diff options
130 files changed, 1232 insertions, 566 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index decac6bb..fdf2ad63 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -10,13 +10,13 @@ # environment_groups: (required) # environment_groups: -# Identifies an environment choice. If group includes multiple environments it -# indicates that environments in group are mutually exclusive. +# Identifies a group of environments. # Attributes: # title: (optional) # description: (optional) # tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) +# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive # environments: # List of environments in environment group @@ -25,149 +25,37 @@ # title: (required) # description: (optional) # requires: an array of environments which are required by this environment (optional) -# resource_registry: [tbd] (optional) - -# resource_registry: -# [tbd] Each environment can provide options on resource_registry level applicable -# only when that given environment is used. (resource_type of that environment can -# be implemented using multiple templates). topics: - - title: Base Resources Configuration + - title: General Deployment Options description: environment_groups: - - title: - description: Enable base configuration for all resources required for OpenStack Deployment + - name: general-deployment-options + title: + description: Enables base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml title: Base resources configuration description: - - - title: Deployment Options - description: - environment_groups: - - title: High Availability - description: Enables configuration of an Overcloud controller with Pacemaker - environments: - - file: environments/puppet-pacemaker.yaml - title: Pacemaker - description: Enable configuration of an Overcloud controller with Pacemaker - requires: - - overcloud-resource-registry-puppet.yaml - - title: Pacemaker options - description: - environments: - - file: environments/puppet-pacemaker-no-restart.yaml - title: Pacemaker No Restart - description: - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Docker RDO + - title: Containerized Deployment description: > - Docker container with heat agents for containerized compute node + Configures Deployment to use containerized services environments: - file: environments/docker.yaml - title: Docker RDO + title: Containerized Deployment description: requires: - overcloud-resource-registry-puppet.yaml - - title: Enable TLS - description: > - environments: - - file: environments/enable-tls.yaml - title: TLS - description: > - Use this option to pass in certificates for SSL deployments. - For these values to take effect, one of the TLS endpoints - environments must also be used. - requires: - - overcloud-resource-registry-puppet.yaml - - title: TLS Endpoints - description: > - environments: - - file: environments/tls-endpoints-public-dns.yaml - title: SSL-enabled deployment with DNS name as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is a DNS name. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - file: environments/tls-endpoints-public-ip.yaml - title: SSL-enabled deployment with IP address as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is an IP address. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - title: External load balancer - description: > - Enable external load balancer - environments: - - file: environments/external-loadbalancer-vip-v6.yaml - title: External load balancer IPv6 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - file: environments/external-loadbalancer-vip.yaml - title: External load balancer IPv4 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - - title: Additional Services - description: Deploy additional Overcloud services - environment_groups: - - title: Manila - description: - environments: - - file: environments/manila-generic-config.yaml - title: Manila - description: Enable Manila generic driver backend - requires: - - overcloud-resource-registry-puppet.yaml - - title: Sahara - description: - environments: - - file: environments/services/sahara.yaml - title: Sahara - description: Deploy Sahara service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ironic - description: - environments: - - file: environments/services/ironic.yaml - title: Ironic - description: Deploy Ironic service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Mistral - description: - environments: - - file: environments/services/mistral.yaml - title: Mistral - description: Deploy Mistral service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ceilometer Api - description: + - title: High Availability + description: Enables configuration of an Overcloud Controller with Pacemaker environments: - - file: environments/services/disable-ceilometer-api.yaml - title: Ceilometer Api - description: Disable Ceilometer Api service. This service is - deprecated and will be removed in future releases. Please move - to using gnocchi/aodh/panko apis instead. + - file: environments/puppet-pacemaker.yaml + title: High Availability (Pacemaker) + description: requires: - overcloud-resource-registry-puppet.yaml - # - title: Network Interface Configuration - # description: - # environment_groups: - - - title: Overlay Network Configuration + - title: Network Configuration description: environment_groups: - title: Network Isolation @@ -189,10 +77,12 @@ topics: to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single NIC or Bonding + mutually_exclusive: true + - title: NICs, Bonding, VLANs Configuration description: > - Configure roles to use pair of bonded nics or to use Vlans on a - single nic. This option assumes use of Network Isolation. + Choose one of the pre-defined configurations or provide custom + network-environment.yaml instead. Note that pre-defined configuration work + only with standard Roles and Networks. These options assume use of Network Isolation. environments: - file: environments/net-bond-with-vlans.yaml title: Bond with Vlans @@ -202,7 +92,6 @@ topics: for each role. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-no-external.yaml title: Bond with Vlans No External Ports description: > @@ -212,7 +101,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-v6.yaml title: Bond with Vlans IPv6 description: > @@ -222,7 +110,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics.yaml title: Multiple NICs description: > @@ -231,7 +118,6 @@ topics: This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics-v6.yaml title: Multiple NICs IPv6 description: > @@ -240,7 +126,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml title: Single NIC with Vlans description: > @@ -248,7 +133,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-no-external.yaml title: Single NIC with Vlans No External Ports description: > @@ -257,7 +141,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-linux-bridge-with-vlans.yaml title: Single NIC with Linux Bridge Vlans description: > @@ -265,7 +148,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-v6.yaml title: Single NIC with Vlans IPv6 description: > @@ -274,7 +156,7 @@ topics: This option assumes use of Network Isolation IPv6 requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true - title: Management Network description: > Enable the creation of a system management network. This @@ -292,6 +174,35 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + + - title: Docker Network + description: > + [Temporary] Use this option when deploying containerized deployment + without network isolation + environments: + - file: environments/docker-network.yaml + title: Docker network + description: + requires: + - environments/docker.yaml + + - title: External load balancer + description: > + Enable external load balancer, requires network Isolation to be enabled. + Note that this option assumes standard isolated networks set. + environments: + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - environments/network-isolation.yaml + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - environments/network-isolation-v6.yaml + mutually_exclusive: true - title: Neutron Plugin Configuration description: @@ -327,8 +238,8 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/neutron-midonet.yaml - title: Deploy MidoNet Services + - file: environments/networking/neutron-midonet.yaml + title: Neutron MidoNet Services description: requires: - overcloud-resource-registry-puppet.yaml @@ -378,34 +289,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - - title: Nova Extensions - description: - environment_groups: - - title: Nova Extensions - description: - environments: - - file: environments/nova-nuage-config.yaml - title: Nuage backend - description: > - Enables Nuage backend on the Compute - requires: - - overcloud-resource-registry-puppet.yaml - - title: Storage description: environment_groups: - - title: Cinder backup service - description: - environments: - - file: environments/cinder-backup.yaml - title: Cinder backup service - description: > - OpenStack Cinder Backup service with Pacemaker configured - with Puppet - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Cinder backend + - title: Cinder backends description: > Enable various Cinder backends environments: @@ -414,7 +301,7 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-netapp-config.yaml + - file: environments/storage/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: @@ -422,22 +309,19 @@ topics: - file: environments/cinder-dellsc-config.yaml title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell EMC Storage Center ISCSI backend, - configured via puppet + Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > - Enables a Cinder HPELeftHandISCSI backend, configured - via puppet + Enables a Cinder HPELeftHandISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellps-config.yaml title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder Dell EMC PS Series backend, - configured via puppet + Enables a Cinder Dell EMC PS Series backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml @@ -447,8 +331,7 @@ topics: - file: environments/cinder-scaleio-config.yaml title: Cinder Dell EMC ScaleIO backend description: > - Enables a Cinder Dell EMC ScaleIO backend, - configured via puppet + Enables a Cinder Dell EMC ScaleIO backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-veritas-hyperscale-config.yaml @@ -458,106 +341,199 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph - description: > - Enable the use of Ceph in the overcloud + - title: Cinder backup service + description: environments: - - file: environments/puppet-ceph-external.yaml - title: Externally managed Ceph + - file: environments/cinder-backup.yaml + title: Cinder backup service description: > - Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + OpenStack Cinder Backup service with Pacemaker requires: + - environments/puppet-pacemaker.yaml - overcloud-resource-registry-puppet.yaml + - title: Ceph + description: > + Enable the use of Ceph in the overcloud + environments: - file: environments/puppet-ceph.yaml - title: TripleO managed Ceph + title: Ceph Storage Backend description: > Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: CephMDS - description: > - Deploys CephMDS via TripleO, an additional Ceph service needed to create shared - filesystems hosted in Ceph. + - file: environments/storage/external-ceph.yaml + title: Externally managed Ceph + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + - title: Additional Ceph Options + description: environments: - file: environments/services/ceph-mds.yaml title: Deploys CephMDS - description: + description: > + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. requires: - environments/puppet-ceph.yaml - - title: Ceph Rados Gateway - description: > - Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API - which stores data in the Ceph cluster. - environments: - file: environments/ceph-radosgw.yaml - title: Deploys CephRGW - description: + title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. requires: - environments/puppet-ceph.yaml - - title: Manila with CephFS - description: > - Deploys Manila and configures it with the CephFS driver. This requires the deployment of - Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. - environments: - file: environments/manila-cephfsnative-config.yaml - title: Deploys Manila with CephFS driver - description: Deploys Manila and configures CephFS as its default backend. + title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. requires: - overcloud-resource-registry-puppet.yaml - - title: Storage Environment - description: > - Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It - configures which services will use Ceph, or if any of the services - will use NFS. And more. Usually requires to be edited by user first. - tags: - - no-gui + - title: Glance backends + description: environments: - - file: environments/storage-environment.yaml - title: Storage Environment - description: + - file: environments/storage/glance-nfs.yaml + title: Glance NFS Backend + description: | + Configure and enable this option to enable the use of an NFS + share as the backend for Glance. requires: - overcloud-resource-registry-puppet.yaml - - title: Utilities - description: + + - title: Security + description: Security Hardening Options environment_groups: - - title: Config Debug - description: Enable config management (e.g. Puppet) debugging + - title: TLS + description: environments: - - file: environments/config-debug.yaml - title: Config Debug + - file: environments/ssl/enable-tls.yaml + title: SSL on OpenStack Public Endpoints + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + options must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: + environments: + - file: environments/ssl/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-everywhere-endpoints-dns.yaml + title: Deploy All SSL Endpoints as DNS names + description: > + Use this option when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/ssl/enable-tls.yaml + mutually_exclusive: true + - title: SSH Banner Text + description: Enables population of SSH Banner Text + environments: + - file: environments/sshd-banner.yaml + title: SSH Banner Text description: requires: - overcloud-resource-registry-puppet.yaml - - title: Disable journal in MongoDb - description: > - Since, when journaling is enabled, MongoDb will create big journal - file it can take time. In a CI environment for example journaling is - not necessary. + - title: Horizon Password Validation + description: Enable Horizon Password validation environments: - - file: environments/mongodb-nojournal.yaml - title: Disable journal in MongoDb + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation description: requires: - overcloud-resource-registry-puppet.yaml - - title: Overcloud Steps - description: > - Specifies hooks/breakpoints where overcloud deployment should stop - Allows operator validation between steps, and/or more granular control. - Note: the wildcards relate to naming convention for some resource suffixes, - e.g see puppet/*-post.yaml, enabling this will mean we wait for - a user signal on every *Deployment_StepN resource defined in those files. - tags: - - no-gui + - title: AuditD Rules + description: Management of AuditD rules environments: - - file: environments/overcloud-steps.yaml - title: Overcloud Steps + - file: environments/auditd.yaml + title: AuditD Rule Management description: requires: - overcloud-resource-registry-puppet.yaml + - title: Keystone CADF auditing + description: Enable CADF notifications in Keystone for auditing + environments: + - file: environments/cadf.yaml + title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values + + - title: Additional Services + description: + environment_groups: + - title: + description: Deploy additional services + environments: + - file: environments/services/manila-generic-config.yaml + title: Barbican + description: Enable Barbican with the default secret store backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila with generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ec2-api.yaml + title: EC2 API + description: Enable EC2-API service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/zaqar.yaml + title: Zaqar + description: Deploy Zaqar service + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -566,7 +542,7 @@ topics: description: Enable monitoring agents environments: - file: environments/monitoring-environment.yaml - title: Enable monitoring agents + title: Monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml @@ -574,7 +550,7 @@ topics: description: Enable centralized logging clients (fluentd) environments: - file: environments/logging-environment.yaml - title: Enable fluentd client + title: fluentd client description: requires: - overcloud-resource-registry-puppet.yaml @@ -582,45 +558,45 @@ topics: description: Enable performance monitoring agents environments: - file: environments/collectd-environment.yaml - title: Enable performance monitoring agents + title: Performance monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml - - title: Security Options - description: Security Hardening Options + - title: Utilities + description: environment_groups: - - title: SSH Banner Text - description: Enables population of SSH Banner Text + - title: Config Debug + description: Enable config management (e.g. Puppet) debugging environments: - - file: environments/sshd-banner.yaml - title: SSH Banner Text + - file: environments/config-debug.yaml + title: Config Debug description: requires: - overcloud-resource-registry-puppet.yaml - - title: Horizon Password Validation - description: Enable Horizon Password validation + - title: Disable journal in MongoDb + description: > + Since, when journaling is enabled, MongoDb will create big journal + file it can take time. In a CI environment for example journaling is + not necessary. environments: - - file: environments/horizon_password_validation.yaml - title: Horizon Password Validation + - file: environments/mongodb-nojournal.yaml + title: Disable journal in MongoDb description: requires: - overcloud-resource-registry-puppet.yaml - - title: AuditD Rules - description: Management of AuditD rules + - title: Overcloud Steps + description: > + Specifies hooks/breakpoints where overcloud deployment should stop + Allows operator validation between steps, and/or more granular control. + Note: the wildcards relate to naming convention for some resource suffixes, + e.g see puppet/*-post.yaml, enabling this will mean we wait for + a user signal on every *Deployment_StepN resource defined in those files. + tags: + - no-gui environments: - - file: environments/auditd.yaml - title: AuditD Rule Management + - file: environments/overcloud-steps.yaml + title: Overcloud Steps description: requires: - overcloud-resource-registry-puppet.yaml - - title: Keystone CADF auditing - description: Enable CADF notifications in Keystone for auditing - environments: - - file: environments/cadf.yaml - title: Keystone CADF auditing - - title: SecureTTY Values - description: Set values within /etc/securetty - environments: - - file: environments/securetty.yaml - title: SecureTTY Values diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml index 6db00ef1..dd73f476 100644 --- a/ci/environments/scenario007-multinode.yaml +++ b/ci/environments/scenario007-multinode.yaml @@ -16,7 +16,8 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml parameter_defaults: @@ -34,7 +35,7 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::OVNController - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/common/services.yaml b/common/services.yaml index 350026cc..0bc3462f 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -35,7 +35,7 @@ parameters: description: Role name on which the service is applied type: string RoleParameters: - description: Role Specific parameters to be provided to service + description: Parameters specific to the role default: {} type: json diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 16deb7d6..d116e7c6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -9,6 +9,7 @@ parameters: key_name: type: string default: unused + description: Name of keypair to assign to servers security_groups: type: json default: [] diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index cd7d5b55..b884e0e7 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -10,7 +10,7 @@ command: >- puppet apply --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - --logdest syslog --color=false + --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp changed_when: false check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 36c63887..fadd12d3 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -211,7 +211,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume sync FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \ - --color=false --logdest syslog $TAGS /etc/config.pp + --color=false --logdest syslog --logdest console $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 70b43eb1..8afb6d28 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -68,7 +71,10 @@ outputs: - get_attr: [AodhApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [AodhApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index f75c57b3..86bdfdf9 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhEvaluatorBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhEvaluatorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhEvaluatorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 9db2ffbe..3f986ab2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhListenerBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhListenerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhListenerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index c16c0161..852120c9 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhNotifierBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhNotifierBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhNotifierBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 7804fdb2..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-api.yaml properties: @@ -66,7 +69,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -154,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: @@ -166,6 +173,8 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [CinderBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index de637f3b..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-backup.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -114,7 +120,6 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 1bae005c..1ac31874 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-scheduler.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index ce81fbf8..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-volume.yaml properties: @@ -75,6 +78,7 @@ outputs: - "\n" - - "include ::tripleo::profile::base::lvm" - get_attr: [CinderBase, role_data, step_config] + - get_attr: [MySQLClient, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -125,7 +129,6 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index e49682f9..08170cef 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CongressBase: type: ../../puppet/services/congress.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CongressBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml deleted file mode 100644 index d45d58e1..00000000 --- a/docker/services/database/mysql-client.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: pike - -description: > - Configuration for containerized MySQL clients - -parameters: - DockerMysqlClientConfigImage: - description: The container image to use for the mysql_client config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - InternalTLSCAFile: - default: '/etc/ipa/ca.crt' - type: string - description: Specifies the default CA cert to use if TLS is used for - services in the internal network. - -outputs: - role_data: - description: Role for setting mysql client parameters - value: - service_name: mysql_client - config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} - tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} - # BEGIN DOCKER SETTINGS # - step_config: "" - puppet_config: - config_volume: mysql_client - puppet_tags: file # set this even though file is the default - step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: {get_param: DockerMysqlClientConfigImage} - # no need for a docker config, this service only generates configuration files - docker_config: {} diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index 9f1ecbc1..1d4ddd38 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + Ec2ApiPuppetBase: type: ../../puppet/services/ec2-api.yaml properties: @@ -58,7 +61,10 @@ outputs: service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [Ec2ApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index f4c724b0..044eb283 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -70,7 +73,10 @@ outputs: - get_attr: [GlanceApiPuppetBase, role_data, config_settings] - glance::api::sync_db: false step_config: &step_config - get_attr: [GlanceApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6778543b..5a6958a0 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiMetricdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiMetricdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 00d218d2..19e658cd 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiStatsdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiStatsdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index f080dcb2..2f0584ea 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -85,6 +85,7 @@ outputs: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false + tripleo::haproxy::haproxy_service_manage: false step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -92,7 +93,8 @@ outputs: puppet_config: config_volume: haproxy puppet_tags: haproxy_config - step_config: *step_config + step_config: + "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: @@ -110,10 +112,44 @@ outputs: preserve_properties: true docker_config: step_1: + haproxy_firewall: + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: *step_config + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: image: {get_param: DockerHAProxyImage} net: host - privileged: false restart: always volumes: list_concat: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 0bc331ca..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 789f3f9d..a20dc131 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -63,7 +66,10 @@ outputs: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [HeatBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [HeatBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 90978f3e..2a9735b5 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [IronicApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [IronicApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 6368bd23..37f4d46e 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -69,7 +72,10 @@ outputs: - ironic::pxe::http_root: /var/lib/ironic/httpboot - ironic::conductor::http_root: /var/lib/ironic/httpboot step_config: &step_config - get_attr: [IronicConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index f6b348c7..80519800 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -118,4 +118,3 @@ outputs: tags: step2 service: name=iscsid.socket state=stopped enabled=no when: stat_iscsid_socket.stat.exists - metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 7ecfc329..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -55,6 +55,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -83,6 +86,7 @@ outputs: - "\n" - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" - {get_attr: [KeystoneBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -99,7 +103,9 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/keystone_cron.json: - command: /usr/sbin/cron -n + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -164,9 +170,11 @@ outputs: keystone_cron: start_order: 4 image: *keystone_image + user: root net: host privileged: false restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index c33f4094..7b2dbfaf 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index 730d33f6..7b5dfec3 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaSchedulerPuppetBase: type: ../../puppet/services/manila-scheduler.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index b4278155..332ba864 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaBase: type: ../../puppet/services/manila-share.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [ManilaBase, role_data, service_name]} config_settings: {get_attr: [ManilaBase, role_data, config_settings]} step_config: &step_config - get_attr: [ManilaBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 73db3742..38b97aef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [MistralApiBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 4c6b300d..2b498be3 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index ea54c574..e106fe47 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index a0c02f30..fc749f37 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -90,4 +90,3 @@ outputs: - name: Stop and disable multipathd service tags: step2 service: name=multipathd state=stopped enabled=no - metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index a9125c8c..b4fce226 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -68,7 +71,10 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] step_config: &step_config - get_attr: [NeutronBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NeutronBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 4bec8035..da461049 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -69,6 +72,7 @@ outputs: - "\n" - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" - {get_attr: [NovaApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -195,6 +199,8 @@ outputs: volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" + metadata_settings: + get_attr: [NovaApiBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index c6e848a0..39d1740c 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -47,6 +47,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: @@ -66,7 +69,10 @@ outputs: config_settings: get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaComputeBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaComputeBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 9f666577..ae737056 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [NovaConductorBase, role_data, service_name]} config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 0d3d1ec9..715a861b 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConsoleauthPuppetBase: type: ../../puppet/services/nova-consoleauth.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 17068b41..543758a1 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaIronicBase, role_data, service_name]} config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaIronicBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaIronicBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 973b0ebb..2f3851a5 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -74,6 +74,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -93,7 +96,10 @@ outputs: config_settings: get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaLibvirtBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: libvirtd_config,nova_config,file,exec diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 7350db20..d784ace3 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [NovaPlacementBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaPlacementBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaPlacementBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -100,6 +106,8 @@ outputs: - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaPlacementBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 5c1aa308..8d8a6358 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaSchedulerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaSchedulerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 37831ff7..c5f651d2 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaVncProxyPuppetBase: type: ../../puppet/services/nova-vnc-proxy.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index f5b4baec..86730ebc 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + OctaviaApiPuppetBase: type: ../../puppet/services/octavia-api.yaml properties: @@ -67,7 +70,10 @@ outputs: service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [OctaviaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 26ae9bca..c6a80efa 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -52,6 +52,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBackupBase: type: ../../../puppet/services/cinder-backup.yaml properties: @@ -82,7 +85,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBackupBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 262e999d..3c1b7a74 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -48,6 +48,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../../puppet/services/cinder-volume.yaml properties: @@ -76,7 +79,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index ad2fa0f6..01c17388 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -71,7 +74,10 @@ outputs: - get_attr: [PankoApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [PankoApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index bff2fdac..b0c3736c 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaApiPuppetBase: type: ../../puppet/services/sahara-api.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaApiPuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 01d4bb9c..b1660296 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaEnginePuppetBase: type: ../../puppet/services/sahara-engine.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaEnginePuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index cdcb4d2a..1b7d78ca 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + TackerBase: type: ../../puppet/services/tacker.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [TackerBase, role_data, config_settings] step_config: &step_config - get_attr: [TackerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [TackerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 061a4a70..072c6759 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -40,15 +40,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false conditions: zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + internal_tls_enabled: {get_param: EnableInternalTLS} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -58,6 +65,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -66,7 +74,10 @@ outputs: service_name: {get_attr: [ZaqarBase, role_data, service_name]} config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} step_config: &step_config - get_attr: [ZaqarBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ZaqarBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -137,6 +148,16 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS zaqar_websocket: @@ -162,3 +183,5 @@ outputs: - name: Stop and disable zaqar service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [ZaqarBase, role_data, metadata_settings] diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 255726a1..57cf2c5e 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -6,6 +6,8 @@ resource_registry: OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # The compute node still needs extra initialization steps OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml # NOTE: add roles to be docker enabled as we support them. OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml @@ -23,12 +25,13 @@ resource_registry: OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml - OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml - OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index a7504611..336a0b3c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -32,8 +32,8 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml - OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml @@ -51,7 +51,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml - OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index d1970d64..834c4f10 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -39,3 +39,4 @@ parameter_defaults: - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::OVNController diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 6a7318fc..1b792afd 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -17,7 +17,7 @@ resource_registry: {%- endfor %} # Port assignments for the VIPs - {%- for network in networks if network.vip %} + {%- for network in networks if network.vip and network.enabled|default(true) %} OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml index c592d576..a9f732b2 100644 --- a/environments/neutron-ml2-ovn-ha.yaml +++ b/environments/neutron-ml2-ovn-ha.yaml @@ -2,14 +2,15 @@ # extensions, configured via puppet resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 7483bdbb..7322b05c 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -1,15 +1,16 @@ # A Heat environment file which can be used to enable OVN # extensions, configured via puppet resource_registry: - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None - OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/overcloud-baremetal.j2.yaml b/environments/overcloud-baremetal.j2.yaml index 8d7bc8d9..93191a7b 100644 --- a/environments/overcloud-baremetal.j2.yaml +++ b/environments/overcloud-baremetal.j2.yaml @@ -11,10 +11,3 @@ parameter_defaults: {% for role in roles %} {{role.name}}Services: [] {% endfor %} - - # Consistent Hostname format - ControllerHostnameFormat: overcloud-controller-%index% - ComputeHostnameFormat: overcloud-novacompute-%index% - ObjectStorageHostnameFormat: overcloud-objectstorage-%index% - CephStorageHostnameFormat: overcloud-cephstorage-%index% - BlockStorageHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/overcloud-services.yaml b/environments/overcloud-services.yaml index 1d01cb3c..ac1c69f0 100644 --- a/environments/overcloud-services.yaml +++ b/environments/overcloud-services.yaml @@ -1,10 +1,2 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml - -parameter_defaults: - # Consistent Hostname format - ControllerDeployedServerHostnameFormat: overcloud-controller-%index% - ComputeDeployedServerHostnameFormat: overcloud-novacompute-%index% - ObjectStorageDeployedServerHostnameFormat: overcloud-objectstorage-%index% - CephStorageDeployedServerHostnameFormat: overcloud-cephstorage-%index% - BlockStorageDeployedServerHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml index b677a4f6..f0c671f6 100644 --- a/environments/services-docker/octavia.yaml +++ b/environments/services-docker/octavia.yaml @@ -3,3 +3,8 @@ resource_registry: OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml + +parameter_defaults: + NeutronServicePlugins: "qos,router,trunk,lbaasv2" + NeutronEnableForceMetadata: true + diff --git a/environments/split-stack-consistent-hostname-format.j2.yaml b/environments/split-stack-consistent-hostname-format.j2.yaml new file mode 100644 index 00000000..8345c108 --- /dev/null +++ b/environments/split-stack-consistent-hostname-format.j2.yaml @@ -0,0 +1,5 @@ +parameter_defaults: + # Consistent Hostname format +{% for role in roles %} + {{role.name}}HostnameFormat: overcloud-{{role.name.lower()}}-%index% +{% endfor %} diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml index a30330f9..69e89f87 100644 --- a/extraconfig/pre_network/contrail/compute_pre_network.yaml +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -34,7 +34,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml index 623eb7e0..4b3c673c 100644 --- a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -38,7 +38,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 2f5fcdf7..87dbeaec 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -9,7 +9,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list @@ -55,6 +55,21 @@ parameters: - allowed_pattern: "[0-9,-]*" type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + EnableDpdkDeploymentActions: + default: ['CREATE'] + type: comma_delimited_list + description: > + Exposing the DPDK deployment action, it may be required to run DPDK + config during an upgrade. By default DPDK will be enabled during the + CREATE action only. But on cases when it requires for certain migration, + it may be required to run it for UPDATE action too. # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Queens cycle. HostCpusList: @@ -79,13 +94,6 @@ parameters: default: '' description: Memory allocated for each socket type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} @@ -159,6 +167,40 @@ resources: _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: is_reboot_config_required + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: HostParametersDeployment + condition: is_reboot_config_required + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + + # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk + # immediately after setting dpdk-init (behaviour change from ovs2.6). + # Starting of DPDK require the huge page configuration to be enabled. So + # reboot will happen before DPDK config and we don't need an explicity + # restart after dpdk-init as true because of the behavior change. + # TODO(skramaja): Dependency is that till the service file workaround, is + # maintained, restart of ovs is required. EnableDpdkConfig: type: OS::Heat::SoftwareConfig condition: is_dpdk_config_required @@ -194,6 +236,8 @@ resources: sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path fi + systemctl daemon-reload + systemctl restart openvswitch # DO NOT use --detailed-exitcodes puppet apply --logdest console \ @@ -215,6 +259,7 @@ resources: EnableDpdkDeployment: type: OS::Heat::SoftwareDeployment condition: is_dpdk_config_required + depends_on: RebootDeployment properties: name: EnableDpdkDeployment server: {get_param: server} @@ -223,34 +268,7 @@ resources: if: - deployment_actions_empty - [] - - ['CREATE'] # Only do this on CREATE - - RebootConfig: - type: OS::Heat::SoftwareConfig - condition: is_reboot_config_required - properties: - group: script - config: | - #!/bin/bash - # Stop os-collect-config to avoid any race collecting another - # deployment before reboot happens - systemctl stop os-collect-config.service - /sbin/reboot - - RebootDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: HostParametersDeployment - condition: is_reboot_config_required - properties: - name: RebootDeployment - server: {get_param: server} - config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE - signal_transport: NO_SIGNAL + - {get_param: EnableDpdkDeploymentActions} outputs: result: diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index 1114897f..af49d49d 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -51,6 +51,10 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute yum install -y openstack-nova-migration + # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd + log_debug "Stop and disable libvirtd service for upgrade to containers" + systemctl stop libvirtd + systemctl disable libvirtd fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 063e63d4..356068fc 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -8,3 +8,39 @@ name: - puppet/blockstorage-role.yaml - puppet/objectstorage-role.yaml - puppet/cephstorage-role.yaml + - network/internal_api.yaml + - network/external.yaml + - network/storage.yaml + - network/storage_mgmt.yaml + - network/tenant.yaml + - network/management.yaml + - network/internal_api_v6.yaml + - network/external_v6.yaml + - network/storage_v6.yaml + - network/storage_mgmt_v6.yaml + - network/tenant_v6.yaml + - network/management_v6.yaml + - network/ports/internal_api.yaml + - network/ports/external.yaml + - network/ports/storage.yaml + - network/ports/storage_mgmt.yaml + - network/ports/tenant.yaml + - network/ports/management.yaml + - network/ports/internal_api_v6.yaml + - network/ports/external_v6.yaml + - network/ports/storage_v6.yaml + - network/ports/storage_mgmt_v6.yaml + - network/ports/tenant_v6.yaml + - network/ports/management_v6.yaml + - network/ports/internal_api_from_pool.yaml + - network/ports/external_from_pool.yaml + - network/ports/storage_from_pool.yaml + - network/ports/storage_mgmt_from_pool.yaml + - network/ports/tenant_from_pool.yaml + - network/ports/management_from_pool.yaml + - network/ports/internal_api_from_pool_v6.yaml + - network/ports/external_from_pool_v6.yaml + - network/ports/storage_from_pool_v6.yaml + - network/ports/storage_mgmt_from_pool_v6.yaml + - network/ports/tenant_from_pool_v6.yaml + - network/ports/management_from_pool_v6.yaml diff --git a/network/management.yaml b/network/management.yaml index f54794c3..d9f773c1 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -39,7 +39,7 @@ parameters: description: Ip allocation pool range for the management network. type: json ManagementInterfaceDefaultRoute: - default: null + default: unset description: The default route of the management network. type: string diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml new file mode 100644 index 00000000..2c223c16 --- /dev/null +++ b/network/network.network.j2.yaml @@ -0,0 +1,92 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: + default: {{network.ip_subnet|default("")}} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json + {{network.name}}NetAdminStateUp: + default: false + description: This admin state of the network. + type: boolean + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: + default: {{network.allocation_pools|default([])}} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json + {{network.name}}InterfaceDefaultRoute: + default: {{network.gateway_ip|default("not_defined")}} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} +{%- if network.ipv6 %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} +{%- if network.ipv6 %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: {{network.name}}Subnet, cidr} + diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 5aec597a..c790d370 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -5,11 +5,7 @@ description: Create networks to split out Overcloud traffic resources: {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name}}Network: - {%- else %} - InternalNetwork: - {%- endif %} type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -23,15 +19,8 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name_lower}}: yaql: data: {get_attr: [{{network.name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') - {%- else %} - {{network.name_lower}}: - yaql: - data: {get_attr: [InternalNetwork, subnet_cidr]} - expression: str($.data).replace('null', 'disabled') - {%- endif %} {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index bb54ca62..f874c30d 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -9,8 +9,8 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: - description: # Here for compatibility with isolated networks + NetworkName: # Here for compatibility with isolated networks + description: Name of the network where the VIP will be created default: ctlplane type: string PortName: diff --git a/network/ports/external.yaml b/network/ports/external.yaml index a02cc284..72922093 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index d2610c69..a14aa90b 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index e5fe8d71..2aa51267 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 12d61cce..5a1b5ae3 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index f258080a..e9eb7875 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index cb87fd54..31c72daf 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 12a0731b..657310ed 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 46e6e187..6a9e7083 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/management.yaml b/network/ports/management.yaml index dd62033b..417d0612 100644 --- a/network/ports/management.yaml +++ b/network/ports/management.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index 188be68c..4815d163 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index b5d44259..2a7d3b1d 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml index 977502a8..9de06d9c 100644 --- a/network/ports/management_v6.yaml +++ b/network/ports/management_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index a6971b0f..ce58e96f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -14,6 +14,7 @@ parameters: ExternalIpSubnet: default: '' type: string + description: IP address/subnet on the external network ExternalIpUri: default: '' type: string @@ -24,6 +25,7 @@ parameters: InternalApiIpSubnet: default: '' type: string + description: IP address/subnet on the internal API network InternalApiIpUri: default: '' type: string @@ -34,6 +36,7 @@ parameters: StorageIpSubnet: default: '' type: string + description: IP address/subnet on the storage network StorageIpUri: default: '' type: string @@ -44,6 +47,7 @@ parameters: StorageMgmtIpSubnet: default: '' type: string + description: IP address/subnet on the storage mgmt network StorageMgmtIpUri: default: '' type: string @@ -54,6 +58,7 @@ parameters: TenantIpSubnet: default: '' type: string + description: IP address/subnet on the tenant network TenantIpUri: default: '' type: string diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index 018bf2bb..d0847882 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index aa40cf17..72e60cb2 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 8030bfc0..9f39c4ff 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -12,19 +12,21 @@ parameters: description: IP address on the control plane type: string ControlPlaneNetwork: - description: Name of the control plane network + description: The name of the undercloud Neutron control plane default: ctlplane type: string PortName: description: Name of the port default: '' type: string - NetworkName: - description: # Here for compatibility with vip.yaml - default: '' + NetworkName: # Here for compatibility with vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane type: string FixedIPs: - description: # Here for compatibility with vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] default: [] type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml new file mode 100644 index 00000000..ded3e798 --- /dev/null +++ b/network/ports/port.network.j2.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network. The IP address will be chosen + automatically if FixedIPs is empty. + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name_lower}} neutron network + default: {{network.name_lower|default(network.name|lower)}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json + IPPool: # Here for compatibility with from_pool.yaml + default: {} + type: json + NodeIndex: # Here for compatibility with from_pool.yaml + default: 0 + type: number + +resources: + + {{network.name}}Port: + type: OS::Neutron::Port + properties: + network: {get_param: {{network.name}}NetName} + name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} + replacement_policy: AUTO + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - '/' + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml new file mode 100644 index 00000000..9c08ec76 --- /dev/null +++ b/network/ports/port_from_pool.network.j2.yaml @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name}} neutron network + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index 5c1aba1a..13e51ccf 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index ca5993fc..11aa20c7 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index ec7cd2f0..2d2c3055 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 94b058a2..c06c58ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 63b2e154..07308a70 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -26,7 +26,7 @@ parameters: type: number StorageMgmtNetCidr: default: '172.16.3.0/24' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 6d0b8794..1b30f0ce 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -27,7 +27,7 @@ parameters: type: number StorageMgmtNetCidr: default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 3d70c690..c10b1393 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 6137d241..c7d47c54 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index a56b0f43..6c5eee38 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index 03ff6d11..94c419df 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index d45faf06..cc2b619a 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index d23e91f7..47d52d8a 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 70b4482c..f47760c8 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 09f646a6..90525a31 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network_data.yaml b/network_data.yaml index 23c231f9..947769ae 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -5,30 +5,59 @@ # name: Name of the network (mandatory) # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) -# vlan: vlan for the network (optional) -# gateway: gateway for the network (optional) # enabled: Is the network enabled (optional, defaults to true) +# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) +# (optional, may use parameter defaults in environment to set) +# vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support -# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104 +# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, +# to support VIPs on non-default networks. +# See https://bugs.launchpad.net/tripleo/+bug/1667104 +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# gateway_ip: gateway for the network (optional, may use parameter defaults) +# NOTE: IP-related values set parameter defaults in templates, may be overridden. +# +# Example: +# - name Example +# vip: false +# ip_subnet: '10.0.2.0/24' +# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] +# gateway_ip: '10.0.2.254' # +# TODO (dsneddon) remove existing templates from j2_excludes.yaml +# and generate all templates dynamically. + - name: External vip: true name_lower: external + ip_subnet: '10.0.0.0/24' + allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] + gateway_ip: '10.0.0.1' - name: InternalApi name_lower: internal_api vip: true + ip_subnet: '172.16.2.0/24' + allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] - name: Storage vip: true name_lower: storage + ip_subnet: '172.16.1.0/24' + allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - name: StorageMgmt name_lower: storage_mgmt vip: true + ip_subnet: '172.16.3.0/24' + allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant + ip_subnet: '172.16.0.0/24' + allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs name_lower: management + ip_subnet: '10.0.1.0/24' + allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2dcc7f00..0d3b875a 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -156,6 +156,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::OVNController: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 6bc5db55..2bfdf506 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -89,7 +89,7 @@ parameters: description: Neutron ID or name for ctlplane network. NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string PublicVirtualFixedIPs: default: [] diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d58d1da..de7b6b49 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 48e5b97a..ce44fd68 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -147,7 +147,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 3ad6f745..af45793e 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -159,7 +159,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 933b5e60..38589a4e 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -173,7 +173,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index a03a9da5..10e56450 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 18707b9a..23d8896e 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -180,7 +180,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml index 9510df3b..222977e9 100644 --- a/puppet/services/iscsid.yaml +++ b/puppet/services/iscsid.yaml @@ -36,6 +36,6 @@ outputs: description: Role data for iscsid value: service_name: iscsid - config_setting: {} + config_settings: {} step_config: | include ::tripleo::profile::base::iscsid diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml index 1f331894..65b2a2a1 100644 --- a/puppet/services/network/contrail-dpdk.yaml +++ b/puppet/services/network/contrail-dpdk.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 058b9dc9..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string + hidden: true ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 981fe2fb..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml index dfd87eda..30720448 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/ovn-controller.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - OpenStack Neutron Compute OVN agent + OpenStack OVN Controller agent parameters: EndpointMap: @@ -45,23 +45,23 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" outputs: role_data: - description: Role data for the Neutron Compute OVN agent + description: Role data for the OVN Controller agent value: - service_name: neutron_compute_plugin_ovn + service_name: ovn_controller config_settings: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} nova::compute::force_config_drive: true - tripleo.neutron_compute_plugin_ovn.firewall_rules: + tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 @@ -70,3 +70,17 @@ outputs: dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn + upgrade_tasks: + - name: Check if ovn_controller is deployed + command: systemctl is-enabled ovn-controller + tags: common + ignore_errors: True + register: ovn_controller_enabled + - name: "PreUpgrade step0,validation: Check service ovn-controller is running" + shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b' + when: ovn_controller_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-controller service + tags: step1 + when: ovn_controller_enabled.rc == 0 + service: name=ovn-controller state=stopped diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f6f3e3c8..2b98008b 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -57,3 +57,17 @@ outputs: - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd + upgrade_tasks: + - name: Check if ovn_northd is deployed + command: systemctl is-enabled ovn-northd + tags: common + ignore_errors: True + register: ovn_northd_enabled + - name: "PreUpgrade step0,validation: Check service ovn-northd is running" + shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b' + when: ovn_northd_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-northd service + tags: step1 + when: ovn_northd_enabled.rc == 0 + service: name=ovn-northd state=stopped diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 21857423..4a1ad179 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -105,7 +105,7 @@ outputs: - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::unreliable: true @@ -178,6 +178,8 @@ outputs: - {} step_config: | include ::tripleo::profile::base::zaqar + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: yaql: expression: $.data.apache_upgrade + $.data.zaqar_upgrade diff --git a/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml new file mode 100644 index 00000000..23f482a1 --- /dev/null +++ b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for DPDK with OvS2.7, which requires huge page + configuration (with reboot) to be available before enabling DPDK. + diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ec9e3698..56daa864 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -45,3 +45,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index a1342dc6..0e8a90b7 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -45,3 +45,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/Controller.yaml b/roles/Controller.yaml index c97f7a78..d702a63d 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -109,6 +109,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 398736ae..10d76dd7 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -86,6 +86,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Redis diff --git a/roles_data.yaml b/roles_data.yaml index 59187183..0d6c8035 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -112,6 +112,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ @@ -179,6 +180,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController ############################################################################### # Role: BlockStorage # ############################################################################### diff --git a/tools/process-templates.py b/tools/process-templates.py index badc1426..07c27bad 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -96,6 +96,16 @@ def process_templates(template_path, role_data_path, output_dir, r_map = {} for r in role_data: r_map[r.get('name')] = r + + n_map = {} + for n in network_data: + if (n.get('enabled') is not False): + n_map[n.get('name')] = n + if not n.get('name_lower'): + n_map[n.get('name')]['name_lower'] = n.get('name').lower() + else: + print("skipping %s network: network is disabled" % n.get('name')) + excl_templates = ['%s/%s' % (template_path, e) for e in j2_excludes.get('name')] @@ -126,10 +136,13 @@ def process_templates(template_path, role_data_path, output_dir, for f in files: file_path = os.path.join(subdir, f) - # We do two templating passes here: + # We do three templating passes here: # 1. *.role.j2.yaml - we template just the role name # and create multiple files (one per role) - # 2. *.j2.yaml - we template with all roles_data, + # 2 *.network.j2.yaml - we template the network name and + # data and create multiple files for networks and + # network ports (one per network) + # 3. *.j2.yaml - we template with all roles_data, # and create one file common to all roles if f.endswith('.role.j2.yaml'): print("jinja2 rendering role template %s" % f) @@ -167,6 +180,30 @@ def process_templates(template_path, role_data_path, output_dir, else: print('skipping rendering of %s' % out_f_path) + + elif f.endswith('.network.j2.yaml'): + print("jinja2 rendering network template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering networks %s" % ",".join(n_map)) + for network in n_map: + j2_data = {'network': n_map[network]} + # Output file names in "<name>.yaml" format + out_f = os.path.basename(f).replace('.network.j2.yaml', + '.yaml') + if os.path.dirname(file_path).endswith('ports'): + out_f = out_f.replace('port', + n_map[network]['name_lower']) + else: + out_f = out_f.replace('network', + n_map[network]['name_lower']) + out_f_path = os.path.join(out_dir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): print("jinja2 rendering normal template %s" % f) with open(file_path) as j2_template: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 374cd6e3..3504620f 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -50,83 +50,58 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'ExternalAllocationPools': ['default'], 'StorageNetCidr': ['default'], 'StorageAllocationPools': ['default'], - 'StorageMgmtNetCidr': ['default', - # FIXME - 'description'], + 'StorageMgmtNetCidr': ['default'], 'StorageMgmtAllocationPools': ['default'], 'TenantNetCidr': ['default'], 'TenantAllocationPools': ['default'], 'InternalApiNetCidr': ['default'], + 'InternalApiAllocationPools': ['default'], 'UpdateIdentifier': ['description'], + 'key_name': ['default'], + # There's one template that defines this + # differently, and I'm not sure if we can + # safely change it. + 'EC2MetadataIp': ['default'], + # Same as EC2MetadataIp + 'ControlPlaneDefaultRoute': ['default'], # TODO(bnemec): Address these existing # inconsistencies. - 'NeutronMetadataProxySharedSecret': [ - 'description', 'hidden'], 'ServiceNetMap': ['description', 'default'], - 'EC2MetadataIp': ['default'], 'network': ['default'], 'ControlPlaneIP': ['default', 'description'], 'ControlPlaneIp': ['default', 'description'], 'NeutronBigswitchLLDPEnabled': ['default'], - 'NeutronEnableL2Pop': ['description'], 'NeutronWorkers': ['description'], - 'TenantIpSubnet': ['description'], - 'ExternalNetName': ['description'], - 'ControlPlaneDefaultRoute': ['default'], - 'StorageMgmtNetName': ['description'], 'ServerMetadata': ['description'], - 'InternalApiIpUri': ['description'], 'UpgradeLevelNovaCompute': ['default'], - 'StorageMgmtIpUri': ['description'], 'server': ['description'], 'servers': ['description'], - 'FixedIPs': ['description'], - 'ExternalIpSubnet': ['description'], - 'NeutronBridgeMappings': ['description'], 'ExtraConfig': ['description'], - 'InternalApiIpSubnet': ['description'], 'DefaultPasswords': ['description', 'default'], 'BondInterfaceOvsOptions': ['description', 'default', 'constraints'], 'KeyName': ['constraints'], - 'TenantNetName': ['description'], - 'StorageIpSubnet': ['description'], 'OVNSouthboundServerPort': ['description'], 'ExternalInterfaceDefaultRoute': ['description', 'default'], - 'ExternalIpUri': ['description'], 'IPPool': ['description'], - 'ControlPlaneNetwork': ['description'], 'SSLCertificate': ['description', 'default', 'hidden'], 'HostCpusList': ['default', 'constraints'], - 'InternalApiAllocationPools': ['default'], 'NodeIndex': ['description'], 'name': ['description', 'default'], - 'StorageNetName': ['description'], - 'ManagementNetName': ['description'], - 'NeutronPublicInterface': ['description'], - 'RoleParameters': ['description'], - 'ManagementInterfaceDefaultRoute': - ['default'], 'image': ['description', 'default'], 'NeutronBigswitchAgentEnabled': ['default'], 'EndpointMap': ['description', 'default'], 'DockerManilaConfigImage': ['description', 'default'], - 'NetworkName': ['default', 'description'], - 'StorageIpUri': ['description'], - 'InternalApiNetName': ['description'], - 'NeutronTunnelTypes': ['description'], 'replacement_policy': ['default'], - 'StorageMgmtIpSubnet': ['description'], 'CloudDomain': ['description', 'default'], - 'key_name': ['default', 'description'], 'EnableLoadBalancer': ['description'], 'ControllerExtraConfig': ['description'], 'NovaComputeExtraConfig': ['description'], @@ -207,6 +182,22 @@ def validate_hci_computehci_role(hci_role_filename, hci_role_tpl): return 0 +def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -228,25 +219,69 @@ def validate_mysql_connection(settings): error_status[0] = 1 return False - def search(item, check_item, check_key): - if check_item(item): - return True - elif isinstance(item, list): - for i in item: - if search(i, check_item, check_key): - return True - elif isinstance(item, dict): - for k in item.keys(): - if check_key(k, item[k]): - return True - elif search(item[k], check_item, check_key): - return True - return False - search(settings, no_op, validate_mysql_uri) return error_status[0] +def validate_docker_service_mysql_usage(filename, tpl): + no_op = lambda *args: False + included_res = [] + + def match_included_res(item): + is_config_setting = isinstance(item, list) and len(item) > 1 and \ + item[1:] == ['role_data', 'config_settings'] + if is_config_setting: + included_res.append(item[0]) + return is_config_setting + + def match_use_mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + all_content = [] + + def read_all(incfile, inctpl): + # search for included content + content = inctpl['outputs']['role_data']['value'].get('config_settings',{}) + all_content.append(content) + included_res[:] = [] + if search(content, match_included_res, no_op): + files = [inctpl['resources'][x]['type'] for x in included_res] + # parse included content + for r, f in zip(included_res, files): + # disregard class names, only consider file names + if 'OS::' in f: + continue + newfile = os.path.normpath(os.path.dirname(incfile)+'/'+f) + newtmp = yaml.load(open(newfile).read()) + read_all(newfile, newtmp) + + read_all(filename, tpl) + if search(all_content, match_use_mysql_protocol, no_op): + # ensure this service includes the mysqlclient service + resources = tpl['resources'] + mysqlclient = [x for x in resources + if resources[x]['type'].endswith('mysql-client.yaml')] + if len(mysqlclient) == 0: + print("ERROR: containerized service %s uses mysql but " + "resource mysql-client.yaml is not used" + % filename) + return 1 + + # and that mysql::client puppet module is included in puppet-config + match_mysqlclient = \ + lambda x: x == [mysqlclient[0], 'role_data', 'step_config'] + role_data = tpl['outputs']['role_data'] + puppet_config = role_data['value']['puppet_config']['step_config'] + if not search(puppet_config, match_mysqlclient, no_op): + print("ERROR: containerized service %s uses mysql but " + "puppet_config section does not include " + "::tripleo::profile::base::database::mysql::client" + % filename) + return 1 + + return 0 + + def validate_docker_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -275,6 +310,10 @@ def validate_docker_service(filename, tpl): return 1 if 'puppet_config' in role_data: + if validate_docker_service_mysql_usage(filename, tpl): + print('ERROR: could not validate use of mysql service for %s.' + % filename) + return 1 puppet_config = role_data['puppet_config'] for key in puppet_config: if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS: |