diff options
68 files changed, 1485 insertions, 105 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index fdf2ad63..91daa689 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -312,6 +312,13 @@ topics: Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellemc-unity-config.yaml + title: Cinder Dell EMC Unity backend + description: > + Enables a Cinder Dell EMC Unity backend, + configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 7768c4f0..03baf4aa 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -52,9 +52,7 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages @@ -75,3 +73,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 2b25e58e..f945a021 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -48,9 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute @@ -72,3 +69,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index d8f71414..81301349 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -32,9 +32,6 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL @@ -68,3 +65,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index a3bc8fcf..edc03d6c 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -7,9 +7,9 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ - OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml - OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml - OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml @@ -99,9 +99,19 @@ parameter_defaults: Debug: true #NOTE(gfidente): not great but we need this to deploy on ext4 #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ - ExtraConfig: - ceph::profile::params::osd_max_object_name_len: 256 - ceph::profile::params::osd_max_object_namespace_len: 64 + CephAnsibleDisksConfig: + devices: + - /dev/loop3 + journal_size: 512 + journal_collocation: true + CephAnsibleExtraConfig: + ceph_conf_overrides: + global: + osd_pool_default_size: 1 + osd_pool_default_pg_num: 32 + osd_max_object_name_len: 256 + osd_max_object_namespace_len: 64 + CephAnsibleSkipTags: '' #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for # developer and CI testing only. diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index d300f773..fe06ef66 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -8,7 +8,10 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + # TODO: Zaqar doesn't work when containerized + # https://bugs.launchpad.net/tripleo/+bug/1710959 + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index b36bb97a..8d17c223 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -11,6 +11,7 @@ # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} {% set update_steps_max = 6 -%} +{% set upgrade_steps_max = 6 -%} heat_template_version: pike @@ -337,4 +338,20 @@ outputs: with_sequence: count={{deploy_steps_max-1}} loop_control: loop_var: step + upgrade_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/upgrade_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + upgrade_steps_playbook: | + - hosts: overcloud + tasks: + - include: upgrade_steps_tasks.yaml + with_sequence: count={{upgrade_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh deleted file mode 100755 index af213bbd..00000000 --- a/docker/firstboot/setup_docker_host.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -eux -# This file contains setup steps that can't be or have not yet been moved to -# puppet - -# Disable libvirtd since it conflicts with nova_libvirt container -/usr/bin/systemctl disable libvirtd.service -/usr/bin/systemctl stop libvirtd.service -# Disable virtlogd since it conflicts with nova_virtlogd container -/usr/bin/systemctl disable virtlogd.service -/usr/bin/systemctl stop virtlogd.service diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml deleted file mode 100644 index ddfa8802..00000000 --- a/docker/firstboot/setup_docker_host.yaml +++ /dev/null @@ -1,19 +0,0 @@ -heat_template_version: pike - -resources: - - userdata: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: setup_docker_host} - - setup_docker_host: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: ./setup_docker_host.sh} - -outputs: - OS::stack_id: - value: {get_resource: userdata} diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 52c4a65c..f09e98ce 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackUpdateType: + type: string + description: > + Type of update, to differentiate between UPGRADE and UPDATE cases + when StackAction is UPDATE (both are the same stack action). + constraints: + - allowed_values: ['', 'UPGRADE'] + default: '' CephAnsibleWorkflowName: type: string description: Name of the Mistral workflow to execute @@ -38,10 +46,18 @@ parameters: type: string description: Path to the ceph-ansible playbook to execute default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleUpgradePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute on upgrade + default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} + CephAnsibleSkipTags: + type: string + description: List of ceph-ansible tags to skip + default: 'package-install,with_pkg' CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -78,7 +94,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -88,6 +104,14 @@ parameters: description: default minimum replication for RBD copies type: number default: 3 + ManilaCephFSNativeCephFSAuthId: + default: manila + type: string + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true CephIPv6: default: False type: boolean @@ -101,6 +125,8 @@ conditions: yaql: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') + perform_upgrade: + equals: [{get_param: StackUpdateType}, 'UPGRADE'] resources: DockerImageUrlParts: @@ -146,10 +172,16 @@ outputs: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } input: + ansible_skip_tags: {get_param: CephAnsibleSkipTags} ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} - ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + ceph_ansible_playbook: + if: + - perform_upgrade + - {get_param: CephAnsibleUpgradePlaybook} + - {get_param: CephAnsiblePlaybook} config_settings: ceph_common_ansible_vars: + ireallymeanit: 'yes' fsid: { get_param: CephClusterFSID } docker: true ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} @@ -202,6 +234,16 @@ outputs: GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: ManilaCephFSNativeCephFSAuthId} + key: {get_param: CephManilaClientKey} + mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create" + mds_cap: "allow *" + osd_cap: "allow rw" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..4ef3a669 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,83 @@ +heat_template_version: pike + +description: > + Ceph Metadata service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephMdsKey: + description: The cephx key for the MDS service. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Metadata service. + value: + service_name: ceph_mds + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_mds.firewall_rules: + '112 ceph_mds': + dport: + - '6800-7300' + - ceph_mds_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - cephfs_data: {get_param: ManilaCephFSDataPoolName} + cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName} + cephfs: {get_param: ManilaCephFSNativeShareBackendName} diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 044eb283..df226b15 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -39,10 +39,16 @@ parameters: EnableInternalTLS: type: boolean default: false + GlanceNfsEnabled: + default: false + description: > + When using GlanceBackend 'file', mount NFS share for image storage. + type: boolean conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]} resources: @@ -128,6 +134,11 @@ outputs: - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro + - + if: + - nfs_backend_enabled + - /var/lib/glance:/var/lib/glance + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 19e658cd..2957312b 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -81,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -99,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -106,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-statsd service tags: step2 diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml new file mode 100644 index 00000000..f49fd36b --- /dev/null +++ b/docker/services/logrotate-crond.yaml @@ -0,0 +1,84 @@ +heat_template_version: pike + +description: > + Containerized logrotate with crond for containerized service logs rotation + +parameters: + DockerCrondImage: + description: image + type: string + DockerCrondConfigImage: + description: The container image to use for the crond config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the crond role. + value: + service_name: logrotate_crond + config_settings: {} + step_config: &step_config | + include ::tripleo::profile::base::logging::logrotate + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: crond + step_config: *step_config + config_image: {get_param: DockerCrondConfigImage} + kolla_config: + /var/lib/kolla/config_files/logrotate-crond.json: + command: /usr/sbin/crond -s -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_4: + logrotate_crond: + image: {get_param: DockerCrondImage} + net: none + pid: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/logrotate-crond/:/var/lib/kolla/config_files/src:ro + - /var/log/containers:/var/log/containers + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 7637e6e9..47414083 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -61,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -243,6 +243,19 @@ outputs: file: path: /etc/ceph state: directory + - name: check if libvirt is installed + command: /usr/bin/rpm -q libvirt-daemon + failed_when: false + register: libvirt_installed + - name: make sure libvirt services are disabled + service: + name: "{{ item }}" + state: stopped + enabled: no + with_items: + - libvirtd.service + - virtlogd.socket + when: libvirt_installed.rc == 0 upgrade_tasks: - name: Stop and disable libvirtd service tags: step2 diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index 0a8a74cd..53ae7910 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -4,6 +4,12 @@ description: > OpenStack containerized Nova Metadata service parameters: + DockerNovaMetadataImage: + description: image + type: string + DockerNovaConfigImage: + description: The container image to use for the nova config_volume + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -33,6 +39,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaMetadataBase: type: ../../puppet/services/nova-metadata.yaml properties: @@ -56,9 +65,56 @@ outputs: service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: '' - puppet_tags: '' + config_volume: nova + puppet_tags: nova_config step_config: *step_config - config_image: '' - kolla_config: {} - docker_config: {} + config_image: {get_param: DockerNovaConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova_metadata.json: + command: /usr/bin/nova-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_2: + nova_init_logs: + image: &nova_metadata_image {get_param: DockerNovaMetadataImage} + privileged: false + user: root + volumes: + - /var/log/containers/nova:/var/log/nova + command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_4: + nova_metadata: + start_order: 2 + image: *nova_metadata_image + net: host + user: nova + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaMetadataBase, role_data, metadata_settings] + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_api service + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index c6a80efa..c2117c04 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -76,7 +76,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderBackupImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -102,10 +108,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_backup_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'" + params: + CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage} + CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest + image: {get_param: DockerCinderBackupImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_backup_init_logs: start_order: 0 - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -129,7 +158,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 3c1b7a74..a4f69517 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -69,7 +69,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderVolumeImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -93,10 +99,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_volume_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'" + params: + CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage} + CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest + image: {get_param: DockerCinderVolumeImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_volume_init_logs: start_order: 0 - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -120,7 +149,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 8ba7d723..3de1696d 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -79,7 +79,13 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerMysqlImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 tripleo.mysql.firewall_rules: '104 mysql galera-bundle': @@ -141,7 +147,7 @@ outputs: mysql_data_ownership: start_order: 0 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host user: root # Kolla does only non-recursive chown @@ -151,7 +157,7 @@ outputs: mysql_bootstrap: start_order: 1 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: @@ -196,6 +202,28 @@ outputs: passwords: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_image_tag: + start_order: 2 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'" + params: + MYSQL_IMAGE: {get_param: DockerMysqlImage} + MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest + image: {get_param: DockerMysqlImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: mysql_init_bundle: start_order: 1 @@ -214,7 +242,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' - image: *mysql_image + image: {get_param: DockerMysqlImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 75b6d650..0b8aa046 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -60,7 +60,13 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRedisImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 tripleo.redis.firewall_rules: '108 redis-bundle': @@ -104,6 +110,29 @@ outputs: owner: redis:redis recurse: true docker_config: + step_1: + redis_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'" + params: + REDIS_IMAGE: {get_param: DockerRedisImage} + REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest + image: {get_param: DockerRedisImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: redis_init_bundle: start_order: 2 diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 5ba54f85..2e5c7424 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -92,6 +92,13 @@ outputs: tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory} # disable the use CRL file until we can restart the container when the file expires tripleo::haproxy::crl_file: null + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerHAProxyImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -142,6 +149,30 @@ outputs: perm: '0600' optional: true docker_config: + step_1: + haproxy_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'" + params: + HAPROXY_IMAGE: {get_param: DockerHAProxyImage} + HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest + image: {get_param: DockerHAProxyImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + image: {get_param: DockerHAProxyImage} step_2: haproxy_init_bundle: start_order: 3 @@ -165,7 +196,7 @@ outputs: - ';' - - 'include ::tripleo::profile::base::pacemaker' - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - image: *haproxy_image + image: {get_param: DockerHAProxyImage} volumes: list_concat: - *deployed_cert_mount diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..c88737aa --- /dev/null +++ b/docker/services/pacemaker/manila-share.yaml @@ -0,0 +1,171 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerManilaShareImage: + description: image + type: string + DockerManilaConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + + ManilaBase: + type: ../../../puppet/services/pacemaker/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerManilaShareImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' + manila::share::manage_service: false + manila::share::enabled: false + manila::host: hostgroup + step_config: "" + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config,file,concat,file_line + step_config: + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerManilaConfigImage} + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_1: + manila_share_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'" + params: + MANILASHARE_IMAGE: {get_param: DockerManilaShareImage} + MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + step_3: + manila_share_init_logs: + start_order: 0 + image: {get_param: DockerManilaShareImage} + privileged: false + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila'] + step_5: + manila_share_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle' + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/manila + - /var/lib/manila + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index de53ceee..ba1abaf9 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -62,7 +62,13 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.rabbitmq.firewall_rules: '109 rabbitmq-bundle': @@ -92,6 +98,11 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,13 +110,21 @@ outputs: - path: /var/log/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true # When using pacemaker we don't launch the container, instead that is done by pacemaker # itself. docker_config: step_1: rabbitmq_bootstrap: start_order: 0 - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} net: host privileged: false volumes: @@ -128,6 +147,28 @@ outputs: passwords: - {get_param: RabbitCookie} - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: rabbitmq_init_bundle: start_order: 0 @@ -146,7 +187,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -164,6 +205,8 @@ outputs: echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 418c60d2..add78879 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -40,6 +40,18 @@ parameters: type: string default: '' hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -66,6 +78,10 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} step_config: &step_config list_join: - "\n" @@ -85,10 +101,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -115,6 +142,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -143,6 +181,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -155,6 +204,8 @@ outputs: volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/environments/ceph-ansible/ceph-mds.yaml b/environments/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..0834269c --- /dev/null +++ b/environments/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml diff --git a/environments/cinder-dellemc-unity-config.yaml b/environments/cinder-dellemc-unity-config.yaml new file mode 100644 index 00000000..c67c91cb --- /dev/null +++ b/environments/cinder-dellemc-unity-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC Unity backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCUnity: ../puppet/services/cinder-backend-dellemc-unity.yaml + +parameter_defaults: + CinderEnableDellEMCUnityBackend: true + CinderDellEMCUnityBackendName: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: '' + CinderDellEMCUnitySanLogin: 'Admin' + CinderDellEMCUnitySanPassword: '' + CinderDellEMCUnityStorageProtocol: 'iSCSI' + CinderDellEMCUnityIoPorts: '' + CinderDellEMCUnityStoragePoolNames: '' diff --git a/environments/composable-roles/monolithic-ha.yaml b/environments/composable-roles/monolithic-ha.yaml new file mode 100644 index 00000000..a1dcd7bf --- /dev/null +++ b/environments/composable-roles/monolithic-ha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an HA configuration with SSL everywhere and network +# isolation. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 3 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/monolithic-nonha.yaml b/environments/composable-roles/monolithic-nonha.yaml new file mode 100644 index 00000000..f49ddf2a --- /dev/null +++ b/environments/composable-roles/monolithic-nonha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller Non-HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an Non-HA configuration with SSL undercloud only and a +# flat network. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 1 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml new file mode 100644 index 00000000..3305c9ed --- /dev/null +++ b/environments/composable-roles/standalone.yaml @@ -0,0 +1,84 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Controller HA deployment with standalone Database, Messaging and Networker nodes. +# description: | +# A Heat environment that can be used to deploy controller, database, +# messaging, networker and compute services in an HA configuration with SSL +# everywhere and network isolation. +# This should be used with a roles_data.yaml containing the +# ControllerOpenstack, Database, Messaging, Networker, Compute and +# CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # Number of Database nodes + # Type: number + DatabaseCount: 3 + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # Number of Messaging nodes + # Type: number + MessagingCount: 3 + + # Number of Networker nodes + # Type: number + NetworkerCount: 2 + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + + # Name of the flavor for Database nodes + # Type: string + OvercloudDatabaseFlavor: db + + # Name of the flavor for Messaging nodes + # Type: string + OvercloudMessagingFlavor: messaging + + # Name of the flavor for Networker nodes + # Type: string + OvercloudNetworkerFlavor: networker + diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index eae809a5..dd1c5455 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder @@ -122,6 +123,7 @@ - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute @@ -149,6 +151,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd @@ -165,6 +168,7 @@ - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp @@ -184,6 +188,7 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone @@ -203,6 +208,7 @@ - OS::TripleO::Services::ContrailWebUI - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -217,6 +223,7 @@ - OS::TripleO::Services::ContrailAnalytics - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -230,6 +237,7 @@ - OS::TripleO::Services::ContrailAnalyticsDatabase - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -243,6 +251,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -256,6 +265,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 2c93b210..19a43623 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -1,11 +1,6 @@ # This environment contains the services that can work with TLS-everywhere. resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml OS::TripleO::Services::Docker: ../puppet/services/docker.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -26,7 +21,7 @@ resource_registry: OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml - OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml @@ -36,6 +31,13 @@ resource_registry: OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml + OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml + OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml + OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml + OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml @@ -43,3 +45,4 @@ resource_registry: OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 9b977f6e..dfa30b08 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,10 +1,4 @@ resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -22,6 +16,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml @@ -56,6 +51,7 @@ resource_registry: OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed. # OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 834c4f10..81044170 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml index f1c9d516..0f2d0396 100644 --- a/environments/storage/external-ceph.yaml +++ b/environments/storage/external-ceph.yaml @@ -13,7 +13,7 @@ parameter_defaults: # Type: string CephAdminKey: '' - # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. # Mandatory. This parameter must be set by the user. # Type: string CephClientKey: <None> diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index d14ed73f..487857ef 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -235,11 +235,25 @@ case "${REG_METHOD:-}" in if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # Delete the /etc/rhsm/facts directory entirely so that the + # %post script from katello-ca-consumer does not override the + # hostname with $(hostname -f) if there is no fqdn set + fqdn=$(hostname -f) + if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then + rm -rf /etc/rhsm/facts + fi + rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # recreate the facts dir just in case we rm'd it earlier + mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2a9f9d76..0f0e9ceb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -195,6 +195,7 @@ resource_registry: OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml + OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml @@ -263,6 +264,7 @@ resource_registry: OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None + OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml new file mode 100644 index 00000000..c8b8bd8f --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-unity.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC Unity backend + +parameters: + CinderEnableDellEMCUnityBackend: + type: boolean + default: true + CinderDellEMCUnityBackendName: + type: string + default: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: + type: string + CinderDellEMCUnitySanLogin: + type: string + default: 'Admin' + CinderDellEMCUnitySanPassword: + type: string + hidden: true + CinderDellEMCUnityStorageProtocol: + type: string + default: 'iSCSI' + CinderDellEMCUnityIoPorts: + type: string + default: '' + CinderDellEMCUnityStoragePoolNames: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellemc_unity + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend} + cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName} + cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp} + cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin} + cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword} + cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol} + cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts} + cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 36866a3a..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 04936c33..df9e88fb 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -162,7 +162,7 @@ outputs: dport: - 16514 - '49152-49215' - - '5900-5999' + - '5900-6923' - if: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index a1134f3e..f4675875 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,11 +66,17 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: Sync cinder DB + - name: get bootstrap nodeid tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable + command: hiera bootstrap_nodeid + register: bootstrap_node + - block: + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable + when: bootstrap_node.stdout == ansible_hostname diff --git a/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml new file mode 100644 index 00000000..f2edb9f7 --- /dev/null +++ b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC Unity cinder driver diff --git a/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml new file mode 100644 index 00000000..04b21fba --- /dev/null +++ b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Workaround systems getting registered as "localhost" during + RHEL registration if they don't have a fqdn set by first + rm'ing the /etc/rhsm/facts directory. When the directory does not + exist, the katello-rshm-consumer which runs when installing + the katello-ca-consumer will not set the hostname.override fact to + "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 939b263c..9d46018a 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b3' +release = '7.0.0.0rc1' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index e4fdfa44..9d1bef08 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -21,6 +21,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index f3978c5b..8e62e8e7 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ce5ab742..9d2c8189 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -44,6 +44,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 0e8a90b7..0216b04a 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -35,6 +35,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index 7c3cd218..9b94710d 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 224d1356..93a58df7 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -44,6 +44,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -108,6 +109,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 10d76dd7..fdbec599 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI @@ -79,6 +80,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/Database.yaml b/roles/Database.yaml index e101fd4f..ffeada05 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -10,12 +10,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index ae848bc8..d5d8ddd7 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -8,12 +8,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index 47e0f920..cd6071c4 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -10,10 +10,12 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SensuClient diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 311e0a7d..1bf58031 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -11,6 +11,7 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel @@ -29,6 +30,7 @@ - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::PacemakerRemote - OS::TripleO::Services::SensuClient diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index ad372be6..e2eacd9e 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -26,6 +26,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index b1c73798..7bc93a40 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -12,10 +12,12 @@ - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhListener - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CACerts - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd @@ -23,6 +25,7 @@ - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Redis diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index a408a21b..a78ba398 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -39,6 +39,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/roles_data.yaml b/roles_data.yaml index 8f670994..7799fdae 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -47,6 +47,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -111,6 +112,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping @@ -185,6 +187,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient @@ -219,6 +222,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -255,6 +259,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -285,6 +290,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d61d1a2f..4628665b 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -42,6 +42,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml new file mode 100644 index 00000000..91d6060f --- /dev/null +++ b/sample-env-generator/composable-roles.yaml @@ -0,0 +1,174 @@ +# +# This environment generator is used to generate some sample composable role +# environment files. +# +environments: + - + name: composable-roles/monolithic-nonha + title: Monolithic Controller Non-HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an Non-HA configuration with SSL undercloud only and a + flat network. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 1 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/monolithic-ha + title: Monolithic Controller HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an HA configuration with SSL everywhere and network + isolation. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 3 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/standalone + title: Controller HA deployment with standalone Database, Messaging and Networker nodes. + description: | + A Heat environment that can be used to deploy controller, database, + messaging, networker and compute services in an HA configuration with SSL + everywhere and network isolation. + This should be used with a roles_data.yaml containing the + ControllerOpenstack, Database, Messaging, Networker, Compute and + CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - DatabaseCount + - MessagingCount + - NetworkerCount + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + - OvercloudDatabaseFlavor + - OvercloudMessagingFlavor + - OvercloudNetworkerFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + DatabaseCount: 3 + OvercloudDatabaseFlavor: db + MessagingCount: 3 + OvercloudMessagingFlavor: messaging + NetworkerCount: 2 + OvercloudNetworkerFlavor: networker + + +# NOTE(aschultz): So because these are dynamic based on the roles used, we +# do not currently define these in any heat files. So we're defining them here +# so that the sample env generator can still provide these configuration items +# in the generated config files. +parameters: + DnsServers: + default: ['8.8.8.8', '8,8.4.4'] + description: DNS servers to use for the Overcloud + type: comma_delimited_list + # Dynamic vars based on roles + DatabaseCount: + default: 0 + description: Number of Database nodes + type: number + MessagingCount: + default: 0 + description: Number of Messaging nodes + type: number + NetworkerCount: + default: 0 + description: Number of Networker nodes + type: number + OvercloudControllerFlavor: + default: control + description: Name of the flavor for Controller nodes + type: string + OvercloudComputeFlavor: + default: compute + description: Name of the flavor for Compute nodes + type: string + OvercloudCephStorageFlavor: + default: compute + description: Name of the flavor for Ceph nodes + type: string + OvercloudDatabaseFlavor: + default: database + description: Name of the flavor for Database nodes + type: string + OvercloudMessagingFlavor: + default: messaging + description: Name of the flavor for Messaging nodes + type: string + OvercloudNetworkerFlavor: + default: networker + description: Name of the flavor for Networker nodes + type: string + |