aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/scenario001-multinode-containers.yaml3
-rw-r--r--ci/environments/scenario002-multinode-containers.yaml4
-rw-r--r--ci/environments/scenario002-multinode.yaml4
-rw-r--r--ci/environments/scenario007-multinode-containers.yaml3
-rw-r--r--common/deploy-steps-tasks.yaml6
-rw-r--r--common/deploy-steps.j26
-rw-r--r--deployed-server/deployed-server-roles-data.yaml267
-rwxr-xr-xdeployed-server/scripts/enable-ssh-admin.sh33
-rwxr-xr-xdocker/docker-puppet.py12
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml20
-rw-r--r--docker/services/ceph-ansible/ceph-mon.yaml1
-rw-r--r--docker/services/ceph-ansible/ceph-osd.yaml1
-rw-r--r--docker/services/horizon.yaml2
-rw-r--r--docker/services/memcached.yaml16
-rw-r--r--docker/services/swift-storage.yaml5
-rw-r--r--environments/composable-roles/standalone.yaml12
-rw-r--r--environments/docker.yaml2
-rw-r--r--environments/services/heat-api-cloudwatch.yaml2
-rw-r--r--extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration19
-rw-r--r--network/networks.j2.yaml6
-rw-r--r--network/service_net_map.j2.yaml38
-rw-r--r--network_data.yaml1
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml3
-rw-r--r--overcloud.j2.yaml6
-rw-r--r--puppet/all-nodes-config.j2.yaml (renamed from puppet/all-nodes-config.yaml)38
-rw-r--r--puppet/services/disabled/heat-api-cloudwatch-disabled.yaml48
-rw-r--r--puppet/services/memcached.yaml1
-rw-r--r--puppet/services/neutron-lbaas.yaml3
-rw-r--r--puppet/services/rabbitmq.yaml2
-rw-r--r--releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml17
-rw-r--r--releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml15
-rw-r--r--releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml5
-rw-r--r--releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml6
-rw-r--r--releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml7
-rw-r--r--roles/Controller.yaml1
-rw-r--r--roles/ControllerOpenstack.yaml1
-rw-r--r--roles/IronicConductor.yaml1
-rw-r--r--roles_data.yaml1
-rw-r--r--sample-env-generator/composable-roles.yaml25
-rwxr-xr-xtools/yaml-validate.py5
40 files changed, 436 insertions, 212 deletions
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index cbbc521..df12bc5 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -101,7 +101,6 @@ parameter_defaults:
devices:
- /dev/loop3
journal_size: 512
- journal_collocation: true
osd_scenario: collocated
CephAnsibleExtraConfig:
ceph_conf_overrides:
@@ -120,7 +119,7 @@ parameter_defaults:
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
- DockerCephDaemonImage: ceph/daemon:tag-build-ceph-dfg-jewel-centos-7
+ DockerCephDaemonImage: ceph/daemon:tag-stable-3.0-jewel-centos-7
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
index bec5f48..534f829 100644
--- a/ci/environments/scenario002-multinode-containers.yaml
+++ b/ci/environments/scenario002-multinode-containers.yaml
@@ -9,7 +9,6 @@ resource_registry:
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
- OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
@@ -58,7 +57,6 @@ parameter_defaults:
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
@@ -69,5 +67,7 @@ parameter_defaults:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index 6c7f4eb..2f731ce 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -9,7 +9,6 @@ resource_registry:
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
- OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
@@ -63,7 +62,6 @@ parameter_defaults:
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
@@ -86,5 +84,7 @@ parameter_defaults:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml
index bad3e4a..149f2d3 100644
--- a/ci/environments/scenario007-multinode-containers.yaml
+++ b/ci/environments/scenario007-multinode-containers.yaml
@@ -7,6 +7,9 @@ resource_registry:
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 73d3036..785095b 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -4,11 +4,15 @@
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
+ - name: Set host puppet debugging fact string
+ set_fact:
+ host_puppet_config_debug: "--debug --verbose"
+ when: enable_debug|default(false)
- name: Write the config_step hieradata
copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
- name: Run puppet host configuration for step {{step}}
command: >-
- puppet apply
+ puppet apply {{ host_puppet_config_debug|default('') }}
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index a1bd882..5c923a9 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -48,6 +48,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
DockerPuppetDebug:
type: string
default: ''
@@ -85,6 +89,7 @@ resources:
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
+ - name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
config:
@@ -291,6 +296,7 @@ resources:
role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+ enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
{% endfor %}
diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml
index 73dc909..8611940 100644
--- a/deployed-server/deployed-server-roles-data.yaml
+++ b/deployed-server/deployed-server-roles-data.yaml
@@ -24,163 +24,268 @@
- name: ControllerDeployedServer
CountDefault: 1
disable_constraints: True
+ tags:
+ - primary
+ - controller
+ networks:
+ - External
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ - Tenant
+ HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerCollector
+ - OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackendDellPs
+ - OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendDellEMCUnity
+ - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
+ - OS::TripleO::Services::CinderBackendNetApp
+ - OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Clustercheck
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaBackendUnity
+ - OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLbaasv2Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::HAproxy
- - OS::TripleO::Services::Keepalived
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::Pacemaker
- - OS::TripleO::Services::Redis
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::CeilometerApi
- - OS::TripleO::Services::CeilometerCollector
- - OS::TripleO::Services::CeilometerExpirer
- - OS::TripleO::Services::CeilometerAgentCentral
- - OS::TripleO::Services::CeilometerAgentNotification
- - OS::TripleO::Services::Horizon
- - OS::TripleO::Services::GnocchiApi
- - OS::TripleO::Services::GnocchiMetricd
- - OS::TripleO::Services::GnocchiStatsd
- - OS::TripleO::Services::ManilaApi
- - OS::TripleO::Services::ManilaScheduler
- - OS::TripleO::Services::ManilaBackendGeneric
- - OS::TripleO::Services::ManilaBackendIsilon
- - OS::TripleO::Services::ManilaBackendNetapp
- - OS::TripleO::Services::ManilaBackendUnity
- - OS::TripleO::Services::ManilaBackendCephFs
- - OS::TripleO::Services::ManilaBackendVNX
- - OS::TripleO::Services::ManilaBackendVMAX
- - OS::TripleO::Services::ManilaShare
- - OS::TripleO::Services::AodhApi
- - OS::TripleO::Services::AodhEvaluator
- - OS::TripleO::Services::AodhNotifier
- - OS::TripleO::Services::AodhListener
- - OS::TripleO::Services::SaharaApi
- - OS::TripleO::Services::SaharaEngine
- - OS::TripleO::Services::IronicApi
- - OS::TripleO::Services::IronicConductor
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::OpenDaylightApi
- - OS::TripleO::Services::OpenDaylightOvs
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
+ - OS::TripleO::Services::Vpp
- OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::OVNDBs
- name: ComputeDeployedServer
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_constraints: True
+ disable_upgrade_deployment: True
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- - OS::TripleO::Services::Timezone
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::NovaMigrationTarget
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::ComputeNeutronCorePlugin
- - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::NeutronSriovHostConfig
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- name: BlockStorageDeployedServer
disable_constraints: True
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
- name: ObjectStorageDeployedServer
disable_constraints: True
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
- name: CephStorageDeployedServer
disable_constraints: True
+ networks:
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh
index dcabead..daff390 100755
--- a/deployed-server/scripts/enable-ssh-admin.sh
+++ b/deployed-server/scripts/enable-ssh-admin.sh
@@ -10,6 +10,7 @@ SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
# this is the intended variable for overriding
OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
+SHORT_TERM_KEY_COMMENT="TripleO split stack short term key"
SLEEP_TIME=5
function overcloud_ssh_hosts_json {
@@ -22,7 +23,7 @@ print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
function overcloud_ssh_key_json {
# we pass the contents to Mistral instead of just path, otherwise
# the key file would have to be readable for the mistral user
- cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
+ cat "$1" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
}
function workflow_finished {
@@ -30,6 +31,12 @@ function workflow_finished {
openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null
}
+function generate_short_term_keys {
+ local tmpdir=$(mktemp -d)
+ ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null
+ echo "$tmpdir"
+}
+
if [ -z "$OVERCLOUD_HOSTS" ]; then
echo 'Please set $OVERCLOUD_HOSTS'
exit 1
@@ -41,7 +48,20 @@ echo "SSH key file: $OVERCLOUD_SSH_KEY"
echo "Hosts: $OVERCLOUD_HOSTS"
echo
-EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}"
+SHORT_TERM_KEY_DIR=$(generate_short_term_keys)
+SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa"
+SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub"
+SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC)
+
+for HOST in $OVERCLOUD_HOSTS; do
+ echo "Inserting TripleO short term key for $HOST"
+ # prepending an extra newline so that if authorized_keys didn't
+ # end with a newline previously, we don't end up garbling it up
+ ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
+done
+
+echo "Starting ssh admin enablement workflow"
+EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}"
EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
echo "$EXECUTION_CREATE_OUTPUT"
EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
@@ -56,5 +76,14 @@ while ! workflow_finished $EXECUTION_ID; do
sleep $SLEEP_TIME
echo -n .
done
+echo # newline after the previous dots
+
+for HOST in $OVERCLOUD_HOSTS; do
+ echo "Removing TripleO short term key from $HOST"
+ ssh -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys"
+done
+
+echo "Removing short term keys locally"
+rm -r "$SHORT_TERM_KEY_DIR"
echo "Success."
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index cc24703..533ed07 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -90,16 +90,17 @@ def match_config_volume(prefix, config):
config_volume=None
for v in volumes:
if v.startswith(prefix):
- config_volume = os.path.relpath(
- v.split(":")[0], prefix).split("/")[0]
+ config_volume = os.path.dirname(v.split(":")[0])
break
return config_volume
-def get_config_hash(prefix, config_volume):
- hashfile = os.path.join(prefix, "%s.md5sum" % config_volume)
+def get_config_hash(config_volume):
+ hashfile = "%s.md5sum" % config_volume
+ log.debug("Looking for hashfile %s for config_volume %s" % (hashfile, config_volume))
hash_data = None
if os.path.isfile(hashfile):
+ log.debug("Got hashfile %s for config_volume %s" % (hashfile, config_volume))
with open(hashfile) as f:
hash_data = f.read().rstrip()
return hash_data
@@ -248,6 +249,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
# Write a checksum of the config-data dir, this is used as a
# salt to trigger container restart when the config changes
tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
+ tar -c -f - /var/lib/config-data/puppet-generated/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/puppet-generated/${NAME}.md5sum
fi
""")
@@ -371,7 +373,7 @@ for infile in infiles:
for k, v in infile_data.iteritems():
config_volume = match_config_volume(config_volume_prefix, v)
if config_volume:
- config_hash = get_config_hash(config_volume_prefix, config_volume)
+ config_hash = get_config_hash(config_volume)
if config_hash:
env = v.get('environment', [])
env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 8cc81fb..4674ec1 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -73,15 +73,9 @@ parameters:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
- {
- "volumes": {
- "size": 5,
- "pg_num": 128,
- "pgp_num": 128
- }
- }
- default: {}
- type: json
+ [{"name": "volumes", "pg_num": 64, "rule_name": ""}]
+ default: []
+ type: comma_delimited_list
CinderRbdPoolName:
default: volumes
type: string
@@ -225,13 +219,7 @@ outputs:
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
- - repeat:
- template:
- name: <%pool%>
- pg_num: {get_param: CephPoolDefaultPgNum}
- rule_name: ""
- for_each:
- <%pool%>: {get_param: CephPools}
+ - {get_param: CephPools}
openstack_keys: &openstack_keys
- name:
list_join:
diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml
index 45f939c..90b2db3 100644
--- a/docker/services/ceph-ansible/ceph-mon.yaml
+++ b/docker/services/ceph-ansible/ceph-mon.yaml
@@ -83,4 +83,3 @@ outputs:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- monitor_secret: {get_param: CephMonKey}
admin_secret: {get_param: CephAdminKey}
- monitor_interface: br_ex
diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml
index a441f5c..de55924 100644
--- a/docker/services/ceph-ansible/ceph-osd.yaml
+++ b/docker/services/ceph-ansible/ceph-osd.yaml
@@ -37,7 +37,6 @@ parameters:
devices:
- /dev/vdb
journal_size: 512
- journal_collocation: true
osd_scenario: collocated
resources:
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index d6ffb6d..2c7d7a7 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -113,7 +113,7 @@ outputs:
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- - /var/lib/config-data/horizon/etc/:/etc/
+ - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
step_3:
horizon:
image: *horizon_image
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index c78b85a..67b8424 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -80,8 +80,8 @@ outputs:
user: root
volumes:
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- - /var/log/memcached.log:/var/log/memcached.log
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; chown ${USER} /var/log/memcached.log']
+ - /var/log/containers/memcached:/var/log/
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; touch /var/log/memcached.log && chown ${USER} /var/log/memcached.log']
memcached:
start_order: 1
image: *memcached_image
@@ -93,8 +93,16 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- # TODO(bogdando) capture memcached syslog logs from a container
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ - /var/log/containers/memcached:/var/log/
+ # NOTE: We're adding the log redirection here, even though should
+ # already be part of the options. This is because the redirection
+ # via the options is not working and ends up being passed as a
+ # parameter to the memcached command (which it silently ignores).
+ # Thus the need for the explicit redirection here. The redirection
+ # will be removed from the $OPTIONS, which is done via the puppet
+ # module, but we'll only be able to do this once the following pull
+ # request merges: https://github.com/saz/puppet-memcached/pull/88
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index e0c1194..2d7aff6 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -83,7 +83,10 @@ outputs:
logging_source: {get_attr: [SwiftStorageBase, role_data, logging_source]}
logging_groups: {get_attr: [SwiftStorageBase, role_data, logging_groups]}
step_config: &step_config
- get_attr: [SwiftStorageBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [SwiftStorageBase, role_data, step_config]}
+ - "class xinetd() {}"
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml
index 3305c9e..c12d72d 100644
--- a/environments/composable-roles/standalone.yaml
+++ b/environments/composable-roles/standalone.yaml
@@ -30,13 +30,13 @@ parameter_defaults:
# Type: string
ComputeHostnameFormat: '%stackname%-novacompute-%index%'
- # Number of Controller nodes to deploy
+ # Number of ControllerOpenstack nodes
# Type: number
- ControllerCount: 3
+ ControllerOpenstackCount: 3
- # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Format for ControllerOpenstack node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
# Type: string
- ControllerHostnameFormat: '%stackname%-controller-%index%'
+ ControllerOpenstackHostnameFormat: '%stackname%-controller-%index%'
# Number of Database nodes
# Type: number
@@ -66,9 +66,9 @@ parameter_defaults:
# Type: string
OvercloudComputeFlavor: compute
- # Name of the flavor for Controller nodes
+ # Name of the flavor for ControllerOpenstack nodes
# Type: string
- OvercloudControllerFlavor: control
+ OvercloudControllerOpenstackFlavor: control
# Name of the flavor for Database nodes
# Type: string
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 5737992..58691cc 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -58,6 +58,8 @@ resource_registry:
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
#
+ OS::TripleO::Services::SwiftDispersion: OS::Heat::None
+
# If SR-IOV is enabled on the compute nodes, it will need the SR-IOV
# host configuration.
OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None
diff --git a/environments/services/heat-api-cloudwatch.yaml b/environments/services/heat-api-cloudwatch.yaml
new file mode 100644
index 0000000..ce22a91
--- /dev/null
+++ b/environments/services/heat-api-cloudwatch.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/heat-api-cloudwatch.yaml
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index 487857e..c7d0b23 100644
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -186,14 +186,13 @@ function retry() {
set -e
}
-function detect_satellite_version {
- ping_api=$REG_SAT_URL/katello/api/ping
- if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then
- echo Satellite 6 detected at $REG_SAT_URL
- satellite_version=6
+function detect_satellite_server {
+ if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then
+ echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL
+ katello_api_enabled=1
elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
- echo Satellite 5 detected at $REG_SAT_URL
- satellite_version=5
+ echo Satellite 5 with RHN detected at $REG_SAT_URL
+ katello_api_enabled=0
else
echo No Satellite detected at $REG_SAT_URL
exit 1
@@ -231,8 +230,8 @@ case "${REG_METHOD:-}" in
retry subscription-manager $repos
;;
satellite)
- detect_satellite_version
- if [ "$satellite_version" = "6" ]; then
+ detect_satellite_server
+ if [ "$katello_api_enabled" = "1" ]; then
repos="$repos --enable ${satellite_repo}"
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
@@ -248,7 +247,7 @@ case "${REG_METHOD:-}" in
rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true
retry subscription-manager register $opts
retry subscription-manager $repos
- retry yum install -y katello-agent || true # needed for errata reporting to satellite6
+ yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
# https://bugs.launchpad.net/tripleo/+bug/1711435
diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml
index 1a17004..48c509d 100644
--- a/network/networks.j2.yaml
+++ b/network/networks.j2.yaml
@@ -4,7 +4,8 @@ description: Create networks to split out Overcloud traffic
resources:
{%- for network in networks %}
- {{network.name}}Network:
+ {%- set network_name = network.compat_name|default(network.name) %}
+ {{network_name}}Network:
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
@@ -18,8 +19,9 @@ outputs:
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
+ {%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}:
yaql:
- data: {get_attr: [{{network.name}}Network, subnet_cidr]}
+ data: {get_attr: [{{network_name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
{%- endfor %}
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index e19ccd8..dfb0e91 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -103,31 +103,12 @@ parameters:
internal use only, this will be removed in future.
type: json
- InternalApiNetName:
- default: internal_api
- description: The name of the internal_api network.
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
type: string
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the storage_mgmt network.
- type: string
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
-
+{%- endfor %}
parameter_groups:
- label: deprecated
@@ -145,12 +126,9 @@ resources:
- map_replace:
- {get_param: ServiceNetMapDefaults}
- values:
- external: {get_param: ExternalNetName}
- internal_api: {get_param: InternalApiNetName}
- storage: {get_param: StorageNetName}
- storage_mgmt: {get_param: StorageMgmtNetName}
- tenant: {get_param: TenantNetName}
- management: {get_param: ManagementNetName}
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetName}
+{%- endfor %}
- map_replace:
- {get_param: ServiceNetMap}
- keys: {get_param: ServiceNetMapDeprecatedMapping}
diff --git a/network_data.yaml b/network_data.yaml
index 90293ab..bce82cb 100644
--- a/network_data.yaml
+++ b/network_data.yaml
@@ -58,6 +58,7 @@
allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
ipv6_subnet: 'fd00:fd00:fd00:2000::/64'
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
+ compat_name: Internal
- name: Storage
vip: true
name_lower: storage
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index c8bdf9e..3ee7721 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -133,7 +133,7 @@ resource_registry:
OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
+ OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
@@ -258,6 +258,7 @@ resource_registry:
OS::TripleO::Services::IronicApi: OS::Heat::None
OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::IronicInspector: OS::Heat::None
+ OS::TripleO::Services::IronicPxe: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 367ac5b..3506fe8 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -491,8 +491,12 @@ resources:
type: OS::TripleO::Network::Ports::NetIpListMap
properties:
ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]}
-{%- for network in networks if network.enabled|default(true) %}
+{%- for network in networks %}
+ {%- if network.enabled|default(true) %}
{{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]}
+ {%- else %}
+ {{network.name}}IpList: {get_attr: [{{role.name}}, ip_address]}
+ {%- endif %}
{%- endfor %}
EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.j2.yaml
index 37c1d4e..bdd2bcf 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.j2.yaml
@@ -2,14 +2,10 @@ heat_template_version: pike
description: 'All Nodes Config for Puppet'
parameters:
- cloud_name_external:
- type: string
- cloud_name_internal_api:
- type: string
- cloud_name_storage:
- type: string
- cloud_name_storage_mgmt:
+{%- for network in networks if network.vip|default(false) %}
+ cloud_name_{{network.name_lower}}:
type: string
+{%- endfor %}
cloud_name_ctlplane:
type: string
enabled_services:
@@ -70,30 +66,12 @@ parameters:
type: boolean
default: false
- InternalApiNetName:
- default: internal_api
- description: The name of the internal_api network.
- type: string
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the storage_mgmt network.
- type: string
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
type: string
+{%- endfor %}
resources:
diff --git a/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
new file mode 100644
index 0000000..f793571
--- /dev/null
+++ b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
@@ -0,0 +1,48 @@
+heat_template_version: pike
+
+description: >
+ Openstack Heat CloudWatch API service, disabled by default since Pike
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the disabled Heat CloudWatch API
+ value:
+ service_name: heat_api_cloudwatch_disabled
+ upgrade_tasks:
+ - name: Check if heat_api_cloudwatch is deployed
+ command: systemctl is-enabled openstack-heat-api-cloudwatch
+ tags: step1
+ ignore_errors: True
+ register: heat_api_cloudwatch_enabled
+ - name: Stop and disable heat_api_cloudwatch service (pre-upgrade not under httpd)
+ tags: step1
+ when: heat_api_cloudwatch_enabled.rc == 0
+ service: name=openstack-heat-api-cloudwatch state=stopped enabled=no
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index 2bc08fd..30ea4e1 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -54,6 +54,7 @@ outputs:
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::max_memory: {get_param: MemcachedMaxMemory}
+ memcached::verbosity: 'v'
tripleo.memcached.firewall_rules:
'121 memcached':
dport: 11211
diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml
index ec477dd..a2c1a2a 100644
--- a/puppet/services/neutron-lbaas.yaml
+++ b/puppet/services/neutron-lbaas.yaml
@@ -73,3 +73,6 @@ outputs:
service_config_settings:
neutron_api:
neutron::server::service_providers: {get_param: NeutronServiceProviders}
+ horizon:
+ horizon::neutron_options:
+ enable_lb: True
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index a1a6020..879af2a 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -41,7 +41,7 @@ parameters:
RabbitFDLimit:
default: 65536
description: Configures RabbitMQ FD limit
- type: string
+ type: number
RabbitIPv6:
default: false
description: Enable IPv6 in RabbitMQ
diff --git a/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml
new file mode 100644
index 0000000..63e6f21
--- /dev/null
+++ b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml
@@ -0,0 +1,17 @@
+---
+upgrade:
+ - |
+ The format to use for the CephPools parameter needs to be updated into the
+ form expected by ceph-ansible. For example, for a new pool named `mypool`
+ it should change from:
+ { "mypool": { "size": 3, "pg_num": 128, "pgp_num": 128 } }
+ into:
+ [ { "name": "mypool", "pg_num": 128, "rule_name": "" } ]
+ The first is a map where each key is a pool name and its value the pool
+ properties, the second is a list where each item describes all properties
+ of a pool, including its name.
+other:
+ - |
+ With the migration from puppet-ceph to ceph-ansible for the deployment
+ of Ceph, the format of CephPools parameter changes because the two tools
+ use a different format to represent the list of additional pools to create.
diff --git a/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml
new file mode 100644
index 0000000..5c732c0
--- /dev/null
+++ b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml
@@ -0,0 +1,15 @@
+---
+upgrade:
+ - |
+ The Heat API Cloudwatch API is deprecated in Pike and so it removed
+ by default during the Ocata to Pike upgrade. If you wish to keep this
+ service then you should use the environments/heat-api-cloudwatch.yaml
+ environment file in the tripleo-heat-templates during the upgrade (note
+ that this is migrated to running under httpd, if you do decide to keep
+ this service on Pike).
+deprecations:
+ - |
+ The Heat API Cloudwatch API is deprecated in Pike and so it is now not
+ deployed by default. You can override this behaviour with the
+ environments/heat-api-cloudwatch.yaml environment file in the
+ tripleo-heat-templates.
diff --git a/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml
new file mode 100644
index 0000000..c6cb363
--- /dev/null
+++ b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - |
+ Fixes dynamic networks to fallback to ctlplane network when they are
+ disabled.
diff --git a/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml b/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml
deleted file mode 100644
index 2e7e79f..0000000
--- a/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-fixes:
- - |
- Fixes heat resource OS::TripleO::Network::Internal to be renamed back to
- OS::TripleO::Network::InternalApi for backwards compatibility with
- previous versions.
diff --git a/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml
new file mode 100644
index 0000000..58298d3
--- /dev/null
+++ b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - |
+ For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled),
+ the Katello API is available on 8443 port, so the previous API ping didn't work for this case.
+ Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available
+ to tell that Satellite version is 6 or beyond.
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
index 88e4dfe..a6fab55 100644
--- a/roles/Controller.yaml
+++ b/roles/Controller.yaml
@@ -75,6 +75,7 @@
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml
index 2f86d2d..bbc6374 100644
--- a/roles/ControllerOpenstack.yaml
+++ b/roles/ControllerOpenstack.yaml
@@ -58,6 +58,7 @@
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml
index 3d437aa..44d98e3 100644
--- a/roles/IronicConductor.yaml
+++ b/roles/IronicConductor.yaml
@@ -13,6 +13,7 @@
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
diff --git a/roles_data.yaml b/roles_data.yaml
index a1adc5e..4180220 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -78,6 +78,7 @@
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml
index 91d6060..2c929a4 100644
--- a/sample-env-generator/composable-roles.yaml
+++ b/sample-env-generator/composable-roles.yaml
@@ -89,10 +89,8 @@ environments:
files:
overcloud.yaml:
parameters:
- - ControllerHostnameFormat
- ComputeHostnameFormat
- CephStorageHostnameFormat
- - ControllerCount
- ComputeCount
- CephStorageCount
puppet/services/time/ntp.yaml:
@@ -100,19 +98,21 @@ environments:
- NtpServer
sample-env-generator/composable-roles.yaml:
parameters:
+ - ControllerOpenstackHostnameFormat
- DnsServers
+ - ControllerOpenstackCount
- DatabaseCount
- MessagingCount
- NetworkerCount
- - OvercloudControllerFlavor
+ - OvercloudControllerOpenstackFlavor
- OvercloudComputeFlavor
- OvercloudCephStorageFlavor
- OvercloudDatabaseFlavor
- OvercloudMessagingFlavor
- OvercloudNetworkerFlavor
sample_values:
- ControllerCount: 3
- OvercloudControllerFlavor: control
+ ControllerOpenstackCount: 3
+ OvercloudControllerOpenstackFlavor: control
ComputeCount: 1
OvercloudComputeFlavor: compute
CephStorageCount: 1
@@ -135,6 +135,10 @@ parameters:
description: DNS servers to use for the Overcloud
type: comma_delimited_list
# Dynamic vars based on roles
+ ControllerOpenstackCount:
+ default: 0
+ description: Number of ControllerOpenstack nodes
+ type: number
DatabaseCount:
default: 0
description: Number of Database nodes
@@ -147,10 +151,21 @@ parameters:
default: 0
description: Number of Networker nodes
type: number
+ ControllerOpenstackHostnameFormat:
+ type: string
+ description: >
+ Format for ControllerOpenstack node hostnames
+ Note %index% is translated into the index of the node, e.g 0/1/2 etc
+ and %stackname% is replaced with the stack name e.g overcloud
+ default: "%stackname%-controller-%index%"
OvercloudControllerFlavor:
default: control
description: Name of the flavor for Controller nodes
type: string
+ OvercloudControllerOpenstackFlavor:
+ default: control
+ description: Name of the flavor for ControllerOpenstack nodes
+ type: string
OvercloudComputeFlavor:
default: compute
description: Name of the flavor for Compute nodes
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index c322962..76f856d 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -46,7 +46,10 @@ OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
# consistency across files on. This should only contain parameters whose
# definition we cannot change for backwards compatibility reasons. New
# parameters to the templates should not be added to this list.
-PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'],
+PARAMETER_DEFINITION_EXCLUSIONS = {'CephPools': ['description',
+ 'type',
+ 'default'],
+ 'ManagementNetCidr': ['default'],
'ManagementAllocationPools': ['default'],
'ExternalNetCidr': ['default'],
'ExternalAllocationPools': ['default'],