aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/multinode.yaml6
-rw-r--r--docker/services/README.rst8
-rw-r--r--docker/services/database/mongodb.yaml98
-rw-r--r--docker/services/glance-api.yaml96
-rw-r--r--docker/services/heat-api-cfn.yaml90
-rw-r--r--docker/services/heat-api.yaml90
-rw-r--r--docker/services/heat-engine.yaml92
-rw-r--r--docker/services/ironic-api.yaml99
-rw-r--r--docker/services/ironic-conductor.yaml111
-rw-r--r--docker/services/ironic-pxe.yaml131
-rw-r--r--docker/services/keystone.yaml153
-rw-r--r--docker/services/memcached.yaml69
-rw-r--r--docker/services/mistral-api.yaml115
-rw-r--r--docker/services/mistral-engine.yaml87
-rw-r--r--docker/services/mistral-executor.yaml91
-rw-r--r--docker/services/neutron-api.yaml102
-rw-r--r--docker/services/neutron-dhcp.yaml93
-rw-r--r--docker/services/neutron-plugin-ml2.yaml58
-rw-r--r--docker/services/nova-api.yaml134
-rw-r--r--docker/services/nova-compute.yaml1
-rw-r--r--docker/services/nova-conductor.yaml85
-rw-r--r--docker/services/nova-ironic.yaml88
-rw-r--r--docker/services/nova-metadata.yaml48
-rw-r--r--docker/services/nova-placement.yaml101
-rw-r--r--docker/services/nova-scheduler.yaml84
-rw-r--r--docker/services/rabbitmq.yaml119
-rw-r--r--docker/services/swift-proxy.yaml76
-rw-r--r--docker/services/swift-ringbuilder.yaml80
-rw-r--r--docker/services/swift-storage.yaml343
-rw-r--r--docker/services/zaqar.yaml99
-rw-r--r--environments/docker.yaml30
-rw-r--r--environments/net-bond-with-vlans-no-external.yaml4
-rw-r--r--environments/net-bond-with-vlans-v6.yaml6
-rw-r--r--environments/net-bond-with-vlans.yaml6
-rw-r--r--environments/net-single-nic-linux-bridge-with-vlans.yaml6
-rw-r--r--environments/net-single-nic-with-vlans-no-external.yaml4
-rw-r--r--environments/net-single-nic-with-vlans-v6.yaml6
-rw-r--r--environments/net-single-nic-with-vlans.yaml6
-rw-r--r--environments/network-environment.yaml2
-rw-r--r--firstboot/os-net-config-mappings.yaml51
-rw-r--r--puppet/services/heat-api-cfn.yaml2
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/heat-engine.yaml2
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml25
-rw-r--r--puppet/services/neutron-l3.yaml13
-rw-r--r--puppet/services/nova-placement.yaml4
47 files changed, 2957 insertions, 61 deletions
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index 0609dd5f..d89a4942 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -4,6 +4,8 @@ resource_registry:
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
@@ -45,5 +47,9 @@ parameter_defaults:
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
SwiftCeilometerPipelineEnabled: False
Debug: True
diff --git a/docker/services/README.rst b/docker/services/README.rst
index c054e8c0..881a2a37 100644
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -19,8 +19,11 @@ Building Kolla Images
TripleO currently relies on Kolla docker containers. Kolla supports container
customization and we are making use of this feature within TripleO to inject
-puppet (our configuration tool of choice) into the Kolla base images. To
-build Kolla images for TripleO adjust your kolla config to build your
+puppet (our configuration tool of choice) into the Kolla base images. The
+undercloud nova-scheduler also requires openstack-tripleo-common to
+provide custom filters.
+
+To build Kolla images for TripleO adjust your kolla config to build your
centos base image with puppet using the example below:
.. code-block::
@@ -28,6 +31,7 @@ centos base image with puppet using the example below:
$ cat template-overrides.j2
{% extends parent_template %}
{% set base_centos_binary_packages_append = ['puppet'] %}
+{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %}
kolla-build --base centos --template-override template-overrides.j2
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
new file mode 100644
index 00000000..cc28846a
--- /dev/null
+++ b/docker/services/database/mongodb.yaml
@@ -0,0 +1,98 @@
+heat_template_version: ocata
+
+description: >
+ MongoDB service deployment using puppet and docker
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMongodbImage:
+ description: image
+ default: 'centos-binary-mongodb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MongodbPuppetBase:
+ type: ../../../puppet/services/database/mongodb.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Containerized service Mongodb using composable services.
+ value:
+ service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MongodbPuppetBase, role_data, config_settings]
+ - mongodb::server::fork: false
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [MongodbPuppetBase, role_data, step_config]}
+ upgrade_tasks: {get_attr: [MongodbPuppetBase, role_data, upgrade_tasks]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &mongodb_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
+ puppet_tags: file # set this even though file is the default
+ config_volume: mongodb
+ config_image: *mongodb_image
+ kolla_config:
+ /var/lib/kolla/config_files/mongodb.json:
+ command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
+ config_files:
+ - dest: /etc/mongod.conf
+ source: /var/lib/kolla/config_files/src/etc/mongod.conf
+ owner: mongodb
+ perm: '0600'
+ - dest: /etc/mongos.conf
+ source: /var/lib/kolla/config_files/src/etc/mongos.conf
+ owner: mongodb
+ perm: '0600'
+ docker_config:
+ step_2:
+ mongodb:
+ image: *mongodb_image
+ net: host
+ privileged: false
+ volumes: &mongodb_volumes
+ - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log/kolla
+ - mongodb:/var/lib/mongodb/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ docker_puppet_tasks:
+ # MySQL database initialization occurs only on single node
+ step_2:
+ - 'mongodb_init_tasks'
+ - 'mongodb_database,mongodb_user,mongodb_replset'
+ - 'include ::tripleo::profile::base::database::mongodb'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
+ - - "mongodb:/var/lib/mongodb"
+ - "logs:/var/log/kolla:ro"
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
new file mode 100644
index 00000000..b8ab9622
--- /dev/null
+++ b/docker/services/glance-api.yaml
@@ -0,0 +1,96 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Glance service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerGlanceApiImage:
+ description: image
+ default: 'centos-binary-glance-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ GlanceApiPuppetBase:
+ type: ../../puppet/services/glance-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Glance API role.
+ value:
+ service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceApiPuppetBase, role_data, config_settings]
+ - glance::api::sync_db: false
+ step_config: {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
+ service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &glance_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
+ puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
+ config_volume: glance_api
+ config_image: *glance_image
+ kolla_config:
+ /var/lib/kolla/config_files/glance-api.json:
+ command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
+ config_files:
+ - dest: /etc/glance/glance-api.conf
+ owner: glance
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf
+ - dest: /etc/glance/glance-swift.conf
+ owner: glance
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf
+ docker_config:
+ step_3:
+ glance_api_db_sync:
+ image: *glance_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &glance_volumes
+ - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro
+ - /run:/run
+ - /dev:/dev
+ - /etc/hosts:/etc/hosts:ro
+ environment:
+ - KOLLA_BOOTSTRAP=True
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_4:
+ glance_api:
+ image: *glance_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *glance_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
new file mode 100644
index 00000000..93632166
--- /dev/null
+++ b/docker/services/heat-api-cfn.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat API CFN service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatApiCfnImage:
+ description: image
+ default: 'centos-binary-heat-api-cfn:latest'
+ type: string
+ # we configure all heat services in the same heat engine container
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-api-cfn.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat API CFN role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_api_cfn_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/heat_api_cfn.json:
+ command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_4:
+ heat_api_cfn:
+ image: *heat_api_cfn_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
new file mode 100644
index 00000000..2efabb61
--- /dev/null
+++ b/docker/services/heat-api.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatApiImage:
+ description: image
+ default: 'centos-binary-heat-api:latest'
+ type: string
+ # we configure all heat services in the same heat engine container
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat API role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/heat_api.json:
+ command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_4:
+ heat_api:
+ image: *heat_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
new file mode 100644
index 00000000..db8c2be5
--- /dev/null
+++ b/docker/services/heat-engine.yaml
@@ -0,0 +1,92 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Heat Engine service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHeatEngineImage:
+ description: image
+ default: 'centos-binary-heat-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ HeatBase:
+ type: ../../puppet/services/heat-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Heat Engine role.
+ value:
+ service_name: {get_attr: [HeatBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HeatBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [HeatBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &heat_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ puppet_tags: heat_config,file,concat,file_line
+ config_volume: heat
+ config_image: *heat_engine_image
+ kolla_config:
+ /var/lib/kolla/config_files/heat_engine.json:
+ command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - dest: /etc/heat/heat.conf
+ owner: heat
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/heat/heat.conf
+ docker_config:
+ step_3:
+ heat_engine_db_sync:
+ image: *heat_engine_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/heat/etc/heat:/etc/heat:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['heat-manage', 'db_sync']
+ step_4:
+ heat_engine:
+ image: *heat_engine_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
new file mode 100644
index 00000000..80120568
--- /dev/null
+++ b/docker/services/ironic-api.yaml
@@ -0,0 +1,99 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicApiImage:
+ description: image
+ default: 'centos-binary-ironic-api:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ IronicApiBase:
+ type: ../../puppet/services/ironic-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic API role.
+ value:
+ service_name: {get_attr: [IronicApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicApiBase, role_data, config_settings]
+ step_config: {get_attr: [IronicApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_api.json:
+ command: /usr/bin/ironic-api
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ docker_config:
+ step_3:
+ ironic_db_sync:
+ image: *ironic_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+ step_4:
+ ironic_api:
+ start_order: 10
+ image: *ironic_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml
new file mode 100644
index 00000000..945ef3fc
--- /dev/null
+++ b/docker/services/ironic-conductor.yaml
@@ -0,0 +1,111 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic Conductor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicConductorImage:
+ description: image
+ default: 'centos-binary-ironic-conductor:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ IronicConductorBase:
+ type: ../../puppet/services/ironic-conductor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic Conductor role.
+ value:
+ service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicConductorBase, role_data, config_settings]
+ # to avoid hard linking errors we store these on the same
+ # volume/device as the ironic master_path
+ - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
+ - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
+ - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
+ - ironic::pxe::http_root: /var/lib/ironic/httpboot
+ - ironic::conductor::http_root: /var/lib/ironic/httpboot
+ step_config: {get_attr: [IronicConductorBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_conductor.json:
+ command: /usr/bin/ironic-conductor
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ permissions:
+ - path: /var/lib/ironic/httpboot
+ owner: ironic:ironic
+ recurse: true
+ - path: /var/lib/ironic/tftpboot
+ owner: ironic:ironic
+ recurse: true
+ docker_config:
+ step_4:
+ ironic-init-dirs:
+ image: *ironic_image
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot']
+ volumes:
+ - ironic:/var/lib/ironic
+ ironic_conductor:
+ start_order: 80
+ image: *ironic_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - /sys:/sys
+ - /dev:/dev
+ - /run:/run #shared?
+ - ironic:/var/lib/ironic
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
new file mode 100644
index 00000000..bc7b4677
--- /dev/null
+++ b/docker/services/ironic-pxe.yaml
@@ -0,0 +1,131 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Ironic PXE service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIronicPxeImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ DockerIronicConfigImage:
+ description: image
+ default: 'centos-binary-ironic-pxe:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Ironic PXE role.
+ value:
+ service_name: ironic_pxe
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &ironic_pxe_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ]
+ puppet_tags: ironic_config
+ config_volume: ironic
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ironic_pxe_http.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ /var/lib/kolla/config_files/ironic_pxe_tftp.json:
+ command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
+ config_files:
+ - dest: /etc/ironic/ironic.conf
+ owner: ironic
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf
+ - dest: /var/lib/ironic/tftpboot/chain.c32
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32
+ - dest: /var/lib/ironic/tftpboot/pxelinux.0
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0
+ - dest: /var/lib/ironic/tftpboot/ipxe.efi
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi
+ - dest: /var/lib/ironic/tftpboot/undionly.kpxe
+ owner: ironic
+ perm: '0744'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe
+ - dest: /var/lib/ironic/tftpboot/map-file
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file
+ docker_config:
+ step_4:
+ ironic_pxe_tftp:
+ start_order: 90
+ image: *ironic_pxe_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/log:/dev/log
+ - ironic:/var/lib/ironic/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ironic_pxe_http:
+ start_order: 91
+ image: *ironic_pxe_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - ironic:/var/lib/ironic/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
new file mode 100644
index 00000000..1d25da72
--- /dev/null
+++ b/docker/services/keystone.yaml
@@ -0,0 +1,153 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Keystone service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerKeystoneImage:
+ description: image
+ default: 'centos-binary-keystone:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+
+resources:
+
+ KeystoneBase:
+ type: ../../puppet/services/keystone.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Keystone API role.
+ value:
+ service_name: {get_attr: [KeystoneBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [KeystoneBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [KeystoneBase, role_data, step_config]}
+ service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &keystone_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+ puppet_tags: keystone_config
+ config_volume: keystone
+ config_image: *keystone_image
+ kolla_config:
+ /var/lib/kolla/config_files/keystone.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/keystone/keystone.conf
+ owner: keystone
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf
+ - dest: /etc/keystone/credential-keys/0
+ owner: keystone
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0
+ - dest: /etc/keystone/credential-keys/1
+ owner: keystone
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
+ - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf
+ - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ - dest: /var/www/cgi-bin/keystone/keystone-admin
+ owner: keystone
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin
+ - dest: /var/www/cgi-bin/keystone/keystone-public
+ owner: keystone
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public
+ docker_config:
+ step_3:
+ keystone-init-log:
+ start_order: 0
+ image: *keystone_image
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /var/log/httpd && mkdir /var/log/keystone && chown keystone:keystone /var/log/keystone']
+ volumes:
+ - logs:/var/log
+ keystone_db_sync:
+ start_order: 1
+ image: *keystone_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &keystone_volumes
+ - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ environment:
+ - KOLLA_BOOTSTRAP=True
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ keystone:
+ start_order: 1
+ image: *keystone_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *keystone_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ keystone_bootstrap:
+ start_order: 2
+ action: exec
+ command:
+ [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ docker_puppet_tasks:
+ # Keystone endpoint creation occurs only on single node
+ step_4:
+ - 'keystone_init_tasks'
+ - 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
+ - 'include ::tripleo::profile::base::keystone'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
new file mode 100644
index 00000000..d459c825
--- /dev/null
+++ b/docker/services/memcached.yaml
@@ -0,0 +1,69 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Memcached services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMemcachedImage:
+ description: image
+ default: 'centos-binary-memcached:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MemcachedBase:
+ type: ../../puppet/services/memcached.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Memcached API role.
+ value:
+ service_name: {get_attr: [MemcachedBase, role_data, service_name]}
+ config_settings: {get_attr: [MemcachedBase, role_data, config_settings]}
+ step_config: {get_attr: [MemcachedBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &memcached_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ]
+ puppet_tags: 'file'
+ config_volume: 'memcached'
+ config_image: *memcached_image
+ kolla_config: {}
+ docker_config:
+ step_1:
+ memcached:
+ image: *memcached_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
new file mode 100644
index 00000000..e535a817
--- /dev/null
+++ b/docker/services/mistral-api.yaml
@@ -0,0 +1,115 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralApiImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ MistralApiBase:
+ type: ../../puppet/services/mistral-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral API role.
+ value:
+ service_name: {get_attr: [MistralApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralApiBase, role_data, config_settings]
+ step_config: {get_attr: [MistralApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_api.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_3:
+ mistral_db_sync:
+ start_order: 1
+ image: *mistral_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+ mistral_db_populate:
+ start_order: 2
+ image: *mistral_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ # NOTE: dprince this requires that we install openstack-tripleo-common into
+ # the Mistral API image so that we get tripleo* actions
+ command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+ step_4:
+ mistral_api:
+ start_order: 15
+ image: *mistral_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml
new file mode 100644
index 00000000..be4c8af7
--- /dev/null
+++ b/docker/services/mistral-engine.yaml
@@ -0,0 +1,87 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral Engine service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralEngineImage:
+ description: image
+ default: 'centos-binary-mistral-engine:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ MistralBase:
+ type: ../../puppet/services/mistral-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Engine role.
+ value:
+ service_name: {get_attr: [MistralBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralBase, role_data, config_settings]
+ step_config: {get_attr: [MistralBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_engine.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_4:
+ mistral_engine:
+ image: *mistral_engine_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
new file mode 100644
index 00000000..33608a42
--- /dev/null
+++ b/docker/services/mistral-executor.yaml
@@ -0,0 +1,91 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Mistral Executor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMistralExecutorImage:
+ description: image
+ default: 'centos-binary-mistral-executor:latest'
+ type: string
+ DockerMistralConfigImage:
+ description: image
+ default: 'centos-binary-mistral-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ MistralBase:
+ type: ../../puppet/services/mistral-executor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Executor role.
+ value:
+ service_name: {get_attr: [MistralBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [MistralBase, role_data, config_settings]
+ step_config: {get_attr: [MistralBase, role_data, step_config]}
+ service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &mistral_executor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ]
+ puppet_tags: mistral_config
+ config_volume: mistral
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/mistral_executor.json:
+ command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
+ config_files:
+ - dest: /etc/mistral/mistral.conf
+ owner: mistral
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf
+ docker_config:
+ step_4:
+ mistral_executor:
+ image: *mistral_executor_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ # FIXME: this is required in order for Nova cells
+ # initialization workflows on the Undercloud. Need to
+ # exclude this on the overcloud for security reasons.
+ - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
new file mode 100644
index 00000000..e444f391
--- /dev/null
+++ b/docker/services/neutron-api.yaml
@@ -0,0 +1,102 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronApiImage:
+ description: image
+ default: 'centos-binary-neutron-server:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron API role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &neutron_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
+ puppet_tags: neutron_config,neutron_api_config
+ config_volume: neutron
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron_api.json:
+ command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
+ - dest: /etc/neutron/plugin.ini
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini
+ docker_config:
+ step_3:
+ neutron_db_sync:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
+ - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['neutron-db-manage', 'upgrade', 'heads']
+ step_4:
+ neutron_api:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
new file mode 100644
index 00000000..fc13b3d1
--- /dev/null
+++ b/docker/services/neutron-dhcp.yaml
@@ -0,0 +1,93 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron DHCP service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronApiImage:
+ description: image
+ default: 'centos-binary-neutron-dhcp-agent:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-dhcp.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &neutron_dhcp_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
+ puppet_tags: neutron_config,neutron_dhcp_agent_config
+ config_volume: neutron
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron_dhcp.json:
+ command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
+ - dest: /etc/neutron/dhcp_agent.ini
+ owner: neutron
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini
+ docker_config:
+ step_4:
+ neutron_dhcp:
+ image: *neutron_dhcp_image
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/:/run
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml
new file mode 100644
index 00000000..37ab8db2
--- /dev/null
+++ b/docker/services/neutron-plugin-ml2.yaml
@@ -0,0 +1,58 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron ML2 Plugin configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NeutronBase:
+ type: ../../puppet/services/neutron-plugin-ml2.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2 Plugin role.
+ value:
+ service_name: {get_attr: [NeutronBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &docker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ puppet_tags: ''
+ config_volume: 'neutron'
+ config_image: *docker_image
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
new file mode 100644
index 00000000..26ae514a
--- /dev/null
+++ b/docker/services/nova-api.yaml
@@ -0,0 +1,134 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaApiImage:
+ description: image
+ default: 'centos-binary-nova-api:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaApiBase:
+ type: ../../puppet/services/nova-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova API role.
+ value:
+ service_name: {get_attr: [NovaApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaApiBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [NovaApiBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_api.json:
+ command: /usr/bin/nova-api
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_3:
+ nova_api_db_sync:
+ start_order: 1
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: &nova_api_volumes
+ - /var/lib/config-data/nova/etc/:/etc/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+ # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
+ # to be capable of upgrading a baremetal setup. This is to ensure the name
+ # of the cell is 'default'
+ nova_api_map_cell0:
+ start_order: 2
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ command:
+ - '/usr/bin/nova-manage'
+ - 'cell_v2'
+ - 'map_cell0'
+ nova_api_create_default_cell:
+ start_order: 3
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ # NOTE: allowing the exit code 2 is a dirty way of making
+ # this idempotent (if the resource already exists a conflict
+ # is raised)
+ exit_codes: [0,2]
+ command:
+ - '/usr/bin/nova-manage'
+ - 'cell_v2'
+ - 'create_cell'
+ - '--name="default"'
+ nova_db_sync:
+ start_order: 4
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ command: ['/usr/bin/nova-manage', 'db', 'sync']
+ step_4:
+ nova_api:
+ start_order: 2
+ image: *nova_api_image
+ net: host
+ user: nova
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 8eebc397..570df95f 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -64,6 +64,7 @@ outputs:
perm: '0600'
source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
docker_config:
+ # FIXME: run discover hosts here
step_4:
novacompute:
image: *nova_compute_image
diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
new file mode 100644
index 00000000..aa009b4f
--- /dev/null
+++ b/docker/services/nova-conductor.yaml
@@ -0,0 +1,85 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Conductor service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaConductorImage:
+ description: image
+ default: 'centos-binary-nova-conductor:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ NovaConductorBase:
+ type: ../../puppet/services/nova-conductor.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Conductor service.
+ value:
+ service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaConductorBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_conductor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_conductor.json:
+ command: /usr/bin/nova-conductor
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_4:
+ nova_conductor:
+ image: *nova_conductor_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
new file mode 100644
index 00000000..c1858ded
--- /dev/null
+++ b/docker/services/nova-ironic.yaml
@@ -0,0 +1,88 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Ironic Compute service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaComputeImage:
+ description: image
+ default: 'centos-binary-nova-compute-ironic:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+
+ NovaIronicBase:
+ type: ../../puppet/services/nova-ironic.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service.
+ value:
+ service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaIronicBase, role_data, step_config]}
+ puppet_tags: nova_config,nova_paste_api_ini
+ docker_image: &nova_ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_ironic.json:
+ command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ - dest: /etc/nova/rootwrap.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf
+ docker_config:
+ step_5:
+ novacompute:
+ image: *nova_ironic_image
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - nova_compute:/var/lib/nova/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml
new file mode 100644
index 00000000..a4baaa27
--- /dev/null
+++ b/docker/services/nova-metadata.yaml
@@ -0,0 +1,48 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Metadata service
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+
+resources:
+
+ NovaMetadataBase:
+ type: ../../puppet/services/nova-metadata.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Metadata service.
+ value:
+ service_name: {get_attr: [NovaMetadataBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaMetadataBase, role_data, config_settings]
+ step_config: {get_attr: [NovaMetadataBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: ''
+ puppet_tags: ''
+ config_volume: ''
+ config_image: ''
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
new file mode 100644
index 00000000..f0f7d724
--- /dev/null
+++ b/docker/services/nova-placement.yaml
@@ -0,0 +1,101 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Placement API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaPlacementImage:
+ description: image
+ default: 'centos-binary-nova-placement-api'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaPlacementBase:
+ type: ../../puppet/services/nova-placement.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Placement API role.
+ value:
+ service_name: {get_attr: [NovaPlacementBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaPlacementBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: {get_attr: [NovaPlacementBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_placement_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
+ puppet_tags: nova_config
+ config_volume: nova_placement
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_placement.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ - dest: /etc/httpd/conf.d/10-placement_wsgi.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ - dest: /var/www/cgi-bin/nova/nova-placement-api
+ owner: nova
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api
+ docker_config:
+ # start this early so it is up before computes start reporting
+ step_3:
+ nova_placement:
+ start_order: 1
+ image: *nova_placement_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
new file mode 100644
index 00000000..a1a98b48
--- /dev/null
+++ b/docker/services/nova-scheduler.yaml
@@ -0,0 +1,84 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Nova Scheduler service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaSchedulerImage:
+ description: image
+ default: 'centos-binary-nova-scheduler:latest'
+ type: string
+ DockerNovaBaseImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ NovaSchedulerBase:
+ type: ../../puppet/services/nova-scheduler.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Scheduler service.
+ value:
+ service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]}
+ step_config: {get_attr: [NovaSchedulerBase, role_data, step_config]}
+ service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &nova_scheduler_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
+ puppet_tags: nova_config
+ config_volume: nova
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_scheduler.json:
+ command: /usr/bin/nova-scheduler
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/nova/nova.conf
+ docker_config:
+ step_4:
+ nova_scheduler:
+ image: *nova_scheduler_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
new file mode 100644
index 00000000..cea3d8a7
--- /dev/null
+++ b/docker/services/rabbitmq.yaml
@@ -0,0 +1,119 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Rabbitmq service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRabbitmqImage:
+ description: image
+ default: 'centos-binary-rabbitmq:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+
+resources:
+
+ RabbitmqBase:
+ type: ../../puppet/services/rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Rabbitmq API role.
+ value:
+ service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+ config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]}
+ step_config: {get_attr: [RabbitmqBase, role_data, step_config]}
+ service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
+ puppet_tags: file
+ config_volume: rabbitmq
+ config_image: *rabbitmq_image
+ kolla_config:
+ /var/lib/kolla/config_files/rabbitmq.json:
+ command: /usr/lib/rabbitmq/bin/rabbitmq-server
+ config_files:
+ - dest: /etc/rabbitmq/rabbitmq.config
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config
+ - dest: /etc/rabbitmq/enabled_plugins
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins
+ - dest: /etc/rabbitmq/rabbitmq-env.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf
+ - dest: /etc/rabbitmq/rabbitmqadmin.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf
+ docker_config:
+ step_1:
+ rabbitmq_bootstrap:
+ start_order: 0
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - rabbitmq:/var/lib/rabbitmq/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ -
+ list_join:
+ - '='
+ - - 'RABBITMQ_CLUSTER_COOKIE'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ rabbitmq:
+ start_order: 1
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - rabbitmq:/var/lib/rabbitmq/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
new file mode 100644
index 00000000..09553319
--- /dev/null
+++ b/docker/services/swift-proxy.yaml
@@ -0,0 +1,76 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized swift proxy service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ SwiftProxyBase:
+ type: ../../puppet/services/swift-proxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the swift proxy.
+ value:
+ service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftProxyBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &swift_proxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ puppet_tags: swift_proxy_config
+ config_volume: swift
+ config_image: *swift_proxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/swift_proxy.json:
+ command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
+ docker_config:
+ step_4:
+ swift_proxy:
+ image: *swift_proxy_image
+ net: host
+ user: swift
+ restart: always
+ # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime?
+ volumes:
+ - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
new file mode 100644
index 00000000..de91e7cf
--- /dev/null
+++ b/docker/services/swift-ringbuilder.yaml
@@ -0,0 +1,80 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Swift Ringbuilder
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftMinPartHours:
+ type: number
+ default: 1
+ description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
+ SwiftPartPower:
+ default: 10
+ description: Partition Power to use when building Swift rings
+ type: number
+ SwiftRingBuild:
+ default: true
+ description: Whether to manage Swift rings or not
+ type: boolean
+ SwiftReplicas:
+ type: number
+ default: 3
+ description: How many replicas to use in the swift rings.
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+ SwiftUseLocalDir:
+ default: true
+ description: 'Use a local directory for Swift storage services when building rings'
+ type: boolean
+
+resources:
+
+ SwiftRingbuilderBase:
+ type: ../../puppet/services/swift-ringbuilder.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for Swift Ringbuilder configuration in containers.
+ value:
+ service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftRingbuilderBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
+ puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+ # BEGIN DOCKER SETTINGS
+ docker_image: &docker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ config_volume: 'swift'
+ config_image: *docker_image
+ kolla_config: {}
+ docker_config: {}
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
new file mode 100644
index 00000000..5b2ec6e6
--- /dev/null
+++ b/docker/services/swift-storage.yaml
@@ -0,0 +1,343 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Swift Storage services.
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSwiftProxyImage:
+ description: image
+ default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ DockerSwiftAccountImage:
+ description: image
+ default: 'centos-binary-swift-account:latest'
+ type: string
+ DockerSwiftContainerImage:
+ description: image
+ default: 'centos-binary-swift-container:latest'
+ type: string
+ DockerSwiftObjectImage:
+ description: image
+ default: 'centos-binary-swift-object:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+
+resources:
+
+ SwiftStorageBase:
+ type: ../../puppet/services/swift-storage.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the swift storage services.
+ value:
+ service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
+ config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ step_config: {get_attr: [SwiftStorageBase, role_data, step_config]}
+ service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &swift_proxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config
+ config_volume: swift
+ config_image: *swift_proxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/swift_account_auditor.json:
+ command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_reaper.json:
+ command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_replicator.json:
+ command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_account_server.json:
+ command: /usr/bin/swift-account-server /etc/swift/account-server.conf
+ /var/lib/kolla/config_files/swift_container_auditor.json:
+ command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_replicator.json:
+ command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_updater.json:
+ command: /usr/bin/swift-container-updater /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_container_server.json:
+ command: /usr/bin/swift-container-server /etc/swift/container-server.conf
+ /var/lib/kolla/config_files/swift_object_auditor.json:
+ command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_expirer.json:
+ command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf
+ /var/lib/kolla/config_files/swift_object_replicator.json:
+ command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_updater.json:
+ command: /usr/bin/swift-object-updater /etc/swift/object-server.conf
+ /var/lib/kolla/config_files/swift_object_server.json:
+ command: /usr/bin/swift-object-server /etc/swift/object-server.conf
+ docker_config:
+ step_3:
+ # The puppet config sets this up but we don't have a way to mount the named
+ # volume during the configuration stage. We just need to create this
+ # directory and make sure it's owned by swift.
+ swift_setup_srv:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node']
+ volumes:
+ - swift-srv:/srv
+ step_4:
+ swift_account_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: &kolla_env
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ swift_account_reaper:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_account_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_account_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_updater:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_container_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_auditor:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_expirer:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_replicator:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_updater:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
+ swift_object_server:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ net: host
+ user: swift
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /run:/run
+ - swift-srv:/srv
+ - /dev:/dev
+ environment: *kolla_env
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
new file mode 100644
index 00000000..9f248ce1
--- /dev/null
+++ b/docker/services/zaqar.yaml
@@ -0,0 +1,99 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Zaqar services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerZaqarImage:
+ description: image
+ default: 'centos-binary-zaqar:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ZaqarBase:
+ type: ../../puppet/services/zaqar.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Zaqar API role.
+ value:
+ service_name: {get_attr: [ZaqarBase, role_data, service_name]}
+ config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
+ step_config: {get_attr: [ZaqarBase, role_data, step_config]}
+ service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ docker_image: &zaqar_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
+ puppet_tags: zaqar_config
+ config_volume: zaqar
+ config_image: *zaqar_image
+ kolla_config:
+ /var/lib/kolla/config_files/zaqar.json:
+ command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
+ config_files:
+ - dest: /etc/zaqar/zaqar.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
+ /var/lib/kolla/config_files/zaqar_websocket.json:
+ command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
+ config_files:
+ - dest: /etc/zaqar/zaqar.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
+ - dest: /etc/zaqar/1.conf
+ owner: zaqar
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf
+ docker_config:
+ step_4:
+ zaqar:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ zaqar_websocket:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 37612b07..ca3715b4 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -5,6 +5,36 @@ resource_registry:
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+ OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
+ OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
+ OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
+ OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ # FIXME: these need to go into a environments/services-docker dir?
+ OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
+ OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
+ OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+ OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+ OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml
+ OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml
+ OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml
+ OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
+ OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
+ OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
+ OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
+ OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
+ OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::Services: ../docker/services/services.yaml
diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml
index 75959a0b..cc27d4f0 100644
--- a/environments/net-bond-with-vlans-no-external.yaml
+++ b/environments/net-bond-with-vlans-no-external.yaml
@@ -20,7 +20,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-# NOTE: with no external interface we should be able to use the
-# default Neutron l3_agent.ini setting for the external bridge (br-ex)
-# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-bond-with-vlans-v6.yaml b/environments/net-bond-with-vlans-v6.yaml
index 73dda3d9..dc6fdfe3 100644
--- a/environments/net-bond-with-vlans-v6.yaml
+++ b/environments/net-bond-with-vlans-v6.yaml
@@ -12,9 +12,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-v6.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-bond-with-vlans.yaml b/environments/net-bond-with-vlans.yaml
index de8f8f74..38c31cac 100644
--- a/environments/net-bond-with-vlans.yaml
+++ b/environments/net-bond-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-linux-bridge-with-vlans.yaml b/environments/net-single-nic-linux-bridge-with-vlans.yaml
index fd80bb9b..f34cfb92 100644
--- a/environments/net-single-nic-linux-bridge-with-vlans.yaml
+++ b/environments/net-single-nic-linux-bridge-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml
index c7594b32..65d38137 100644
--- a/environments/net-single-nic-with-vlans-no-external.yaml
+++ b/environments/net-single-nic-with-vlans-no-external.yaml
@@ -19,7 +19,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-# NOTE: with no external interface we should be able to use the
-# default Neutron l3_agent.ini setting for the external bridge (br-ex)
-# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans-v6.yaml b/environments/net-single-nic-with-vlans-v6.yaml
index 8210bad3..966e5fe9 100644
--- a/environments/net-single-nic-with-vlans-v6.yaml
+++ b/environments/net-single-nic-with-vlans-v6.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-v6.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-single-nic-with-vlans.yaml b/environments/net-single-nic-with-vlans.yaml
index a61bc6e1..b087b3e4 100644
--- a/environments/net-single-nic-with-vlans.yaml
+++ b/environments/net-single-nic-with-vlans.yaml
@@ -11,9 +11,3 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
-
-parameter_defaults:
- # This sets 'external_network_bridge' in l3_agent.ini to an empty string
- # so that external networks act like provider bridge networks (they
- # will plug into br-int instead of br-ex)
- NeutronExternalNetworkBridge: "''"
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index 796eb806..210b6b03 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -48,8 +48,6 @@ parameter_defaults:
# ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Set to empty string to enable multiple external networks or VLANs
- NeutronExternalNetworkBridge: "''"
# List of Neutron network types for tenant networks (will be used in order)
NeutronNetworkType: 'vxlan,vlan'
# The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml
index d7e0c524..f82bc19f 100644
--- a/firstboot/os-net-config-mappings.yaml
+++ b/firstboot/os-net-config-mappings.yaml
@@ -9,8 +9,28 @@ description: >
nic1: "00:c8:7c:e6:f0:2e"
node2:
nic1: "00:18:7d:99:0c:b6"
- This will result in the first nodeN entry where a mac matches a
- local device being written as a mapping file for os-net-config in
+ node3:
+ dmiString: 'system-uuid'
+ id: 'A8C85861-1B16-4803-8689-AFC62984F8F6'
+ nic1: em3
+ # Dell PowerEdge
+ nodegroup1:
+ dmiString: "system-product-name"
+ id: "PowerEdge R630"
+ nic1: em3
+ nic2: em1
+ nic3: em2
+ # Cisco UCS B200-M4"
+ nodegroup2:
+ dmiString: "system-product-name"
+ id: "UCSB-B200-M4"
+ nic1: enp7s0
+ nic2: enp6s0
+
+ This will result in the first node* entry where either:
+ a) a mac matches a local device
+ or b) a DMI String matches the specified id
+ being written as a mapping file for os-net-config in
/etc/os-net-config/mapping.yaml
parameters:
@@ -47,15 +67,36 @@ resources:
echo '$node_lookup' | python -c "
import json
import sys
+ import copy
+ from subprocess import PIPE, Popen
import yaml
+
+ def write_mapping_file(interface_mapping):
+ with open('/etc/os-net-config/mapping.yaml', 'w') as f:
+ yaml.safe_dump(interface_mapping, f, default_flow_style=False)
+
input = sys.stdin.readline() or '{}'
data = json.loads(input)
for node in data:
+ interface_mapping = {'interface_mapping':
+ copy.deepcopy(data[node])}
+ if 'dmiString' in interface_mapping['interface_mapping']:
+ del interface_mapping['interface_mapping']['dmiString']
+ if 'id' in interface_mapping['interface_mapping']:
+ del interface_mapping['interface_mapping']['id']
+ # Match on mac addresses first
if any(x in '$eth_addr'.split(',') for x in data[node].values()):
- interface_mapping = {'interface_mapping': data[node]}
- with open('/etc/os-net-config/mapping.yaml', 'w') as f:
- yaml.safe_dump(interface_mapping, f, default_flow_style=False)
+ write_mapping_file(interface_mapping)
break
+ # If data contain dmiString and id keys, try to match node(group)
+ if 'dmiString' in data[node] and 'id' in data[node]:
+ ps = Popen([ 'dmidecode',
+ '--string', data[node].get('dmiString') ],
+ stdout=PIPE)
+ out, err = ps.communicate()
+ if data[node].get('id') == out.rstrip():
+ write_mapping_file(interface_mapping)
+ break
"
params:
$node_lookup: {get_param: NetConfigDataLookup}
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 7bd2fcf1..3ae4cc70 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cfn service
tags: step2
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 0954ad19..56183535 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -68,7 +68,7 @@ outputs:
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cloudwatch service
tags: step2
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index ae656b1e..38c5b479 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api service
tags: step2
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index f7ec9a41..7787d0a7 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -138,7 +138,7 @@ outputs:
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_engine service
tags: step2
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index 06927fe0..1d6a2371 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -22,10 +22,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
MonitoringSubscriptionNeutronL3Dvr:
default: 'overcloud-neutron-l3-dvr'
type: string
@@ -35,6 +31,19 @@ parameters:
tag: openstack.neutron.agent.l3-compute
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
+conditions:
+
+ external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
+
resources:
NeutronBase:
@@ -56,7 +65,11 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
- neutron::agents::l3::agent_mode : 'dvr'
+ - neutron::agents::l3::agent_mode : 'dvr'
+ -
+ if:
+ - external_network_bridge_empty
+ - {}
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 69803551..4fa49275 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -21,10 +21,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
@@ -43,6 +39,15 @@ parameters:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
conditions:
external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 9389c801..3ae19a67 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -79,6 +79,10 @@ outputs:
dport:
- 8778
- 13778
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP