the sample environment\n'
+ '# generator. Developers should use `tox -e genconfig` to update it.\n'
+ '# Users are recommended to make changes to a copy of the file instead\n'
+ '# of the original, if any customizations are needed.\n'
+ '# *******************************************************************\n'
+ )
+# Certain parameter names can't be changed, but shouldn't be shown because
+# they are never intended for direct user input.
+_PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex']
+
+
+def _create_output_dir(target_file):
+ try:
+ os.makedirs(os.path.dirname(target_file))
+ except OSError as e:
+ if e.errno == errno.EEXIST:
+ pass
+ else:
+ raise
+
+
+def _generate_environment(input_env, parent_env=None):
+ if parent_env is None:
+ parent_env = {}
+ env = dict(parent_env)
+ env.update(input_env)
+ parameter_defaults = {}
+ param_names = []
+ for template_file, template_data in env['files'].items():
+ with open(template_file) as f:
+ f_data = yaml.safe_load(f)
+ f_params = f_data['parameters']
+ parameter_defaults.update(f_params)
+ if template_data['parameters'] == 'all':
+ new_names = [k for k, v in f_params.items()]
+ else:
+ new_names = template_data['parameters']
+ missing_params = [name for name in new_names
+ if name not in f_params]
+ if missing_params:
+ raise RuntimeError('Did not find specified parameter names %s '
+ 'in file %s for environment %s' %
+ (missing_params, template_file,
+ env['name']))
+ param_names += new_names
+
+ static_names = env.get('static', [])
+ static_defaults = {k: v for k, v in parameter_defaults.items()
+ if k in param_names and
+ k in static_names
+ }
+ parameter_defaults = {k: v for k, v in parameter_defaults.items()
+ if k in param_names and
+ k not in _PRIVATE_OVERRIDES and
+ not k.startswith('_') and
+ k not in static_names
+ }
+ for k, v in env.get('sample_values', {}).items():
+ if k in parameter_defaults:
+ parameter_defaults[k]['sample'] = v
+ if k in static_defaults:
+ static_defaults[k]['sample'] = v
+
+ def write_sample_entry(f, name, value):
+ default = value.get('default')
+ mandatory = ''
+ if default is None:
+ mandatory = ('# Mandatory. This parameter must be set by the '
+ 'user.\n ')
+ default = '<None>'
+ if value.get('sample') is not None:
+ default = value['sample']
+ if default == '':
+ default = "''"
+ try:
+ # If the default value is something like %index%, yaml won't
+ # parse the output correctly unless we wrap it in quotes.
+ # However, not all default values can be wrapped so we need to
+ # do it conditionally.
+ if default.startswith('%'):
+ default = "'%s'" % default
+ except AttributeError:
+ pass
+
+ values = {'name': name,
+ 'type': value['type'],
+ 'description':
+ value.get('description', '').rstrip().replace('\n',
+ '\n # '),
+ 'default': default,
+ 'mandatory': mandatory,
+ }
+ f.write(_PARAM_FORMAT % values + '\n')
+
+ target_file = os.path.join('environments', env['name'] + '.yaml')
+ _create_output_dir(target_file)
+ with open(target_file, 'w') as env_file:
+ env_file.write(_FILE_HEADER)
+ # TODO(bnemec): Once Heat allows the title and description to live in
+ # the environment itself, uncomment these entries and make them
+ # top-level keys in the YAML.
+ env_title = env.get('title', '')
+ env_file.write(u'# title: %s\n' % env_title)
+ env_desc = env.get('description', '')
+ env_file.write(u'# description: |\n')
+ for line in env_desc.splitlines():
+ env_file.write(u'# %s\n' % line)
+
+ if parameter_defaults:
+ env_file.write(u'parameter_defaults:\n')
+ for name, value in sorted(parameter_defaults.items()):
+ write_sample_entry(env_file, name, value)
+ if static_defaults:
+ env_file.write(_STATIC_MESSAGE_START)
+ for name, value in sorted(static_defaults.items()):
+ write_sample_entry(env_file, name, value)
+ if static_defaults:
+ env_file.write(_STATIC_MESSAGE_END)
+
+ if env.get('resource_registry'):
+ env_file.write(u'resource_registry:\n')
+ for res, value in sorted(env.get('resource_registry', {}).items()):
+ env_file.write(u' %s: %s\n' % (res, value))
+ print('Wrote sample environment "%s"' % target_file)
+
+ for e in env.get('children', []):
+ _generate_environment(e, env)
+
+
+def generate_environments(config_file):
+ with open(config_file) as f:
+ config = yaml.safe_load(f)
+ for env in config['environments']:
+ _generate_environment(env)
+
+
+def usage(exit_code=1):
+ print('Usage: %s <filename.yaml>' % sys.argv[0])
+ sys.exit(exit_code)
+
+
+def main():
+ try:
+ config_file = sys.argv[1]
+ except IndexError:
+ usage()
+ generate_environments(config_file)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/tripleo_heat_templates/tests/__init__.py b/tripleo_heat_templates/tests/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tripleo_heat_templates/tests/__init__.py
diff --git a/tripleo_heat_templates/tests/test_environment_generator.py b/tripleo_heat_templates/tests/test_environment_generator.py
new file mode 100644
index 00000000..d0a622da
--- /dev/null
+++ b/tripleo_heat_templates/tests/test_environment_generator.py
@@ -0,0 +1,396 @@
+# Copyright 2015 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import io
+import tempfile
+
+import mock
+from oslotest import base
+import six
+import testscenarios
+
+from tripleo_heat_templates import environment_generator
+
+load_tests = testscenarios.load_tests_apply_scenarios
+
+basic_template = '''
+parameters:
+ FooParam:
+ default: foo
+ description: Foo description
+ type: string
+ BarParam:
+ default: 42
+ description: Bar description
+ type: number
+resources:
+ # None
+'''
+basic_private_template = '''
+parameters:
+ FooParam:
+ default: foo
+ description: Foo description
+ type: string
+ _BarParam:
+ default: 42
+ description: Bar description
+ type: number
+resources:
+ # None
+'''
+mandatory_template = '''
+parameters:
+ FooParam:
+ description: Mandatory param
+ type: string
+resources:
+ # None
+'''
+index_template = '''
+parameters:
+ FooParam:
+ description: Param with %index% as its default
+ type: string
+ default: '%index%'
+resources:
+ # None
+'''
+multiline_template = '''
+parameters:
+ FooParam:
+ description: |
+ Parameter with
+ multi-line description
+ type: string
+ default: ''
+resources:
+ # None
+'''
+
+
+class GeneratorTestCase(base.BaseTestCase):
+ content_scenarios = [
+ ('basic',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('basic-one-param',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters:
+ - FooParam
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('basic-static-param',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ static:
+ - BarParam
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # *********************
+ # End static parameters
+ # *********************
+''',
+ }),
+ ('basic-static-param-sample',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ static:
+ - BarParam
+ sample_values:
+ BarParam: 1
+ FooParam: ''
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: ''
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Bar description
+ # Type: number
+ BarParam: 1
+
+ # *********************
+ # End static parameters
+ # *********************
+''',
+ }),
+ ('basic-private',
+ {'template': basic_private_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('mandatory',
+ {'template': mandatory_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Mandatory param
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ FooParam: <None>
+
+''',
+ }),
+ ('basic-sample',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ sample_values:
+ FooParam: baz
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: baz
+
+''',
+ }),
+ ('basic-resource-registry',
+ {'template': basic_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ resource_registry:
+ OS::TripleO::FakeResource: fake-filename.yaml
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+resource_registry:
+ OS::TripleO::FakeResource: fake-filename.yaml
+''',
+ }),
+ ('missing-param',
+ {'template': basic_template,
+ 'exception': RuntimeError,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters:
+ - SomethingNonexistent
+''',
+ 'expected_output': None,
+ }),
+ ('percent-index',
+ {'template': index_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Param with %index% as its default
+ # Type: string
+ FooParam: '%index%'
+
+''',
+ }),
+ ('multi-line-desc',
+ {'template': multiline_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Parameter with
+ # multi-line description
+ # Type: string
+ FooParam: ''
+
+''',
+ }),
+ ]
+
+ @classmethod
+ def generate_scenarios(cls):
+ cls.scenarios = testscenarios.multiply_scenarios(
+ cls.content_scenarios)
+
+ def test_generator(self):
+ fake_input = io.StringIO(six.text_type(self.input_file))
+ fake_template = io.StringIO(six.text_type(self.template))
+ _, fake_output_path = tempfile.mkstemp()
+ fake_output = open(fake_output_path, 'w')
+ with mock.patch('tripleo_heat_templates.environment_generator.open',
+ create=True) as mock_open:
+ mock_open.side_effect = [fake_input, fake_template, fake_output]
+ if not self.exception:
+ environment_generator.generate_environments('ignored.yaml')
+ else:
+ self.assertRaises(self.exception,
+ environment_generator.generate_environments,
+ 'ignored.yaml')
+ return
+ expected = environment_generator._FILE_HEADER + self.expected_output
+ with open(fake_output_path) as f:
+ self.assertEqual(expected, f.read())
+
+GeneratorTestCase.generate_scenarios()