aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.rst2
-rw-r--r--capabilities-map.yaml54
-rw-r--r--ci/environments/scenario001-multinode.yaml4
-rw-r--r--ci/environments/scenario002-multinode.yaml2
-rw-r--r--ci/environments/scenario003-multinode.yaml2
-rw-r--r--ci/environments/scenario004-multinode.yaml2
-rw-r--r--ci/scripts/freeipa_setup.sh28
-rw-r--r--docker/post.j2.yaml6
-rw-r--r--environments/cinder-scaleio-config.yaml35
-rw-r--r--environments/enable_congress.yaml2
-rw-r--r--environments/host-config-pre-network.j2.yaml6
-rw-r--r--environments/neutron-ml2-ovn.yaml8
-rw-r--r--environments/puppet-ceph.yaml12
-rw-r--r--environments/tls-endpoints-public-dns.yaml3
-rw-r--r--environments/tls-endpoints-public-ip.yaml3
-rw-r--r--environments/tls-everywhere-endpoints-dns.yaml3
-rw-r--r--network/endpoints/endpoint_data.yaml9
-rw-r--r--network/endpoints/endpoint_map.yaml246
-rw-r--r--network/service_net_map.j2.yaml1
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--puppet/services/aodh-base.yaml2
-rw-r--r--puppet/services/barbican-api.yaml2
-rw-r--r--puppet/services/ceilometer-base.yaml2
-rw-r--r--puppet/services/ceph-rgw.yaml2
-rw-r--r--puppet/services/cinder-api.yaml2
-rw-r--r--puppet/services/cinder-backend-scaleio.yaml111
-rw-r--r--puppet/services/cinder-volume.yaml3
-rw-r--r--puppet/services/congress.yaml90
-rw-r--r--puppet/services/ec2-api.yaml2
-rw-r--r--puppet/services/glance-api.yaml5
-rw-r--r--puppet/services/gnocchi-api.yaml4
-rw-r--r--puppet/services/heat-base.yaml2
-rw-r--r--puppet/services/heat-engine.yaml3
-rw-r--r--puppet/services/ironic-api.yaml2
-rw-r--r--puppet/services/ironic-conductor.yaml3
-rw-r--r--puppet/services/keystone.yaml3
-rw-r--r--puppet/services/logging/fluentd-client.yaml9
-rw-r--r--puppet/services/manila-api.yaml2
-rw-r--r--puppet/services/manila-share.yaml2
-rw-r--r--puppet/services/memcached.yaml7
-rw-r--r--puppet/services/metrics/collectd.yaml9
-rw-r--r--puppet/services/mistral-base.yaml2
-rw-r--r--puppet/services/monitoring/sensu-client.yaml9
-rw-r--r--puppet/services/neutron-api.yaml5
-rw-r--r--puppet/services/neutron-compute-plugin-ovn.yaml13
-rw-r--r--puppet/services/neutron-metadata.yaml2
-rw-r--r--puppet/services/neutron-plugin-ml2-ovn.yaml20
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml2
-rw-r--r--puppet/services/nova-api.yaml2
-rw-r--r--puppet/services/nova-base.yaml9
-rw-r--r--puppet/services/nova-ironic.yaml8
-rw-r--r--puppet/services/nova-placement.yaml8
-rw-r--r--puppet/services/octavia-api.yaml2
-rw-r--r--puppet/services/panko-base.yaml2
-rw-r--r--puppet/services/sahara-base.yaml2
-rw-r--r--puppet/services/swift-proxy.yaml2
-rw-r--r--puppet/services/zaqar.yaml2
-rw-r--r--releasenotes/notes/6.0.0-b52a14a71fc62788.yaml44
-rw-r--r--releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml9
-rw-r--r--releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml7
-rw-r--r--roles_data.yaml1
-rw-r--r--test-requirements.txt2
62 files changed, 759 insertions, 90 deletions
diff --git a/README.rst b/README.rst
index 44da496a..b0b7ceb0 100644
--- a/README.rst
+++ b/README.rst
@@ -122,3 +122,5 @@ and should be executed according to the following table:
+----------------+-------------+-------------+-------------+-------------+-----------------+
| tacker | X | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+
+| congress | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index b2b424b1..cc22ff92 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -437,32 +437,66 @@ topics:
title: Cinder iSER backend
description: >
Enable a Cinder iSER RDMA backend, configured via puppet
+ - file: environments/cinder-scaleio-config.yaml
+ title: Cinder Dell EMC ScaleIO backend
+ description: >
+ Enables a Cinder Dell EMC ScaleIO backend,
+ configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Externally managed Ceph
+ - title: Ceph
description: >
- Enable the use of an externally managed Ceph cluster
+ Enable the use of Ceph in the overcloud
environments:
- file: environments/puppet-ceph-external.yaml
title: Externally managed Ceph
- description:
+ description: >
+ Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/puppet-ceph.yaml
+ title: TripleO managed Ceph
+ description: >
+ Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
+ use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
+ colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Ceph Devel
+ - title: CephMDS
description: >
- Enable a Ceph storage cluster using the controller and 2 ceph nodes.
- Rbd backends are enabled for Cinder, Glance, and Nova.
+ Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
+ filesystems hosted in Ceph.
environments:
- - file: environments/puppet-ceph-devel.yaml
- title: Ceph Devel
+ - file: environments/services/ceph-mds.yaml
+ title: Deploys CephMDS
description:
requires:
+ - environments/puppet-ceph.yaml
+ - title: Ceph Rados Gateway
+ description: >
+ Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
+ which stores data in the Ceph cluster.
+ environments:
+ - file: environments/ceph-radosgw.yaml
+ title: Deploys CephRGW
+ description:
+ requires:
+ - environments/puppet-ceph.yaml
+ - title: Manila with CephFS
+ description: >
+ Deploys Manila and configures it with the CephFS driver. This requires the deployment of
+ Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
+ environments:
+ - file: environments/manila-cephfsnative-config.yaml
+ title: Deploys Manila with CephFS driver
+ description: Deploys Manila and configures CephFS as its default backend.
+ requires:
- overcloud-resource-registry-puppet.yaml
- title: Storage Environment
description: >
Can be used to set up storage backends. Defaults to Ceph used as a
- backend for Cinder, Glance and Nova ephemeral storage. It configures
- for example which services will use Ceph, or if any of the services
+ backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
+ configures which services will use Ceph, or if any of the services
will use NFS. And more. Usually requires to be edited by user first.
tags:
- no-gui
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index 6ee5bad6..72e25704 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -7,6 +7,7 @@ resource_registry:
OS::TripleO::Services::PankoApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/panko-api.yaml
OS::TripleO::Services::Collectd: /usr/share/openstack-tripleo-heat-templates/puppet/services/metrics/collectd.yaml
OS::TripleO::Services::Tacker: /usr/share/openstack-tripleo-heat-templates/puppet/services/tacker.yaml
+ OS::TripleO::Services::Congress: /usr/share/openstack-tripleo-heat-templates/puppet/services/congress.yaml
parameter_defaults:
ControllerServices:
@@ -64,6 +65,9 @@ parameter_defaults:
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index e611c6f9..bf4721e2 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -47,6 +47,8 @@ parameter_defaults:
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml
index b26ee0a3..9167010c 100644
--- a/ci/environments/scenario003-multinode.yaml
+++ b/ci/environments/scenario003-multinode.yaml
@@ -43,6 +43,8 @@ parameter_defaults:
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index 5b253a84..87b10ca1 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -44,6 +44,8 @@ parameter_defaults:
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh
index a36493a1..a4a3d665 100644
--- a/ci/scripts/freeipa_setup.sh
+++ b/ci/scripts/freeipa_setup.sh
@@ -10,6 +10,9 @@
# - HostsSecret
# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning
# interface (which is hardcoded to eth1)
+# - UsingNovajoin: If unset, we pre-provision the service principals
+# needed for the overcloud deploy. If set, we skip this,
+# since novajoin will do it.
#
set -eux
@@ -19,6 +22,15 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then
source /tmp/freeipa-setup.env
fi
+export Hostname=${Hostname:-""}
+export FreeIPAIP=${FreeIPAIP:-""}
+export DirectoryManagerPassword=${DirectoryManagerPassword:-""}
+export AdminPassword=${AdminPassword:-""}
+export UndercloudFQDN=${UndercloudFQDN:-""}
+export HostsSecret=${HostsSecret:-""}
+export ProvisioningCIDR=${ProvisioningCIDR:-""}
+export UsingNovajoin=${UsingNovajoin:-""}
+
if [ -n "$ProvisioningCIDR" ]; then
# Add address to provisioning network interface
ip link set dev eth1 up
@@ -94,11 +106,13 @@ if [ "$?" = '1' ]; then
exit 1
fi
-# Create undercloud host
-ipa host-add $UndercloudFQDN --password=$HostsSecret --force
+if [ -z "$UsingNovajoin" ]; then
+ # Create undercloud host
+ ipa host-add $UndercloudFQDN --password=$HostsSecret --force
-# Create overcloud nodes and services
-git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
-cd freeipa-tripleo-incubator
-python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
- --controller-count 1 --compute-count 1
+ # Create overcloud nodes and services
+ git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
+ cd freeipa-tripleo-incubator
+ python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
+ --controller-count 1 --compute-count 1
+fi
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 865c74e5..dfa8ac2e 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -8,7 +8,6 @@ parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
-
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
@@ -19,6 +18,11 @@ parameters:
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
resources:
diff --git a/environments/cinder-scaleio-config.yaml b/environments/cinder-scaleio-config.yaml
new file mode 100644
index 00000000..cebd619c
--- /dev/null
+++ b/environments/cinder-scaleio-config.yaml
@@ -0,0 +1,35 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Cinder Dell EMC SacleIO backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendScaleIO: ../puppet/services/cinder-backend-scaleio.yaml
+
+parameter_defaults:
+ CinderEnableScaleIOBackend: true
+ CinderScaleIOBackendName: 'tripleo_scaleio'
+ CinderScaleIOSanIp: ''
+ CinderScaleIOSanLogin: ''
+ CinderScaleIOSanPassword: ''
+ CinderScaleIORestServerPort: '443'
+ CinderScaleIOVerifyServerCertificate: false
+ CinderScaleIOServerCertificatePath: ''
+ CinderScaleIOProtectionDomainName: 'domain1'
+ CinderScaleIOStoragePoolName: 'pool1'
+ CinderScaleIOStoragePools: 'domain1:pool1'
+ CinderScaleIORoundVolumeCapacity: true
+ CinderScaleIOUnmapVolumeBeforeDeletion: false
+ CinderScaleIOMaxOverSubscriptionRatio: ''
+ CinderScaleIOSanThinProvision: true
diff --git a/environments/enable_congress.yaml b/environments/enable_congress.yaml
new file mode 100644
index 00000000..1eea7f5e
--- /dev/null
+++ b/environments/enable_congress.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Congress: ../puppet/services/congress.yaml
diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml
index fe1302b5..c79e28b4 100644
--- a/environments/host-config-pre-network.j2.yaml
+++ b/environments/host-config-pre-network.j2.yaml
@@ -1,12 +1,12 @@
resource_registry:
# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc.,
-{% for role in roles %}
+{%- for role in roles -%}
{% if "Compute" in role.name %}
OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml
-{% endif %}
+{%- endif -%}
{% endfor %}
-parameter_defaults:
+#parameter_defaults:
# Sample parameters for Compute and ComputeOvsDpdk roles
#ComputeKernelArgs: ""
#ComputeTunedProfileName: ""
diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml
index 3da560c8..7483bdbb 100644
--- a/environments/neutron-ml2-ovn.yaml
+++ b/environments/neutron-ml2-ovn.yaml
@@ -3,6 +3,7 @@
resource_registry:
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
# Disabling Neutron services that overlap with OVN
@@ -12,11 +13,12 @@ resource_registry:
parameter_defaults:
NeutronMechanismDrivers: ovn
- OVNSouthboundServerPort: 6642
- OVNNorthboundServerPort: 6641
- OVNDbConnectionTimeout: 60
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
diff --git a/environments/puppet-ceph.yaml b/environments/puppet-ceph.yaml
new file mode 100644
index 00000000..57af540a
--- /dev/null
+++ b/environments/puppet-ceph.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+ OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml
+
+parameter_defaults:
+ CinderEnableIscsiBackend: false
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ NovaEnableRbdBackend: true
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 26b2f31a..1b666c5b 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -17,6 +17,9 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 3b8774e8..7311a1f9 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -17,6 +17,9 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 1640dcfb..e6608b57 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -17,6 +17,9 @@ parameter_defaults:
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index af537b0b..277bd676 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -157,6 +157,15 @@ Cinder:
V3: /v3/%(tenant_id)s
port: 8776
+Congress:
+ Internal:
+ net_param: CongressApi
+ Public:
+ net_param: Public
+ Admin:
+ net_param: CongressApi
+ port: 1789
+
Glance:
Internal:
net_param: GlanceApi
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index bd14fc1c..fecac0af 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -34,6 +34,9 @@ parameters:
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
+ CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
+ CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
+ CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS}
ContrailAnalyticsApiAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
ContrailAnalyticsApiInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
ContrailAnalyticsApiPublic: {protocol: http, port: '8081', host: IP_ADDRESS}
@@ -1852,6 +1855,249 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
+ CongressAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ port:
+ get_param: [EndpointMap, CongressAdmin, port]
+ protocol:
+ get_param: [EndpointMap, CongressAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressAdmin, port]
+ CongressInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ port:
+ get_param: [EndpointMap, CongressInternal, port]
+ protocol:
+ get_param: [EndpointMap, CongressInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressInternal, port]
+ CongressPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, CongressPublic, port]
+ protocol:
+ get_param: [EndpointMap, CongressPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressPublic, port]
ContrailAnalyticsApiAdmin:
host:
str_replace:
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index d01c89ab..a1042ebb 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -41,6 +41,7 @@ parameters:
MongodbNetwork: internal_api
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
+ CongressApiNetwork: internal_api
GlanceApiNetwork: storage
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 1e518595..a6b32ddb 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -129,6 +129,7 @@ resource_registry:
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::Congress: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 8648a971..f5ca329e 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -80,7 +80,7 @@ outputs:
aodh::keystone::authtoken::project_name: 'service'
aodh::keystone::authtoken::password: {get_param: AodhPassword}
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 186af1cc..239b6ca9 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -75,7 +75,7 @@ outputs:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
barbican::keystone::authtoken::project_name: 'service'
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::api::db_auto_create: false
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index a86a0cdf..17588dc6 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -102,7 +102,7 @@ outputs:
ceilometer::keystone::authtoken::project_name: 'service'
ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index 83339f2b..d7014e54 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -54,7 +54,7 @@ outputs:
- get_attr: [CephBase, role_data, config_settings]
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
- tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index bc5f080d..8c5a07ac 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -81,7 +81,7 @@ outputs:
- get_attr: [CinderBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
cinder::api::enable_proxy_headers_parsing: true
diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml
new file mode 100644
index 00000000..eb709cd5
--- /dev/null
+++ b/puppet/services/cinder-backend-scaleio.yaml
@@ -0,0 +1,111 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC ScaleIO backend
+
+parameters:
+ CinderEnableScaleIOBackend:
+ type: boolean
+ default: true
+ CinderScaleIOBackendName:
+ type: string
+ default: 'tripleo_scaleio'
+ CinderScaleIOSanIp:
+ type: string
+ default: ''
+ CinderScaleIOSanLogin:
+ type: string
+ default: ''
+ CinderScaleIOSanPassword:
+ type: string
+ default: ''
+ hidden: true
+ CinderScaleIORestServerPort:
+ type: number
+ default: 443
+ CinderScaleIOVerifyServerCertificate:
+ type: boolean
+ default: false
+ CinderScaleIOServerCertificatePath:
+ type: string
+ default: ''
+ CinderScaleIOProtectionDomainId:
+ type: string
+ default: ''
+ CinderScaleIOProtectionDomainName:
+ type: string
+ default: ''
+ CinderScaleIOStoragePoolId:
+ type: string
+ default: ''
+ CinderScaleIOStoragePoolName:
+ type: string
+ default: ''
+ CinderScaleIOStoragePools:
+ type: string
+ default: ''
+ CinderScaleIORoundVolumeCapacity:
+ type: boolean
+ default: true
+ CinderScaleIOUnmapVolumeBeforeDeletion:
+ type: boolean
+ default: false
+ CinderScaleIOMaxOverSubscriptionRatio:
+ type: string
+ default: ''
+ CinderScaleIOSanThinProvision:
+ type: boolean
+ default: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC ScaleIO backend.
+ value:
+ service_name: cinder_backend_scaleio
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_scaleio_backend: {get_param: CinderEnableScaleIOBackend}
+ cinder::backend::scaleio::volume_backend_name: {get_param: CinderScaleIOBackendName}
+ cinder::backend::scaleio::sio_login: {get_param: CinderScaleIOSanLogin}
+ cinder::backend::scaleio::sio_password: {get_param: CinderScaleIOSanPassword}
+ cinder::backend::scaleio::sio_server_hostname: {get_param: CinderScaleIOSanIp}
+ cinder::backend::scaleio::sio_server_port: {get_param: CinderScaleIORestServerPort}
+ cinder::backend::scaleio::sio_verify_server_certificate: {get_param: CinderScaleIOVerifyServerCertificate}
+ cinder::backend::scaleio::sio_server_certificate_path: {get_param: CinderScaleIOServerCertificatePath}
+ cinder::backend::scaleio::sio_protection_domain_name: {get_param: CinderScaleIOProtectionDomainName}
+ cinder::backend::scaleio::sio_protection_domain_id: {get_param: CinderScaleIOProtectionDomainId}
+ cinder::backend::scaleio::sio_storage_pool_id: {get_param: CinderScaleIOStoragePoolId}
+ cinder::backend::scaleio::sio_storage_pool_name: {get_param: CinderScaleIOStoragePoolName}
+ cinder::backend::scaleio::sio_storage_pools: {get_param: CinderScaleIOStoragePools}
+ cinder::backend::scaleio::sio_round_volume_capacity: {get_param: CinderScaleIORoundVolumeCapacity}
+ cinder::backend::scaleio::sio_unmap_volume_before_deletion: {get_param: CinderScaleIOUnmapVolumeBeforeDeletion}
+ cinder::backend::scaleio::sio_max_over_subscription_ratio: {get_param: CinderScaleIOMaxOverSubscriptionRatio}
+ cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOThinProvision}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index dd1d3833..3a06afb8 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -122,6 +122,3 @@ outputs:
- name: Stop cinder_volume service
tags: step2
service: name=openstack-cinder-volume state=stopped
- - name: Sync cinder_volume DB
- tags: step5
- command: cinder-manage db sync
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
new file mode 100644
index 00000000..1b82f55c
--- /dev/null
+++ b/puppet/services/congress.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Congress service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CongressPassword:
+ description: The password for the congress service account.
+ type: string
+ hidden: true
+ Debug:
+ type: string
+ default: ''
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Congress role.
+ value:
+ service_name: congress
+ config_settings:
+ congress_password: {get_param: CongressPassword}
+ congress::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://congress:'
+ - {get_param: CongressPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/congress'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ congress::keystone::auth::tenant: 'service'
+ congress::keystone::auth::password: {get_param: CongressPassword}
+ congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ congress::debug: {get_param: Debug}
+ congress::rpc_backend: rabbit
+ congress::rabbit_userid: {get_param: RabbitUserName}
+ congress::rabbit_password: {get_param: RabbitPassword}
+ congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ congress::rabbit_port: {get_param: RabbitClientPort}
+ congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
+
+ congress::db::mysql::password: {get_param: CongressPassword}
+ congress::db::mysql::user: congress
+ congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ congress::db::mysql::dbname: congress
+ congress::db::mysql::allowed_hosts:
+ - '%'
+ - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+
+
+ step_config: |
+ include ::tripleo::profile::base::congress
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
index 7049d773..002342b6 100644
--- a/puppet/services/ec2-api.yaml
+++ b/puppet/services/ec2-api.yaml
@@ -66,7 +66,7 @@ outputs:
ec2api::keystone::authtoken::project_name: 'service'
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ec2api::api::enabled: true
ec2api::package_manage: {get_param: EnablePackageInstall}
ec2api::api::ec2api_listen:
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index b49b29f7..c4f97d54 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -95,7 +95,7 @@ outputs:
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
@@ -147,6 +147,3 @@ outputs:
- name: Stop and disable glance registry (removed for Ocata)
tags: step2
service: name=openstack-glance-registry state=stopped enabled=no
- - name: Sync glance_api DB
- tags: step5
- command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 23fcb2f6..22c0967e 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -84,7 +84,7 @@ outputs:
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::api::service_name: 'httpd'
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
@@ -105,7 +105,7 @@ outputs:
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 90943751..b4d314f4 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -122,7 +122,7 @@ outputs:
heat::rabbit_heartbeat_timeout_threshold: 60
heat::keystone::authtoken::project_name: 'service'
heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 3b73eb88..e85b7537 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -144,6 +144,3 @@ outputs:
- name: Stop heat_engine service
tags: step2
service: name=openstack-heat-engine state=stopped
- - name: Sync heat_engine DB
- tags: step5
- command: heat-manage --config-file /etc/heat/heat.conf db_sync
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index bc34b736..a84df538 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -51,7 +51,7 @@ outputs:
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 48d87209..739db13c 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -111,6 +111,3 @@ outputs:
- name: Stop ironic_conductor service
tags: step2
service: name=openstack-ironic-conductor state=stopped
- - name: Sync ironic_conductor DB
- tags: step5
- command: ironic-dbsync
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 7da4a9c2..b2374ec4 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -310,8 +310,5 @@ outputs:
- name: Stop keystone service (running under httpd)
tags: step2
service: name=httpd state=stopped
- - name: Sync keystone DB
- tags: step5
- command: keystone-manage db_sync
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml
index 769ab68f..94c63d33 100644
--- a/puppet/services/logging/fluentd-client.yaml
+++ b/puppet/services/logging/fluentd-client.yaml
@@ -62,3 +62,12 @@ outputs:
get_attr: [LoggingConfiguration, LoggingSharedKey]
step_config: |
include ::tripleo::profile::base::logging::fluentd
+ upgrade_tasks:
+ - name: Check status of fluentd service
+ shell: >
+ /usr/bin/systemctl show fluentd --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop fluentd service
+ tags: step2
+ service: name=fluentd state=stopped
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index f1cddbd0..7b78c82e 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -49,7 +49,7 @@ outputs:
- get_attr: [ManilaBase, role_data, config_settings]
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
tripleo.manila_api.firewall_rules:
'150 manila':
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
index e38fe675..6ac0d2cf 100644
--- a/puppet/services/manila-share.yaml
+++ b/puppet/services/manila-share.yaml
@@ -46,7 +46,7 @@ outputs:
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
service_config_settings:
get_attr: [ManilaBase, role_data, service_config_settings]
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index eba8a58b..146cc306 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -18,6 +18,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MemcachedMaxMemory:
+ default: '50%'
+ description: The maximum amount of memory for memcached to be configured
+ to use when installed. This can be either a percentage ('50%')
+ or a fixed value ('2048').
+ type: string
MonitoringSubscriptionMemcached:
default: 'overcloud-memcached'
type: string
@@ -35,6 +41,7 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
+ memcached::max_memory: {get_param: MemcachedMaxMemory}
tripleo.memcached.firewall_rules:
'121 memcached':
dport: 11211
diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml
index e4e7dac7..a3e3b842 100644
--- a/puppet/services/metrics/collectd.yaml
+++ b/puppet/services/metrics/collectd.yaml
@@ -109,3 +109,12 @@ outputs:
.flatten().distinct()
step_config: |
include ::tripleo::profile::base::metrics::collectd
+ upgrade_tasks:
+ - name: Check status of collectd service
+ shell: >
+ /usr/bin/systemctl show collectd --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop collectd service
+ tags: step2
+ service: name=collectd state=stopped
diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
index e678b14f..4d020498 100644
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@@ -76,7 +76,7 @@ outputs:
mistral::keystone_tenant: 'service'
mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ mistral::identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
service_config_settings:
keystone:
mistral::keystone::auth::tenant: 'service'
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
index 76ba59c1..d74a68a2 100644
--- a/puppet/services/monitoring/sensu-client.yaml
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -62,3 +62,12 @@ outputs:
region: {get_param: KeystoneRegion}
step_config: |
include ::tripleo::profile::base::monitoring::sensu
+ upgrade_tasks:
+ - name: Check status of sensu-client service
+ shell: >
+ /usr/bin/systemctl show sensu-client --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop sensu-client service
+ tags: step2
+ service: name=sensu-client state=stopped
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 65fa0d8f..48e53f4c 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -130,7 +130,7 @@ outputs:
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::rpc_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
@@ -198,6 +198,3 @@ outputs:
- name: Stop neutron_api service
tags: step2
service: name=neutron-server state=stopped
- - name: Sync neutron_api DB
- tags: step5
- command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml
index ce28b5c3..868b2bc6 100644
--- a/puppet/services/neutron-compute-plugin-ovn.yaml
+++ b/puppet/services/neutron-compute-plugin-ovn.yaml
@@ -18,9 +18,6 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
- OVNDbHost:
- description: IP address on which the OVN DB servers are listening
- type: string
OVNSouthboundServerPort:
description: Port of the Southbound DB Server
type: number
@@ -37,9 +34,15 @@ outputs:
value:
service_name: neutron_compute_plugin_ovn
config_settings:
- tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
- ovn::southbound::encap_type: {get_param: OVNTunnelEncapType}
+ ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '119 neutron geneve networks':
+ proto: 'udp'
+ dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 199b5809..6f5debdd 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -70,7 +70,7 @@ outputs:
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
- neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
step_config: |
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
index 59346edc..4d4c3900 100644
--- a/puppet/services/neutron-plugin-ml2-ovn.yaml
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -18,10 +18,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
- default: 60
+ default: 180
OVNVifType:
description: Type of VIF to be used for ports
type: string
@@ -43,6 +47,10 @@ parameters:
description: OVN notification driver for Neutron QOS service plugin
type: string
default: NULL
+ NeutronGeneveMaxHeaderSize:
+ description: Geneve encapsulation header size
+ type: number
+ default: 38
resources:
@@ -61,10 +69,12 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
- neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
- neutron::plugins::ovn::ovn_l3_mode: true
- neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
+ - ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+ neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+ neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
+ neutron::plugins::ml2::ovn::ovn_l3_mode: true
+ neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
+ neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index bd078074..ad1dcfb0 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -102,7 +102,7 @@ outputs:
- '/ovs_neutron'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
+ neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]}
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 9e097d92..d18b5b48 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -112,7 +112,7 @@ outputs:
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::api::sync_db_api: true
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index e6c455e7..d892c36d 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -115,6 +115,11 @@ parameters:
description: >
Cron to move deleted instances to another table - Until complete
default: false
+ NovaPlacementAPIInterface:
+ type: string
+ description: >
+ Endpoint interface to be used for the placement API.
+ default: 'internal'
conditions:
@@ -133,8 +138,9 @@ outputs:
nova::rabbit_port: {get_param: RabbitClientPort}
nova::placement::project_name: 'service'
nova::placement::password: {get_param: NovaPassword}
- nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::placement::os_region_name: {get_param: KeystoneRegion}
+ nova::placement::os_interface: {get_param: NovaPlacementAPIInterface}
nova::database_connection:
list_join:
- ''
@@ -166,6 +172,7 @@ outputs:
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
nova::network::neutron::neutron_username: 'neutron'
+ nova::network::neutron::neutron_region_name: {get_param: KeystoneRegion}
nova::network::neutron::dhcp_domain: ''
nova::network::neutron::neutron_password: {get_param: NeutronPassword}
nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
index 306c6b6f..5eb2170a 100644
--- a/puppet/services/nova-ironic.yaml
+++ b/puppet/services/nova-ironic.yaml
@@ -42,10 +42,10 @@ outputs:
- nova::compute::force_config_drive: true
nova::compute::reserved_host_memory: '0'
nova::compute::vnc_enabled: false
- nova::ironic::common::admin_password: {get_param: IronicPassword}
- nova::ironic::common::admin_tenant_name: 'service'
- nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
- nova::ironic::common::admin_username: 'ironic'
+ nova::ironic::common::password: {get_param: IronicPassword}
+ nova::ironic::common::project_name: 'service'
+ nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ nova::ironic::common::username: 'ironic'
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
nova::network::neutron::dhcp_domain: ''
nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 82b83561..5564c1b3 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -86,13 +86,13 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
- $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ $NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
-
if:
- nova_workers_zero
@@ -118,3 +118,7 @@ outputs:
nova::db::mysql_placement::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: Stop nova_placement service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
index 58223baf..37ba1f73 100644
--- a/puppet/services/octavia-api.yaml
+++ b/puppet/services/octavia-api.yaml
@@ -68,7 +68,7 @@ outputs:
- '/octavia'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
octavia::keystone::authtoken::project_name: 'service'
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
octavia::api::sync_db: true
diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
index 6e25d796..2c2586af 100644
--- a/puppet/services/panko-base.yaml
+++ b/puppet/services/panko-base.yaml
@@ -53,7 +53,7 @@ outputs:
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: 'regionOne'
panko::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index b4307053..e2084186 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -73,7 +73,7 @@ outputs:
sahara::debug: {get_param: Debug}
sahara::admin_password: {get_param: SaharaPassword}
sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
sahara::use_neutron: true
sahara::plugins: {get_param: SaharaPlugins}
sahara::rpc_backend: rabbit
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 31a4c178..526fa888 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -87,7 +87,7 @@ outputs:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 0224ac13..cb860fa8 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -40,7 +40,7 @@ outputs:
config_settings:
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
zaqar::keystone::authtoken::project_name: 'service'
- zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::debug: {get_param: Debug}
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
index 069cbd23..f9afb18d 100644
--- a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
+++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
@@ -54,9 +54,20 @@ features:
- Add Panko service support. This service is not enabled by default. Use
environments/services/enable-panko.yaml to include it in your deployment.
- Add EC2-API composable service support.
+ - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a
+ new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []).
+ - Add support for Ceph RBD mirroring daemon managed by Pacemaker.
+ - Add deployed server bootstrap for RHEL.
+ - Configure VNC Server listen address on internal_api network by default.
+ - Support for Cinder Dell EMC PS Series.
+ - Support for Cinder Dell EMC EMC Storage Center.
+ - Support for Octavia composable services for LBaaS with Neutron.
+ - Support for Collectd composable services for performance monitoring.
+ - Support for Tacker composable service for VNF management.
upgrade:
- Update OpenDaylight deployment to use networking-odl v2 as a mechanism
driver.
+ - Update Contrail composable services.
deprecations:
- Glance Registry service has been removed and Glance API v2 is now deploy
by default. Glance API v1 is not supported anymore in TripleO.
@@ -68,16 +79,26 @@ deprecations:
- Removes deprecated OpenDaylight L2 only deployments.
Deploying ODL without L3 DVR is no longer supported.
security:
- - Disallow iframe embed in Horizon configuration to prevent dashboard being
- embedded within an iframe and exposed to Cross-Frame Scripting (XFS)
- vulnerability on legacy browsers.
- - Allow management of enforce_password_check in Horizons configuration to
- display an 'Admin Password' field on the Change Password form to verify that
+ - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to
+ prevent dashboard being embedded within an iframe and exposed to Cross-Frame
+ Scripting (XFS) vulnerability on legacy browsers.
+ - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to
+ display an Admin Password field on the Change Password form to verify that
it is indeed the admin logged-in who wants to change the password.
- - Allow management of disable_password_reveal in Horizon, to remove the
+ - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the
password reveal option.
- - Enable secure_proxy_ssl_header option in Horizons configuration to take
+ - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take
X-Forwarded-Proto header into account when forming URLs.
+ - Enable management of ENFORCE_PASSWORD_CHECK value. By setting
+ 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it
+ displays an ‘Admin Password’ field on the “Change Password” form to verify
+ that it is the admin logged-in that wants to perform the password change.
+ - Enable management of Horizons Password Validation. Enables injection of an
+ operators own password validation regex via a heat template.
+ - Enable management of '/etc/issue Banner' whereby an operator can populate
+ their own Banner warning text to be displayed upon terminal login.
+ - Enable management of auditd system. '/etc/audit/audit.rules' can now be
+ populated by means of a heat template.
fixes:
- Fixes `bug 1645898
<https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on
@@ -93,3 +114,12 @@ fixes:
- Fixes `bug 1643487
<https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source
address from binding to a VIP for database connection.
+ - Fixes `bug 1649836
+ <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure
+ DPDK options to isolate PMD cores and ovs process cores.
+ - Fixes `bug 1662344
+ <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping
+ to set bind_address on nova db uri.
+ This reverts the changes in https://review.openstack.org/414629 for nova as
+ they are incompatible with cell_v2.
+ This is a temporary fix for HA while a long-term solution is developed.
diff --git a/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
new file mode 100644
index 00000000..1f41073b
--- /dev/null
+++ b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
@@ -0,0 +1,9 @@
+---
+other:
+ - |
+ Use Keystone internal endpoint instead of admin for services.
+ The admin endpoint is listening on the ctlplane network by default;
+ services should ideally be using the internal api network for this kind
+ of traffic, as the ctlplane network is mostly for provisioning. On the
+ other hand, the admin endpoint shouldn't be as relevant with services
+ switching to keystone v3.
diff --git a/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
new file mode 100644
index 00000000..c14cefa0
--- /dev/null
+++ b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ Memcached max memory configuration is now exposed va MemcachedMaxMemory.
+upgrade:
+ - |
+ Reduce the default memory configuration for memcached from 95% to 50%.
diff --git a/roles_data.yaml b/roles_data.yaml
index 92c5ff19..31b12986 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -38,6 +38,7 @@
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Congress
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/test-requirements.txt b/test-requirements.txt
index 06bce5a2..1c9e3b42 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,6 @@
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
-sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
+sphinx>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
reno>=1.8.0 # Apache-2.0