diff options
282 files changed, 4560 insertions, 3912 deletions
@@ -64,80 +64,82 @@ Service testing matrix The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` and should be executed according to the following table: -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | -+================+=============+=============+=============+=============+=================+ -| keystone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| glance | rbd | swift | file | swift + rbd | swift | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cinder | rbd | iscsi | | | iscsi | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| heat | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mysql | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron | ovs | ovs | ovs | ovs | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-bgpvpn | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-l2gw | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| rabbitmq | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mongodb | X | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| redis | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| haproxy | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| keepalived | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| memcached | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| pacemaker | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| nova | qemu | qemu | qemu | qemu | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ntp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| snmp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| timezone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sahara | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mistral | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| swift | | X | | | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| aodh | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ceilometer | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| gnocchi | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| panko | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| barbican | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| zaqar | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ec2api | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephrgw | | X | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| tacker | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| congress | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephmds | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| manila | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| collectd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| fluentd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sensu-client | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ ++----------------+-------------+-------------+-------------+-------------+-----------------++-------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | scenario007 | ++================+=============+=============+=============+=============+=================+==============+ +| keystone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| glance | rbd | swift | file | swift + rbd | swift | file | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cinder | rbd | iscsi | | | iscsi | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| heat | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mysql | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron | ovs | ovs | ovs | ovs | X | ovn | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron-bgpvpn | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ovn | | | | | | X | ++---------------------------------------------------------------------------------------------------------+ +| neutron-l2gw | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| rabbitmq | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mongodb | X | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| redis | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| haproxy | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| keepalived | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| memcached | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| pacemaker | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| nova | qemu | qemu | qemu | qemu | X | qemu | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ntp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| snmp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| timezone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sahara | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mistral | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| swift | | X | | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| aodh | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ceilometer | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| gnocchi | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| panko | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| barbican | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| zaqar | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ec2api | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephrgw | | X | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| tacker | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| congress | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephmds | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| manila | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| collectd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| fluentd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sensu-client | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index d0ec0152..fdf2ad63 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -10,13 +10,13 @@ # environment_groups: (required) # environment_groups: -# Identifies an environment choice. If group includes multiple environments it -# indicates that environments in group are mutually exclusive. +# Identifies a group of environments. # Attributes: # title: (optional) # description: (optional) # tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) +# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive # environments: # List of environments in environment group @@ -25,149 +25,37 @@ # title: (required) # description: (optional) # requires: an array of environments which are required by this environment (optional) -# resource_registry: [tbd] (optional) - -# resource_registry: -# [tbd] Each environment can provide options on resource_registry level applicable -# only when that given environment is used. (resource_type of that environment can -# be implemented using multiple templates). topics: - - title: Base Resources Configuration + - title: General Deployment Options description: environment_groups: - - title: - description: Enable base configuration for all resources required for OpenStack Deployment + - name: general-deployment-options + title: + description: Enables base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml title: Base resources configuration description: - - - title: Deployment Options - description: - environment_groups: - - title: High Availability - description: Enables configuration of an Overcloud controller with Pacemaker - environments: - - file: environments/puppet-pacemaker.yaml - title: Pacemaker - description: Enable configuration of an Overcloud controller with Pacemaker - requires: - - overcloud-resource-registry-puppet.yaml - - title: Pacemaker options - description: - environments: - - file: environments/puppet-pacemaker-no-restart.yaml - title: Pacemaker No Restart - description: - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Docker RDO + - title: Containerized Deployment description: > - Docker container with heat agents for containerized compute node + Configures Deployment to use containerized services environments: - file: environments/docker.yaml - title: Docker RDO + title: Containerized Deployment description: requires: - overcloud-resource-registry-puppet.yaml - - title: Enable TLS - description: > - environments: - - file: environments/enable-tls.yaml - title: TLS - description: > - Use this option to pass in certificates for SSL deployments. - For these values to take effect, one of the TLS endpoints - environments must also be used. - requires: - - overcloud-resource-registry-puppet.yaml - - title: TLS Endpoints - description: > - environments: - - file: environments/tls-endpoints-public-dns.yaml - title: SSL-enabled deployment with DNS name as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is a DNS name. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - file: environments/tls-endpoints-public-ip.yaml - title: SSL-enabled deployment with IP address as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is an IP address. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - title: External load balancer - description: > - Enable external load balancer - environments: - - file: environments/external-loadbalancer-vip-v6.yaml - title: External load balancer IPv6 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - file: environments/external-loadbalancer-vip.yaml - title: External load balancer IPv4 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - - title: Additional Services - description: Deploy additional Overcloud services - environment_groups: - - title: Manila - description: - environments: - - file: environments/manila-generic-config.yaml - title: Manila - description: Enable Manila generic driver backend - requires: - - overcloud-resource-registry-puppet.yaml - - title: Sahara - description: - environments: - - file: environments/services/sahara.yaml - title: Sahara - description: Deploy Sahara service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ironic - description: - environments: - - file: environments/services/ironic.yaml - title: Ironic - description: Deploy Ironic service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Mistral - description: - environments: - - file: environments/services/mistral.yaml - title: Mistral - description: Deploy Mistral service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ceilometer Api - description: + - title: High Availability + description: Enables configuration of an Overcloud Controller with Pacemaker environments: - - file: environments/services/disable-ceilometer-api.yaml - title: Ceilometer Api - description: Disable Ceilometer Api service. This service is - deprecated and will be removed in future releases. Please move - to using gnocchi/aodh/panko apis instead. + - file: environments/puppet-pacemaker.yaml + title: High Availability (Pacemaker) + description: requires: - overcloud-resource-registry-puppet.yaml - # - title: Network Interface Configuration - # description: - # environment_groups: - - - title: Overlay Network Configuration + - title: Network Configuration description: environment_groups: - title: Network Isolation @@ -189,10 +77,12 @@ topics: to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single NIC or Bonding + mutually_exclusive: true + - title: NICs, Bonding, VLANs Configuration description: > - Configure roles to use pair of bonded nics or to use Vlans on a - single nic. This option assumes use of Network Isolation. + Choose one of the pre-defined configurations or provide custom + network-environment.yaml instead. Note that pre-defined configuration work + only with standard Roles and Networks. These options assume use of Network Isolation. environments: - file: environments/net-bond-with-vlans.yaml title: Bond with Vlans @@ -202,7 +92,6 @@ topics: for each role. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-no-external.yaml title: Bond with Vlans No External Ports description: > @@ -212,7 +101,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-v6.yaml title: Bond with Vlans IPv6 description: > @@ -222,7 +110,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics.yaml title: Multiple NICs description: > @@ -231,7 +118,6 @@ topics: This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics-v6.yaml title: Multiple NICs IPv6 description: > @@ -240,7 +126,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml title: Single NIC with Vlans description: > @@ -248,7 +133,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-no-external.yaml title: Single NIC with Vlans No External Ports description: > @@ -257,7 +141,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-linux-bridge-with-vlans.yaml title: Single NIC with Linux Bridge Vlans description: > @@ -265,7 +148,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-v6.yaml title: Single NIC with Vlans IPv6 description: > @@ -274,7 +156,7 @@ topics: This option assumes use of Network Isolation IPv6 requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true - title: Management Network description: > Enable the creation of a system management network. This @@ -292,6 +174,35 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + + - title: Docker Network + description: > + [Temporary] Use this option when deploying containerized deployment + without network isolation + environments: + - file: environments/docker-network.yaml + title: Docker network + description: + requires: + - environments/docker.yaml + + - title: External load balancer + description: > + Enable external load balancer, requires network Isolation to be enabled. + Note that this option assumes standard isolated networks set. + environments: + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - environments/network-isolation.yaml + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - environments/network-isolation-v6.yaml + mutually_exclusive: true - title: Neutron Plugin Configuration description: @@ -327,8 +238,8 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/neutron-midonet.yaml - title: Deploy MidoNet Services + - file: environments/networking/neutron-midonet.yaml + title: Neutron MidoNet Services description: requires: - overcloud-resource-registry-puppet.yaml @@ -378,34 +289,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - - title: Nova Extensions - description: - environment_groups: - - title: Nova Extensions - description: - environments: - - file: environments/nova-nuage-config.yaml - title: Nuage backend - description: > - Enables Nuage backend on the Compute - requires: - - overcloud-resource-registry-puppet.yaml - - title: Storage description: environment_groups: - - title: Cinder backup service - description: - environments: - - file: environments/cinder-backup.yaml - title: Cinder backup service - description: > - OpenStack Cinder Backup service with Pacemaker configured - with Puppet - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Cinder backend + - title: Cinder backends description: > Enable various Cinder backends environments: @@ -414,7 +301,7 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-netapp-config.yaml + - file: environments/storage/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: @@ -422,22 +309,19 @@ topics: - file: environments/cinder-dellsc-config.yaml title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell EMC Storage Center ISCSI backend, - configured via puppet + Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > - Enables a Cinder HPELeftHandISCSI backend, configured - via puppet + Enables a Cinder HPELeftHandISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellps-config.yaml title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder Dell EMC PS Series backend, - configured via puppet + Enables a Cinder Dell EMC PS Series backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml @@ -447,110 +331,209 @@ topics: - file: environments/cinder-scaleio-config.yaml title: Cinder Dell EMC ScaleIO backend description: > - Enables a Cinder Dell EMC ScaleIO backend, + Enables a Cinder Dell EMC ScaleIO backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-veritas-hyperscale-config.yaml + title: Cinder Veritas HyperScale backend + description: > + Enables a Cinder Veritas HyperScale backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph - description: > - Enable the use of Ceph in the overcloud + - title: Cinder backup service + description: environments: - - file: environments/puppet-ceph-external.yaml - title: Externally managed Ceph + - file: environments/cinder-backup.yaml + title: Cinder backup service description: > - Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + OpenStack Cinder Backup service with Pacemaker requires: + - environments/puppet-pacemaker.yaml - overcloud-resource-registry-puppet.yaml + - title: Ceph + description: > + Enable the use of Ceph in the overcloud + environments: - file: environments/puppet-ceph.yaml - title: TripleO managed Ceph + title: Ceph Storage Backend description: > Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: CephMDS - description: > - Deploys CephMDS via TripleO, an additional Ceph service needed to create shared - filesystems hosted in Ceph. + - file: environments/storage/external-ceph.yaml + title: Externally managed Ceph + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + - title: Additional Ceph Options + description: environments: - file: environments/services/ceph-mds.yaml title: Deploys CephMDS - description: + description: > + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. requires: - environments/puppet-ceph.yaml - - title: Ceph Rados Gateway - description: > - Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API - which stores data in the Ceph cluster. - environments: - file: environments/ceph-radosgw.yaml - title: Deploys CephRGW - description: + title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. requires: - environments/puppet-ceph.yaml - - title: Manila with CephFS - description: > - Deploys Manila and configures it with the CephFS driver. This requires the deployment of - Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. - environments: - file: environments/manila-cephfsnative-config.yaml - title: Deploys Manila with CephFS driver - description: Deploys Manila and configures CephFS as its default backend. + title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. requires: - overcloud-resource-registry-puppet.yaml - - title: Storage Environment - description: > - Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It - configures which services will use Ceph, or if any of the services - will use NFS. And more. Usually requires to be edited by user first. - tags: - - no-gui + - title: Glance backends + description: environments: - - file: environments/storage-environment.yaml - title: Storage Environment - description: + - file: environments/storage/glance-nfs.yaml + title: Glance NFS Backend + description: | + Configure and enable this option to enable the use of an NFS + share as the backend for Glance. requires: - overcloud-resource-registry-puppet.yaml - - title: Utilities - description: + + - title: Security + description: Security Hardening Options environment_groups: - - title: Config Debug - description: Enable config management (e.g. Puppet) debugging + - title: TLS + description: environments: - - file: environments/config-debug.yaml - title: Config Debug + - file: environments/ssl/enable-tls.yaml + title: SSL on OpenStack Public Endpoints + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + options must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: + environments: + - file: environments/ssl/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-everywhere-endpoints-dns.yaml + title: Deploy All SSL Endpoints as DNS names + description: > + Use this option when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/ssl/enable-tls.yaml + mutually_exclusive: true + - title: SSH Banner Text + description: Enables population of SSH Banner Text + environments: + - file: environments/sshd-banner.yaml + title: SSH Banner Text description: requires: - overcloud-resource-registry-puppet.yaml - - title: Disable journal in MongoDb - description: > - Since, when journaling is enabled, MongoDb will create big journal - file it can take time. In a CI environment for example journaling is - not necessary. + - title: Horizon Password Validation + description: Enable Horizon Password validation environments: - - file: environments/mongodb-nojournal.yaml - title: Disable journal in MongoDb + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation description: requires: - overcloud-resource-registry-puppet.yaml - - title: Overcloud Steps - description: > - Specifies hooks/breakpoints where overcloud deployment should stop - Allows operator validation between steps, and/or more granular control. - Note: the wildcards relate to naming convention for some resource suffixes, - e.g see puppet/*-post.yaml, enabling this will mean we wait for - a user signal on every *Deployment_StepN resource defined in those files. - tags: - - no-gui + - title: AuditD Rules + description: Management of AuditD rules environments: - - file: environments/overcloud-steps.yaml - title: Overcloud Steps + - file: environments/auditd.yaml + title: AuditD Rule Management description: requires: - overcloud-resource-registry-puppet.yaml + - title: Keystone CADF auditing + description: Enable CADF notifications in Keystone for auditing + environments: + - file: environments/cadf.yaml + title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values + + - title: Additional Services + description: + environment_groups: + - title: + description: Deploy additional services + environments: + - file: environments/services/manila-generic-config.yaml + title: Barbican + description: Enable Barbican with the default secret store backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila with generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ec2-api.yaml + title: EC2 API + description: Enable EC2-API service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/zaqar.yaml + title: Zaqar + description: Deploy Zaqar service + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -559,7 +542,7 @@ topics: description: Enable monitoring agents environments: - file: environments/monitoring-environment.yaml - title: Enable monitoring agents + title: Monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml @@ -567,7 +550,7 @@ topics: description: Enable centralized logging clients (fluentd) environments: - file: environments/logging-environment.yaml - title: Enable fluentd client + title: fluentd client description: requires: - overcloud-resource-registry-puppet.yaml @@ -575,45 +558,45 @@ topics: description: Enable performance monitoring agents environments: - file: environments/collectd-environment.yaml - title: Enable performance monitoring agents + title: Performance monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml - - title: Security Options - description: Security Hardening Options + - title: Utilities + description: environment_groups: - - title: SSH Banner Text - description: Enables population of SSH Banner Text + - title: Config Debug + description: Enable config management (e.g. Puppet) debugging environments: - - file: environments/sshd-banner.yaml - title: SSH Banner Text + - file: environments/config-debug.yaml + title: Config Debug description: requires: - overcloud-resource-registry-puppet.yaml - - title: Horizon Password Validation - description: Enable Horizon Password validation + - title: Disable journal in MongoDb + description: > + Since, when journaling is enabled, MongoDb will create big journal + file it can take time. In a CI environment for example journaling is + not necessary. environments: - - file: environments/horizon_password_validation.yaml - title: Horizon Password Validation + - file: environments/mongodb-nojournal.yaml + title: Disable journal in MongoDb description: requires: - overcloud-resource-registry-puppet.yaml - - title: AuditD Rules - description: Management of AuditD rules + - title: Overcloud Steps + description: > + Specifies hooks/breakpoints where overcloud deployment should stop + Allows operator validation between steps, and/or more granular control. + Note: the wildcards relate to naming convention for some resource suffixes, + e.g see puppet/*-post.yaml, enabling this will mean we wait for + a user signal on every *Deployment_StepN resource defined in those files. + tags: + - no-gui environments: - - file: environments/auditd.yaml - title: AuditD Rule Management + - file: environments/overcloud-steps.yaml + title: Overcloud Steps description: requires: - overcloud-resource-registry-puppet.yaml - - title: Keystone CADF auditing - description: Enable CADF notifications in Keystone for auditing - environments: - - file: environments/cadf.yaml - title: Keystone CADF auditing - - title: SecureTTY Values - description: Set values within /etc/securetty - environments: - - file: environments/securetty.yaml - title: SecureTTY Values diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index ef51a779..e040b015 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -55,8 +55,10 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid - name: Controller CountDefault: 1 @@ -79,3 +81,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index d2550365..7768c4f0 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -16,6 +16,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -59,7 +60,9 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml index b5316f1b..0dd59e96 100644 --- a/ci/environments/multinode-core.yaml +++ b/ci/environments/multinode-core.yaml @@ -21,6 +21,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. resources: diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 72b1bc41..2b25e58e 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -57,7 +57,9 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Horizon - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index ba5e3335..d8f71414 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -54,9 +54,11 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::Horizon - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 89339d10..73dc5b14 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -26,6 +26,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -62,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -89,6 +91,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 8abd079f..54eef744 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -60,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -87,6 +88,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index b795535a..d300f773 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -19,6 +19,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -53,6 +54,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -67,6 +69,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 220979b9..cdbcbfd6 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -52,6 +52,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -66,6 +67,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index 71daf8ec..e3789ea8 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -20,6 +20,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -62,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 7a72562c..5e797b40 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -50,6 +50,7 @@ parameter_defaults: - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine @@ -59,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index c2a2331c..6d795f97 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -16,8 +16,7 @@ resource_registry: OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml - # NOTE: being containerized here: https://review.openstack.org/#/c/471527/ - OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml + OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml # TODO: containerize NeutronBgpVpnApi OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml @@ -30,6 +29,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: @@ -74,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index a15db896..bd30347a 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -74,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml new file mode 100644 index 00000000..dd73f476 --- /dev/null +++ b/ci/environments/scenario007-multinode.yaml @@ -0,0 +1,76 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml + OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Disable neutron services not required for OVN and enable services required for OVN. + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + # For OVN. + NeutronMechanismDrivers: ovn + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false + NeutronTypeDrivers: 'geneve,vlan,flat,vxlan' + NeutronNetworkType: 'geneve' + NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' + NeutronVniRanges: ['1:65536', ] + OVNBridgeMappings: 'datacentre:br-ex' + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/pingtests/scenario007-multinode.yaml b/ci/pingtests/scenario007-multinode.yaml new file mode 100644 index 00000000..b7d6213b --- /dev/null +++ b/ci/pingtests/scenario007-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: pike + +description: > + HOT template to created resources deployed by scenario007. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/common/services.yaml b/common/services.yaml index 8581656e..0bc3462f 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -1,4 +1,3 @@ -#FIXME move into common when specfile adds it heat_template_version: pike description: > @@ -36,7 +35,7 @@ parameters: description: Role name on which the service is applied type: string RoleParameters: - description: Role Specific parameters to be provided to service + description: Parameters specific to the role default: {} type: json @@ -63,26 +62,47 @@ resources: properties: RoleData: {get_attr: [ServiceChain, role_data]} -outputs: - role_data: - description: Combined Role data for this set of services. - value: - service_names: - {get_attr: [ServiceChain, role_data, service_name]} - monitoring_subscriptions: + PuppetStepConfig: + type: OS::Heat::Value + properties: + type: string + value: yaql: - expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - logging_sources: + expression: + # select 'step_config' only from services that do not have a docker_config + coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n") + data: + service_names: {get_attr: [ServiceChain, role_data, service_name]} + step_config: {get_attr: [ServiceChain, role_data, step_config]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + DockerConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: + # select 'docker_config' only from services that have it + coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) + data: + service_names: {get_attr: [ServiceChain, role_data, service_names]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + LoggingSourcesConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some # default configuration at the same time. yaql: expression: > let( - default_format => $.data.default_format, - pos_file_path => $.data.pos_file_path, - sources => $.data.sources.flatten() + default_format => coalesce($.data.default_format, ''), + pos_file_path => coalesce($.data.pos_file_path, ''), + sources => coalesce($.data.sources, {}).flatten() ) -> $sources.where($ != null).select({ 'type' => 'tail', @@ -95,59 +115,150 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null)) + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('logging_source')).where($ != null)) data: {role_data: {get_attr: [ServiceChain, role_data]}} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} - logging_groups: + + LoggingGroupsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: # Build a list of unique groups to which we should add the # fluentd user. yaql: expression: > - set(($.data.default + $.data.extra + $.data.role_data.where($ != null).select($.get('logging_groups'))).flatten()).where($) + set((coalesce($.data.default, []) + coalesce($.data.extra, []) + coalesce($.data.role_data, []).where($ != null).select($.get('logging_groups'))).flatten()).where($) data: default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]} extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]} role_data: {get_attr: [ServiceChain, role_data]} - config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - global_config_settings: + + MonitoringSubscriptionsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + ServiceNames: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + filter: + - [null] + - {get_attr: [ServiceChain, role_data, service_name]} + + GlobalConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: map_merge: yaql: - expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null)) + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null)) data: {role_data: {get_attr: [ServiceChain, role_data]}} - service_config_settings: + + ServiceConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: yaql: - expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - service_workflow_tasks: + + ServiceWorkflowTasks: + type: OS::Heat::Value + properties: + type: json + value: yaql: - expression: $.data.role_data.where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - step_config: {get_attr: [ServiceChain, role_data, step_config]} - upgrade_tasks: + + UpgradeTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} - upgrade_batch_tasks: + + UpgradeBatchTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} - service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} - # Keys to support docker/services - puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]} - kolla_config: - map_merge: {get_attr: [ServiceChain, role_data, kolla_config]} - docker_config: - {get_attr: [ServiceChain, role_data, docker_config]} - docker_puppet_tasks: - {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} - host_prep_tasks: + PuppetConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct() + data: {get_attr: [ServiceChain, role_data]} + + KollaConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + DockerPuppetTasks: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: dict(coalesce($.data, []).where($ != null).select($.get('docker_puppet_tasks')).where($ != null).selectMany($.items()).groupBy($[0], $[1])) + data: {get_attr: [ServiceChain, role_data]} + + HostPrepTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: # Note we use distinct() here to filter any identical tasks - expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: {get_attr: [ServiceNames, value]} + monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]} + logging_sources: {get_attr: [LoggingSourcesConfig, value]} + logging_groups: {get_attr: [LoggingGroupsConfig, value]} + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + global_config_settings: {get_attr: [GlobalConfigSettings, value]} + service_config_settings: {get_attr: [ServiceConfigSettings, value]} + service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} + step_config: {get_attr: [PuppetStepConfig, value]} + upgrade_tasks: {get_attr: [UpgradeTasks, value]} + upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} + + # Keys to support docker/services + puppet_config: {get_attr: [PuppetConfig, value]} + kolla_config: {get_attr: [KollaConfig, value]} + docker_config: {get_attr: [DockerConfig, value]} + docker_puppet_tasks: {get_attr: [DockerPuppetTasks, value]} + host_prep_tasks: {get_attr: [HostPrepTasks, value]} diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml index 5b268234..d57ea9fc 100644 --- a/deployed-server/deployed-server-bootstrap-centos.yaml +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-bootstrap-rhel.yaml b/deployed-server/deployed-server-bootstrap-rhel.yaml index a9018515..554bff3e 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.yaml +++ b/deployed-server/deployed-server-bootstrap-rhel.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-environment-output.yaml b/deployed-server/deployed-server-environment-output.yaml index eaf77459..89c3886d 100644 --- a/deployed-server/deployed-server-environment-output.yaml +++ b/deployed-server/deployed-server-environment-output.yaml @@ -34,21 +34,11 @@ resources: fixed_ips: - ip_address: {get_param: [VipMap, redis]} - ResourceRegistry: - type: OS::Heat::Value - properties: - type: json - value: - OS::TripleO::DeployedServer::ControlPlanePort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml - OS::TripleO::Network::Ports::ControlPlaneVipPort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml - DeployedServerEnvironment: type: OS::Heat::Value properties: type: json value: - resource_registry: - {get_attr: [ResourceRegistry, value]} parameter_defaults: map_merge: - {get_attr: [DeployedServerPortMapParameter, value]} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 084c2f8f..4a305c68 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -41,6 +41,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent @@ -118,6 +119,7 @@ - OS::TripleO::Services::Snmp - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -130,6 +132,7 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: BlockStorageDeployedServer disable_constraints: True diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 16deb7d6..d116e7c6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -9,6 +9,7 @@ parameters: key_name: type: string default: unused + description: Name of keypair to assign to servers security_groups: type: json default: [] diff --git a/docker/README-containers.md b/docker/README-containers.md index 5a9f6f3c..376af3ec 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -1,58 +1,3 @@ -# Using Docker Containers With TripleO +# Containers based OpenStack deployment -## Configuring TripleO with to use a container based compute node. - -Steps include: -- Adding a base OS image to glance -- Deploy an overcloud configured to use the docker compute heat templates - -## Getting base OS image working. - -Download the fedora atomic image into glance: - -``` -wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 -glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare -``` - -## Configuring TripleO - -You can use the tripleo.sh script up until the point of running the Overcloud. -https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh - -You will want to set up the runtime puppet script delivery system described here: -http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html - -Create the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu -``` - -Using Network Isolation in the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network-isolation.yaml --libvirt-type=qemu -``` - -Source the overcloudrc and then you can use the overcloud. - -## Debugging - -You can ssh into the controller/compute nodes by using the heat key, eg: -``` -nova list -ssh heat-admin@<compute_node_ip> -``` - -You can check to see what docker containers are running: -``` -sudo docker ps -a -``` - -To enter a container that doesn't seem to be working right: -``` -sudo docker exec -ti <container name> /bin/bash -``` - -Then you can check logs etc. - -You can also just do a 'docker logs' on a given container. +https://docs.openstack.org/tripleo-docs/latest/install/containers_deployment/ diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index 446c73a6..b884e0e7 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -10,7 +10,7 @@ command: >- puppet apply --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - --logdest syslog --color=false + --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp changed_when: false check_mode: no @@ -64,6 +64,10 @@ ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists + stat: + path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + register: docker_puppet_tasks_json - name: Run docker-puppet tasks (bootstrap tasks) shell: python /var/lib/docker-puppet/docker-puppet.py environment: @@ -71,7 +75,7 @@ NET_HOST: "true" NO_ARCHIVE: "true" STEP: "{{step}}" - when: deploy_server_id == bootstrap_server_id + when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists changed_when: false check_mode: no register: outputs diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 9780054b..fadd12d3 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -211,11 +211,11 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume sync FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \ - --color=false --logdest syslog $TAGS /etc/config.pp + --color=false --logdest syslog --logdest console $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 4b0c8789..05ff7945 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -60,23 +60,6 @@ conditions: resources: - # These utility tasks use docker-puppet.py to execute tasks via puppet - # We only execute these on the first node in the primary role - {{primary_role_name}}DockerPuppetTasks: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) - data: - docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} - default_tasks: -{%- for step in range(1, deploy_steps_max) %} - step_{{step}}: {} -{%- endfor %} - RoleConfig: type: OS::Heat::SoftwareConfig properties: @@ -133,6 +116,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -142,6 +126,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true # END service_workflow_tasks handling {% endfor %} @@ -175,11 +160,11 @@ resources: vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} docker_puppet_script: {get_file: docker-puppet.py} - docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]} - docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} + docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} + docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} + puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -193,10 +178,9 @@ resources: file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes - # This is the docker-puppet configs end in + # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - # this creates a JSON config file for our docker-puppet.py script - name: Write docker-puppet-tasks json files copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes # FIXME: can we move docker-puppet somewhere so it's installed via a package? @@ -220,6 +204,13 @@ resources: ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files + file: + path: "{{item}}" + state: absent + with_fileglob: + - /var/lib/docker-puppet/docker-puppet-tasks*.json + when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes with_dict: "{{docker_puppet_tasks}}" @@ -232,33 +223,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}PuppetStepConfig: - type: OS::Heat::Value - properties: - type: string - value: - yaql: - expression: - # select 'step_config' only from services that do not have a docker_config - $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n") - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - step_config: {get_param: [role_data, {{role.name}}, step_config]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - - {{role.name}}DockerConfig: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - # select 'docker_config' only from services that have it - $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN CONFIG STEPS {{role.name}}PreConfig: diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 41b036da..ddfa8802 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,14 +1,5 @@ heat_template_version: pike -parameters: - DockerNamespace: - type: string - default: tripleoupstream - description: namespace - DockerNamespaceIsRegistry: - type: boolean - default: false - resources: userdata: @@ -21,12 +12,7 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: - str_replace: - params: - $docker_registry: {get_param: DockerNamespace} - $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./setup_docker_host.sh} + config: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 70b43eb1..8afb6d28 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -68,7 +71,10 @@ outputs: - get_attr: [AodhApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [AodhApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index f75c57b3..86bdfdf9 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhEvaluatorBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhEvaluatorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhEvaluatorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 9db2ffbe..3f986ab2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhListenerBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhListenerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhListenerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index c16c0161..852120c9 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhNotifierBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhNotifierBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhNotifierBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml new file mode 100644 index 00000000..1468415e --- /dev/null +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -0,0 +1,205 @@ +heat_template_version: pike + +description: > + Ceph base service. Shared by all Ceph services. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephAnsibleWorkflowName: + type: string + description: Name of the Mistral workflow to execute + default: tripleo.storage.v1.ceph-install + CephAnsiblePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute + default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleExtraConfig: + type: json + description: Extra vars for the ceph-ansible playbook + default: {} + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephPoolDefaultPgNum: + description: default pg_num to use for the RBD pools + type: number + default: 32 + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num": 128, + "pgp_num": 128 + } + } + default: {} + type: json + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephPoolDefaultSize: + description: default minimum replication for RBD copies + type: number + default: 3 + CephIPv6: + default: False + type: boolean + DockerCephDaemonImage: + description: image + type: string + default: 'ceph/daemon:tag-build-master-jewel-centos-7' + +conditions: + custom_registry_host: + yaql: + data: {get_param: DockerCephDaemonImage} + expression: $.data.split('/')[0].matches('(\.|:)') + +outputs: + role_data: + description: Role data for the Ceph base service. + value: + service_name: ceph_base + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: + step2: + - name: ceph_base_ansible_workflow + workflow: { get_param: CephAnsibleWorkflowName } + input: + ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} + ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + config_settings: + ceph_common_ansible_vars: + fsid: { get_param: CephClusterFSID } + docker: true + ceph_docker_registry: + if: + - custom_registry_host + - yaql: + expression: regex('(?:https?://)?(.*)/').split($.data)[1] + data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + - docker.io + ceph_docker_image: + if: + - custom_registry_host + - yaql: + expression: regex('(?:https?://)?(.*)/').split($.data)[2] + data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + containerized_deployment: true + public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + user_config: true + ceph_stable: true + ceph_origin: distro + openstack_config: true + openstack_pools: + list_concat: + - repeat: + template: + name: <%pool%> + pg_num: {get_param: CephPoolDefaultPgNum} + rule_name: "" + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + - repeat: + template: + name: <%pool%> + pg_num: {get_param: CephPoolDefaultPgNum} + rule_name: "" + for_each: + <%pool%>: {get_param: CephPools} + openstack_keys: &openstack_keys + - name: + list_join: + - '.' + - - client + - {get_param: CephClientUserName} + key: {get_param: CephClientKey} + mon_cap: "allow r" + osd_cap: + str_replace: + template: "allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL" + params: + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + acls: + - "u:glance:r--" + - "u:nova:r--" + - "u:cinder:r--" + - "u:gnocchi:r--" + keys: *openstack_keys + pools: [] + ceph_conf_overrides: + global: + osd_pool_default_size: {get_param: CephPoolDefaultSize} + osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + ntp_service_enabled: false + generate_fsid: false + ip_version: + if: + - {get_param: CephIPv6} + - ipv6 + - ipv4 diff --git a/puppet/services/network/contrail-provision.yaml b/docker/services/ceph-ansible/ceph-client.yaml index f3a43224..55d8d9da 100644 --- a/puppet/services/network/contrail-provision.yaml +++ b/docker/services/ceph-ansible/ceph-client.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - Provision Contrail services after deployment + Ceph Client service. parameters: ServiceData: @@ -32,8 +32,8 @@ parameters: type: json resources: - ContrailBase: - type: ./contrail-base.yaml + CephBase: + type: ./ceph-base.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} @@ -44,11 +44,15 @@ resources: outputs: role_data: - description: Contrail provisioning role + description: Role data for the Ceph Client service. value: - service_name: contrail_provision - config_settings: - map_merge: - - get_attr: [ContrailBase, role_data, config_settings] - step_config: | - include ::tripleo::network::contrail::provision + service_name: ceph_client + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: {} diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml new file mode 100644 index 00000000..90149d1e --- /dev/null +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -0,0 +1,86 @@ +heat_template_version: pike + +description: > + Ceph Monitor service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephMonKey: + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephAdminKey: + default: '' + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephValidationRetries: + type: number + default: 40 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 30 + description: Interval (in seconds) in between validation checks + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Monitor service. + value: + service_name: ceph_mon + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_mon.firewall_rules: + '110 ceph_mon': + dport: + - 6789 + - ceph_mon_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - monitor_secret: {get_param: CephMonKey} + admin_secret: {get_param: CephAdminKey} + monitor_interface: br_ex diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml new file mode 100644 index 00000000..6e0f4a60 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -0,0 +1,75 @@ +heat_template_version: pike + +description: > + Ceph OSD service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephAnsibleDisksConfig: + type: json + description: Disks config settings for ceph-ansible + default: + devices: + - /dev/vdb + journal_size: 512 + journal_collocation: true + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph OSD service. + value: + service_name: ceph_osd + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_osd.firewall_rules: + '111 ceph_osd': + dport: + - '6800-7300' + - ceph_osd_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - {get_param: CephAnsibleDisksConfig}
\ No newline at end of file diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 0cd1dd7b..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-api.yaml properties: @@ -66,7 +69,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -86,6 +92,17 @@ outputs: - path: /var/log/cinder owner: cinder:cinder recurse: true + /var/lib/kolla/config_files/cinder_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true docker_config: step_2: cinder_api_init_logs: @@ -140,6 +157,24 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + cinder_api_cron: + image: *cinder_api_image + net: host + user: root + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + metadata_settings: + get_attr: [CinderBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 46dbea1d..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-backup.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -72,15 +78,15 @@ outputs: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" dest: "/" merge: true preserve_properties: true @@ -113,13 +119,12 @@ outputs: - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - # FIXME: we need to generate a ceph.conf with puppet for this - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: @@ -132,6 +137,10 @@ outputs: with_items: - /var/lib/cinder - /var/log/containers/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable cinder_backup service tags: step2 diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 1bae005c..1ac31874 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-scheduler.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 2ecc7adc..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-volume.yaml properties: @@ -75,6 +78,7 @@ outputs: - "\n" - - "include ::tripleo::profile::base::lvm" - get_attr: [CinderBase, role_data, step_config] + - get_attr: [MySQLClient, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -86,15 +90,15 @@ outputs: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" dest: "/" merge: true preserve_properties: true @@ -124,13 +128,12 @@ outputs: - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - # FIXME: we need to generate a ceph.conf with puppet for this - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: @@ -143,6 +146,10 @@ outputs: with_items: - /var/log/containers/cinder - /var/lib/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: cinder_enable_iscsi_backend fact set_fact: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 2989729c..3c0ba09b 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -89,15 +89,17 @@ outputs: collectd: image: {get_param: DockerCollectdImage} net: host + pid: host privileged: true + user: root restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/collectd:/var/log/collectd:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index e49682f9..08170cef 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CongressBase: type: ../../puppet/services/congress.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CongressBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml deleted file mode 100644 index d45d58e1..00000000 --- a/docker/services/database/mysql-client.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: pike - -description: > - Configuration for containerized MySQL clients - -parameters: - DockerMysqlClientConfigImage: - description: The container image to use for the mysql_client config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - InternalTLSCAFile: - default: '/etc/ipa/ca.crt' - type: string - description: Specifies the default CA cert to use if TLS is used for - services in the internal network. - -outputs: - role_data: - description: Role for setting mysql client parameters - value: - service_name: mysql_client - config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} - tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} - # BEGIN DOCKER SETTINGS # - step_config: "" - puppet_config: - config_volume: mysql_client - puppet_tags: file # set this even though file is the default - step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: {get_param: DockerMysqlClientConfigImage} - # no need for a docker config, this service only generates configuration files - docker_config: {} diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index 9f1ecbc1..1d4ddd38 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + Ec2ApiPuppetBase: type: ../../puppet/services/ec2-api.yaml properties: @@ -58,7 +61,10 @@ outputs: service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [Ec2ApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index d88c64b5..044eb283 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -70,7 +73,10 @@ outputs: - get_attr: [GlanceApiPuppetBase, role_data, config_settings] - glance::api::sync_db: false step_config: &step_config - get_attr: [GlanceApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: @@ -86,6 +92,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND config_files: @@ -117,6 +127,7 @@ outputs: - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -156,6 +167,10 @@ outputs: file: path: /var/log/containers/glance state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable glance_api service tags: step2 diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 1a0a1ddb..5a6958a0 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiMetricdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiMetricdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -75,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -93,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -100,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-metricd service tags: step2 diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 00d218d2..19e658cd 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiStatsdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiStatsdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 21baf5c6..2f0584ea 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -46,7 +46,7 @@ parameters: The filepath of the certificate as it will be stored in the controller. type: string RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: @@ -85,6 +85,7 @@ outputs: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false + tripleo::haproxy::haproxy_service_manage: false step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -92,7 +93,8 @@ outputs: puppet_config: config_volume: haproxy puppet_tags: haproxy_config - step_config: *step_config + step_config: + "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: @@ -110,10 +112,44 @@ outputs: preserve_properties: true docker_config: step_1: + haproxy_firewall: + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: *step_config + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: image: {get_param: DockerHAProxyImage} net: host - privileged: false restart: always volumes: list_concat: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index aff0f1a1..70612899 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -125,8 +125,25 @@ outputs: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api_cfn service + - name: Check if heat_api_cfn is deployed + command: systemctl is-enabled openstack-heat-api-cfn + tags: common + ignore_errors: True + register: heat_api_cfn_enabled + - name: check for heat_api_cfn running under apache (post upgrade) tags: step2 - service: name=httpd state=stopped enabled=no + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi" + register: heat_api_cfn_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api_cfn service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_cfn_apache.rc == 0 + - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-heat-api-cfn state=stopped enabled=no + when: heat_api_cfn_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index d09230fe..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -90,6 +90,17 @@ outputs: - path: /var/log/heat owner: heat:heat recurse: true + /var/lib/kolla/config_files/heat_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/heat + owner: heat:heat + recurse: true docker_config: step_4: heat_api: @@ -119,14 +130,46 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + heat_api_cron: + image: {get_param: DockerHeatApiImage} + net: host + user: root + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/heat:/var/log/heat + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api service + - name: Check is heat_api is deployed + command: systemctl is-enabled openstack-heat-api + tags: common + ignore_errors: True + register: heat_api_enabled + - name: check for heat_api running under apache (post upgrade) + tags: step2 + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi" + register: heat_api_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_apache.rc == 0 + - name: Stop and disable heat_api service (pre-upgrade not under httpd) tags: step2 - service: name=httpd state=stopped enabled=no + service: name=openstack-heat-api state=stopped enabled=no + when: heat_api_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 789f3f9d..a20dc131 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -63,7 +66,10 @@ outputs: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [HeatBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [HeatBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 90978f3e..2a9735b5 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [IronicApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [IronicApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 6368bd23..37f4d46e 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -69,7 +72,10 @@ outputs: - ironic::pxe::http_root: /var/lib/ironic/httpboot - ironic::conductor::http_root: /var/lib/ironic/httpboot step_config: &step_config - get_attr: [IronicConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index b39b72e2..80519800 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -42,23 +42,38 @@ resources: ContainersCommon: type: ./containers-common.yaml + IscsidBase: + type: ../../puppet/services/iscsid.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the Iscsid API role. + description: Role data for the Iscsid role. value: - service_name: iscsid - config_settings: {} - step_config: '' - service_config_settings: {} + service_name: {get_attr: [IscsidBase, role_data, service_name]} + config_settings: {get_attr: [IscsidBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [IscsidBase, role_data, step_config]} + service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid - #puppet_tags: file - step_config: '' + puppet_tags: iscsid_config + step_config: *step_config config_image: {get_param: DockerIscsidConfigImage} kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: iscsid: @@ -76,14 +91,10 @@ outputs: - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /etc/iscsi - file: - path: /etc/iscsi - state: directory - name: stat /lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket @@ -107,4 +118,3 @@ outputs: tags: step2 service: name=iscsid.socket state=stopped enabled=no when: stat_iscsid_socket.stat.exists - metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index da04682e..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -55,6 +55,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -83,6 +86,7 @@ outputs: - "\n" - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" - {get_attr: [KeystoneBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -98,6 +102,19 @@ outputs: dest: "/" merge: true preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: @@ -150,6 +167,23 @@ outputs: user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + user: root + net: host + privileged: false + restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index c33f4094..7b2dbfaf 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index 730d33f6..7b5dfec3 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaSchedulerPuppetBase: type: ../../puppet/services/manila-scheduler.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index 9733b6f9..332ba864 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized Manila Share service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaShareImage: description: image - default: 'centos-binary-manila-share:latest' type: string DockerManilaConfigImage: description: image - default: 'centos-binary-manila-base:latest' type: string EndpointMap: default: {} @@ -48,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaBase: type: ../../puppet/services/manila-share.yaml properties: @@ -65,17 +62,17 @@ outputs: service_name: {get_attr: [ManilaBase, role_data, service_name]} config_settings: {get_attr: [ManilaBase, role_data, config_settings]} step_config: &step_config - get_attr: [ManilaBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: manila puppet_tags: manila_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_share.json: command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf @@ -84,9 +81,8 @@ outputs: dest: "/" merge: true preserve_properties: true - # NOTE(gfidente): ceph-ansible generated - - source: "/var/lib/kolla/config_files/src-ceph/*" - dest: "/etc/ceph" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" merge: true preserve_properties: true permissions: @@ -96,10 +92,7 @@ outputs: docker_config: step_4: manila_share: - image: &manila_share_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ] + image: &manila_share_image {get_param: DockerManilaShareImage} net: host restart: always volumes: @@ -109,7 +102,7 @@ outputs: - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila - - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -117,6 +110,10 @@ outputs: file: path: /var/log/containers/manila state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable manila_share service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 73db3742..38b97aef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [MistralApiBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 4c6b300d..2b498be3 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 3346a049..e106fe47 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -109,6 +115,18 @@ outputs: path: /var/log/containers/mistral state: directory upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation - name: Stop and disable mistral_executor service tags: step2 + when: mistral_executor_enabled.rc == 0 service: name=openstack-mistral-executor state=stopped enabled=no diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index 51b93029..fc749f37 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,6 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: @@ -72,11 +77,11 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -85,4 +90,3 @@ outputs: - name: Stop and disable multipathd service tags: step2 service: name=multipathd state=stopped enabled=no - metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 547deaf0..b4fce226 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -68,7 +71,10 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] step_config: &step_config - get_attr: [NeutronBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NeutronBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -163,8 +169,18 @@ outputs: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_api service tags: step2 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index c7444070..4b75d542 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -81,6 +81,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_dhcp: @@ -97,15 +100,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_dhcp service tags: step2 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped enabled=no diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index c3a4d27f..06470c05 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_l3_agent: @@ -93,10 +96,15 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index f030faef..a5a7c34b 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_metadata_agent: @@ -93,15 +96,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_metadata service tags: step2 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped enabled=no diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 1d73a538..da461049 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -69,6 +72,7 @@ outputs: - "\n" - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" - {get_attr: [NovaApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -88,6 +92,17 @@ outputs: - path: /var/log/nova owner: nova:nova recurse: true + /var/lib/kolla/config_files/nova_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true docker_config: # db sync runs before permissions set by kolla_config step_2: @@ -151,7 +166,7 @@ outputs: user: nova privileged: true restart: always - volumes: &nova_api_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - @@ -164,12 +179,17 @@ outputs: image: *nova_api_image net: host user: root - privileged: true + privileged: false restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - command: "/usr/sbin/crond -n" step_5: nova_api_discover_hosts: start_order: 1 @@ -179,6 +199,8 @@ outputs: volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" + metadata_settings: + get_attr: [NovaApiBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index d8e76925..39d1740c 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -36,12 +36,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: @@ -51,6 +59,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -58,16 +67,12 @@ outputs: value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaComputeBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaComputeBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini @@ -81,6 +86,14 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -103,13 +116,16 @@ outputs: - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev:/dev - - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova - /var/lib/libvirt:/var/lib/libvirt - /var/log/containers/nova:/var/log/nova + - /sys/class/net:/sys/class/net + - /sys/bus/pci:/sys/bus/pci environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -121,6 +137,10 @@ outputs: - /var/log/containers/nova - /var/lib/nova - /var/lib/libvirt + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 9f666577..ae737056 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [NovaConductorBase, role_data, service_name]} config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 0d3d1ec9..715a861b 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConsoleauthPuppetBase: type: ../../puppet/services/nova-consoleauth.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 89ef95ea..543758a1 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaIronicBase, role_data, service_name]} config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaIronicBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaIronicBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini @@ -73,6 +79,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -94,9 +104,9 @@ outputs: - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /run:/run - /dev:/dev - - /etc/iscsi:/etc/iscsi - /var/lib/nova/:/var/lib/nova - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index a5527747..2f3851a5 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -14,7 +14,7 @@ parameters: type: string EnablePackageInstall: default: 'false' - description: Set to true to enable package installation + description: Set to true to enable package installation at deploy time type: boolean ServiceData: default: {} @@ -51,6 +51,12 @@ parameters: description: If set to true and if EnableInternalTLS is enabled, it will set the libvirt URI's transport to tls and configure the relevant keys for libvirt. + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + conditions: @@ -68,6 +74,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -77,6 +86,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -84,19 +94,15 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaLibvirtBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config + puppet_tags: libvirtd_config,nova_config,file,exec step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -111,6 +117,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -129,11 +139,13 @@ outputs: - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova + - /etc/libvirt/secrets:/etc/libvirt/secrets # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt @@ -148,9 +160,14 @@ outputs: path: "{{ item }}" state: directory with_items: + - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: set enable_package_install fact set_fact: enable_package_install: {get_param: EnablePackageInstall} diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml new file mode 100644 index 00000000..385343a0 --- /dev/null +++ b/docker/services/nova-migration-target.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Migration Target service + +parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SshdBase: + type: ../../puppet/services/sshd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaMigrationTargetBase: + type: ../../puppet/services/nova-migration-target.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Migration Target service. + value: + service_name: nova_migration_target + config_settings: + map_merge: + - get_attr: [SshdBase, role_data, config_settings] + - get_attr: [NovaMigrationTargetBase, role_data, config_settings] + - tripleo.nova_migration_target.firewall_rules: + '113 nova_migration_target': + dport: + - {get_param: DockerNovaMigrationSshdPort} + step_config: &step_config + list_join: + - "\n" + - - get_attr: [SshdBase, role_data, step_config] + - get_attr: [NovaMigrationTargetBase, role_data, step_config] + puppet_config: + config_volume: nova_libvirt + step_config: *step_config + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova-migration-target.json: + command: + str_replace: + template: "/usr/sbin/sshd -D -p SSHDPORT" + params: + SSHDPORT: {get_param: DockerNovaMigrationSshdPort} + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: /host-ssh/ssh_host_*_key + dest: /etc/ssh/ + owner: "root" + perm: "0600" + docker_config: + step_4: + nova_migration_target: + image: {get_param: DockerNovaComputeImage} + net: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ssh/:/host-ssh/:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 7350db20..d784ace3 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [NovaPlacementBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaPlacementBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaPlacementBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -100,6 +106,8 @@ outputs: - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaPlacementBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 5c1aa308..8d8a6358 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaSchedulerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaSchedulerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 37831ff7..c5f651d2 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaVncProxyPuppetBase: type: ../../puppet/services/nova-vnc-proxy.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index f5b4baec..86730ebc 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + OctaviaApiPuppetBase: type: ../../puppet/services/octavia-api.yaml properties: @@ -67,7 +70,10 @@ outputs: service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [OctaviaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml index 7d7892dd..6a62f65e 100644 --- a/docker/services/opendaylight-api.yaml +++ b/docker/services/opendaylight-api.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized OpenDaylight API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpendaylightApiImage: description: image - default: 'centos-binary-opendaylight:latest' type: string DockerOpendaylightConfigImage: description: image - default: 'centos-binary-opendaylight:latest' type: string EndpointMap: default: {} @@ -67,20 +61,14 @@ outputs: map_merge: - get_attr: [OpenDaylightBase, role_data, config_settings] step_config: &step_config - list_join: - - "\n" - - - get_attr: [OpenDaylightBase, role_data, step_config] - - "include tripleo::profile::base::neutron::opendaylight::create_cluster" + get_attr: [OpenDaylightBase, role_data, step_config] # BEGIN DOCKER SETTINGS puppet_config: config_volume: opendaylight # 'file,concat,file_line,augeas' are included by default - puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster + puppet_tags: odl_user step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ] + config_image: {get_param: DockerOpendaylightConfigImage} kolla_config: /var/lib/kolla/config_files/opendaylight_api.json: command: /opt/opendaylight/bin/karaf @@ -97,10 +85,7 @@ outputs: step_1: opendaylight_api: start_order: 0 - image: &odl_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ] + image: &odl_api_image {get_param: DockerOpendaylightApiImage} privileged: false net: host detach: true diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index ee8ee124..c6a80efa 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -52,6 +52,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBackupBase: type: ../../../puppet/services/cinder-backup.yaml properties: @@ -82,7 +85,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBackupBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: @@ -139,6 +146,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index d016cf83..3c1b7a74 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -48,6 +48,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../../puppet/services/cinder-volume.yaml properties: @@ -76,7 +79,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: @@ -157,6 +164,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index f38cccfc..f12852f8 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -65,6 +65,17 @@ outputs: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -164,6 +175,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource tags: step2 - service: name=mariadb state=stopped enabled=no + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service + tags: step2 + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index e124b045..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -61,7 +61,13 @@ outputs: redis::notify_service: false redis::managed_by_cluster_manager: true tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -139,6 +145,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service tags: step2 - service: name=redis state=stopped enabled=no + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 86c460fa..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -137,3 +137,25 @@ outputs: - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 19af94b2..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -63,6 +63,14 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} @@ -157,6 +165,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service + tags: step2 + service: name=rabbitmq-server enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index ad2fa0f6..01c17388 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -71,7 +74,10 @@ outputs: - get_attr: [PankoApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [PankoApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index bff2fdac..b0c3736c 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaApiPuppetBase: type: ../../puppet/services/sahara-api.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaApiPuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 01d4bb9c..b1660296 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaEnginePuppetBase: type: ../../puppet/services/sahara-engine.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaEnginePuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 04e58b4a..e879b25d 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -462,6 +462,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index cdcb4d2a..1b7d78ca 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + TackerBase: type: ../../puppet/services/tacker.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [TackerBase, role_data, config_settings] step_config: &step_config - get_attr: [TackerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [TackerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 85a84550..072c6759 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -10,6 +10,10 @@ parameters: DockerZaqarConfigImage: description: The container image to use for the zaqar config_volume type: string + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -36,12 +40,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + internal_tls_enabled: {get_param: EnableInternalTLS} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -51,6 +65,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -59,7 +74,10 @@ outputs: service_name: {get_attr: [ZaqarBase, role_data, service_name]} config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} step_config: &step_config - get_attr: [ZaqarBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ZaqarBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -87,38 +105,75 @@ outputs: owner: zaqar:zaqar recurse: true docker_config: - step_4: - zaqar: - image: &zaqar_image {get_param: DockerZaqarImage} - net: host - privileged: false - restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - zaqar_websocket: - image: *zaqar_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - + if: + - zaqar_management_store_sqlalchemy + - + step_2: + zaqar_init_log: + image: &zaqar_image {get_param: DockerZaqarImage} + user: root + volumes: + - /var/log/containers/zaqar:/var/log/zaqar + command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] + step_3: + zaqar_db_sync: + image: *zaqar_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/log/containers/zaqar:/var/log/zaqar + command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" + - {} + - step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: @@ -128,3 +183,5 @@ outputs: - name: Stop and disable zaqar service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [ZaqarBase, role_data, metadata_settings] diff --git a/environments/ceph-ansible/ceph-ansible.yaml b/environments/ceph-ansible/ceph-ansible.yaml new file mode 100644 index 00000000..2c25828c --- /dev/null +++ b/environments/ceph-ansible/ceph-ansible.yaml @@ -0,0 +1,12 @@ +resource_registry: + OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml + +parameter_defaults: + CinderEnableIscsiBackend: false + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + NovaEnableRbdBackend: true + GlanceBackend: rbd + GnocchiBackend: rbd diff --git a/environments/cinder-dellps-config.yaml b/environments/cinder-dellps-config.yaml index eefd0fd6..f5adbafa 100644 --- a/environments/cinder-dellps-config.yaml +++ b/environments/cinder-dellps-config.yaml @@ -23,6 +23,7 @@ parameter_defaults: CinderDellPsSanIp: '' CinderDellPsSanLogin: '' CinderDellPsSanPassword: '' + CinderDellPsSanPrivateKey: '' CinderDellPsSanThinProvision: true CinderDellPsGroupname: 'group-0' CinderDellPsPool: 'default' diff --git a/environments/contrail/contrail-net-storage-mgmt.yaml b/environments/contrail/contrail-net-storage-mgmt.yaml new file mode 100644 index 00000000..b382732c --- /dev/null +++ b/environments/contrail/contrail-net-storage-mgmt.yaml @@ -0,0 +1,37 @@ +resource_registry: + OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + OS::TripleO::ContrailDpdk::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + +parameter_defaults: + ContrailConfigVIP: 10.0.0.10 + ContrailAnalyticsVIP: 10.0.0.10 + ContrailWebuiVIP: 10.0.0.10 + ContrailVIP: 10.0.0.10 + ControlPlaneSubnetCidr: '24' + ControlPlaneDefaultRoute: 192.168.24.254 + InternalApiNetCidr: 10.3.0.0/24 + InternalApiAllocationPools: [{'start': '10.3.0.10', 'end': '10.3.0.200'}] + InternalApiDefaultRoute: 10.3.0.1 + StorageMgmtNetCidr: 10.0.0.0/24 + StorageMgmtAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.200'}] + StorageMgmtDefaultRoute: 10.0.0.1 + StorageMgmtInterfaceDefaultRoute: 10.0.0.1 + StorageMgmtVirtualIP: 10.0.0.10 + ManagementNetCidr: 10.1.0.0/24 + ManagementAllocationPools: [{'start': '10.1.0.10', 'end': '10.1.0.200'}] + ManagementInterfaceDefaultRoute: 10.1.0.1 + ExternalNetCidr: 10.2.0.0/24 + ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}] + EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud + DnsServers: ["10.87.64.101"] + VrouterPhysicalInterface: eth1 + VrouterGateway: 10.0.0.1 + VrouterNetmask: 255.255.255.0 + ControlVirtualInterface: eth0 + PublicVirtualInterface: vlan10 +# VlanParentInterface: eth1 # If VrouterPhysicalInterface is a vlan interface using vlanX notation diff --git a/environments/contrail/contrail-net.yaml b/environments/contrail/contrail-net.yaml index cca9beac..a1862c36 100644 --- a/environments/contrail/contrail-net.yaml +++ b/environments/contrail/contrail-net.yaml @@ -1,10 +1,10 @@ resource_registry: - OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute.yaml - OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config-compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailController::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailTsn::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config-compute.yaml parameter_defaults: ControlPlaneSubnetCidr: '24' @@ -18,9 +18,16 @@ parameter_defaults: ExternalNetCidr: 10.2.0.0/24 ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}] EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud - DnsServers: ["8.8.8.8","8.8.4.4"] - VrouterPhysicalInterface: eth1 - VrouterGateway: 10.0.0.1 - VrouterNetmask: 255.255.255.0 + DnsServers: ["8.8.8.8"] + NtpServer: 10.0.0.1 + ContrailVrouterPhysicalInterface: eth1 + ContrailVrouterGateway: 10.0.0.1 + ContrailVrouterNetmask: 255.255.255.0 ControlVirtualInterface: eth0 PublicVirtualInterface: vlan10 +## If vhost0 is linked to a vlan interface: +# ContrailVlanParentInterface: eth1 # If VrouterPhysicalInterface is a vlan interface using vlanX notation +## If vhost0 is linked to a bonded vlan interface: +# ContrailVlanParentInterface: bond0 +# ContrailBondInterface: bond0 +# ContrailBondInterfaceMembers: 'eth1,eth2' diff --git a/environments/contrail/contrail-services.yaml b/environments/contrail/contrail-services.yaml index 80ef9d3a..1cf4bc0a 100644 --- a/environments/contrail/contrail-services.yaml +++ b/environments/contrail/contrail-services.yaml @@ -8,7 +8,6 @@ resource_registry: OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginContrail OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginContrail - OS::TripleO::NodeUserData: ../../firstboot/install_vrouter_kmod.yaml OS::TripleO::Services::ContrailHeat: ../../puppet/services/network/contrail-heat.yaml OS::TripleO::Services::ContrailAnalytics: ../../puppet/services/network/contrail-analytics.yaml OS::TripleO::Services::ContrailAnalyticsDatabase: ../../puppet/services/network/contrail-analytics-database.yaml @@ -17,10 +16,26 @@ resource_registry: OS::TripleO::Services::ContrailDatabase: ../../puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebUI: ../../puppet/services/network/contrail-webui.yaml OS::TripleO::Services::ContrailTsn: ../../puppet/services/network/contrail-tsn.yaml + OS::TripleO::Services::ContrailDpdk: ../../puppet/services/network/contrail-dpdk.yaml OS::TripleO::Services::ComputeNeutronCorePluginContrail: ../../puppet/services/network/contrail-vrouter.yaml OS::TripleO::Services::NeutronCorePluginContrail: ../../puppet/services/network/contrail-neutron-plugin.yaml + OS::TripleO::NodeUserData: ../../extraconfig/all_nodes/contrail/enable_contrail_repo.yaml + OS::TripleO::ContrailTsn::PreNetworkConfig: ../../extraconfig/pre_network/contrail/compute_pre_network.yaml + OS::TripleO::ContrailDpdk::PreNetworkConfig: ../../extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml + OS::TripleO::Compute::PreNetworkConfig: ../../extraconfig/pre_network/contrail/compute_pre_network.yaml parameter_defaults: - ContrailRepo: http://192.168.24.1/contrail-3.2.0.0-19 + ServiceNetMap: + ContrailAnalyticsNetwork: internal_api + ContrailAnalyticsDatabaseNetwork: internal_api + ContrailConfigNetwork: internal_api + ContrailControlNetwork: internal_api + ContrailDatabaseNetwork: internal_api + ContrailWebuiNetwork: internal_api + ContrailTsnNetwork: internal_api + ContrailVrouterNetwork: internal_api + ContrailDpdkNetwork: internal_api + ContrailRepo: http://192.168.24.1/contrail + ContrailControlManageNamed: true EnablePackageInstall: true # ContrailConfigIfmapUserName: api-server # ContrailConfigIfmapUserPassword: api-server @@ -30,16 +45,16 @@ parameter_defaults: OvercloudContrailAnalyticsDatabaseFlavor: contrail-analytics-database OvercloudContrailTsnFlavor: contrail-tsn OvercloudComputeFlavor: compute + OvercloudContrailDpdkFlavor: compute-dpdk ControllerCount: 3 ContrailControllerCount: 3 ContrailAnalyticsCount: 3 ContrailAnalyticsDatabaseCount: 3 - ContrailTsnCount: 1 + ContrailTsnCount: 0 ComputeCount: 3 - DnsServers: ["8.8.8.8","8.8.4.4"] - NtpServer: 10.0.0.1 + ContrailDpdkCount: 0 NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 - NeutronServicePlugins: '' + NeutronServicePlugins: 'neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2' NeutronTunnelTypes: '' # NeutronMetadataProxySharedSecret: # ContrailControlRNDCSecret: # sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index d6d6f291..eae809a5 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -109,6 +109,7 @@ - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::Etcd - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: Compute CountDefault: 1 @@ -125,6 +126,7 @@ - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -138,6 +140,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: BlockStorage ServicesDefault: @@ -205,6 +208,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: ContrailAnalytics ServicesDefault: @@ -244,3 +248,16 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + +- name: ContrailDpdk + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::ContrailTsn + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient diff --git a/environments/deployed-server-deployed-neutron-ports.yaml b/environments/deployed-server-deployed-neutron-ports.yaml new file mode 100644 index 00000000..1464f4be --- /dev/null +++ b/environments/deployed-server-deployed-neutron-ports.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml + diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml index d94ac6d7..47f8e528 100644 --- a/environments/docker-centos-tripleoupstream.yaml +++ b/environments/docker-centos-tripleoupstream.yaml @@ -59,6 +59,7 @@ parameter_defaults: DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest + DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest @@ -99,6 +100,8 @@ parameter_defaults: DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest + DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest + DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 442262b3..474e9966 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -3,9 +3,6 @@ # ...deploy..-e docker.yaml -e docker-ha.yaml resource_registry: # Pacemaker runs on the host - OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml @@ -13,8 +10,9 @@ resource_registry: OS::TripleO::Services::Keepalived: OS::Heat::None # HA Containers managed by pacemaker - OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml - OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml + # FIXME: enable those Cinder services once their non-HA counterpart are enabled + # OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml + # OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 8d304494..57cf2c5e 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -6,6 +6,8 @@ resource_registry: OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # The compute node still needs extra initialization steps OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml # NOTE: add roles to be docker enabled as we support them. OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml @@ -20,13 +22,16 @@ resource_registry: OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml - OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml - OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 52b2dc05..336a0b3c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -22,6 +22,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml @@ -31,8 +32,8 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml - OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml @@ -50,7 +51,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml - OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml index d5f69ec5..c16627db 100644 --- a/environments/host-config-and-reboot.j2.yaml +++ b/environments/host-config-and-reboot.j2.yaml @@ -11,8 +11,8 @@ resource_registry: #ComputeParameters: #KernelArgs: "" #TunedProfileName: "" - #HostIsolatedCoreList: "" + #IsolCpusList: "" #ComputeOvsDpdkParameters: - #KernelArgs: "" - #TunedProfileName: "" - #HostIsolatedCoreList: "" + #KernelArgs: "intel_iommu=on iommu=pt default_hugepagesz=1GB hugepagesz=1G hugepages=60" + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 05a3a391..834c4f10 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -16,6 +16,7 @@ parameter_defaults: - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -25,6 +26,7 @@ parameter_defaults: - OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Tuned - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient @@ -37,3 +39,4 @@ parameter_defaults: - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::OVNController diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 6a7318fc..1b792afd 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -17,7 +17,7 @@ resource_registry: {%- endfor %} # Port assignments for the VIPs - {%- for network in networks if network.vip %} + {%- for network in networks if network.vip and network.enabled|default(true) %} OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml index c592d576..a9f732b2 100644 --- a/environments/neutron-ml2-ovn-ha.yaml +++ b/environments/neutron-ml2-ovn-ha.yaml @@ -2,14 +2,15 @@ # extensions, configured via puppet resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 7483bdbb..7322b05c 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -1,15 +1,16 @@ # A Heat environment file which can be used to enable OVN # extensions, configured via puppet resource_registry: - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None - OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml index 9ee4eb7e..d675252d 100644 --- a/environments/neutron-opendaylight-dpdk.yaml +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -12,15 +12,23 @@ parameter_defaults: NeutronMechanismDrivers: 'opendaylight_v2' NeutronServicePlugins: 'odl-router_v2' NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" - ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. - ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. - ## This can be done using ComputeKernelArgs as shown below. - ComputeParameters: - #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + + ComputeOvsDpdkParameters: + OvsEnableDpdk: True + + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments ## due to CPU contention of DPDK PMD threads. - OvsEnableDpdk: True - ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. # It is recommended to use the socket closest to the PCIe slot used for the # desired DPDK NIC. Format should be comma separated per socket string such as: diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index ecfd0fea..029a198e 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -1,25 +1,32 @@ # A Heat environment that can be used to deploy DPDK with OVS # Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../puppet/services/neutron-ovs-dpdk-agent.yaml parameter_defaults: NeutronDatapathType: "netdev" NeutronVhostuserSocketDir: "/var/lib/vhost_sockets" NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" - ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. - ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. - ## This can be done using ComputeKernelArgs as shown below. - #ComputeParameters: - #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + OvsDpdkDriverType: "vfio-pci" + + #ComputeOvsDpdkParameters: + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments ## due to CPU contention of DPDK PMD threads. - ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. # It is recommended to use the socket closest to the PCIe slot used for the # desired DPDK NIC. Format should be comma separated per socket string such as: # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". - #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver. #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC # location to cores on socket, number of hyper-threaded logical cores, and # desired number of PMD threads can all play a role in configuring this setting. diff --git a/environments/overcloud-baremetal.j2.yaml b/environments/overcloud-baremetal.j2.yaml index 8d7bc8d9..93191a7b 100644 --- a/environments/overcloud-baremetal.j2.yaml +++ b/environments/overcloud-baremetal.j2.yaml @@ -11,10 +11,3 @@ parameter_defaults: {% for role in roles %} {{role.name}}Services: [] {% endfor %} - - # Consistent Hostname format - ControllerHostnameFormat: overcloud-controller-%index% - ComputeHostnameFormat: overcloud-novacompute-%index% - ObjectStorageHostnameFormat: overcloud-objectstorage-%index% - CephStorageHostnameFormat: overcloud-cephstorage-%index% - BlockStorageHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/overcloud-services.yaml b/environments/overcloud-services.yaml index 1d01cb3c..ac1c69f0 100644 --- a/environments/overcloud-services.yaml +++ b/environments/overcloud-services.yaml @@ -1,10 +1,2 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml - -parameter_defaults: - # Consistent Hostname format - ControllerDeployedServerHostnameFormat: overcloud-controller-%index% - ComputeDeployedServerHostnameFormat: overcloud-novacompute-%index% - ObjectStorageDeployedServerHostnameFormat: overcloud-objectstorage-%index% - CephStorageDeployedServerHostnameFormat: overcloud-cephstorage-%index% - BlockStorageDeployedServerHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml new file mode 100644 index 00000000..aacb677a --- /dev/null +++ b/environments/predictable-placement/custom-domain.yaml @@ -0,0 +1,35 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Custom Domain Name +# description: | +# This environment contains the parameters that need to be set in order to +# use a custom domain name and have all of the various FQDNs reflect it. +parameter_defaults: + # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. + # Type: string + CloudDomain: localdomain + + # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + # Type: string + CloudName: overcloud.localdomain + + # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. + # Type: string + CloudNameCtlplane: overcloud.ctlplane.localdomain + + # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'. + # Type: string + CloudNameInternal: overcloud.internalapi.localdomain + + # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'. + # Type: string + CloudNameStorage: overcloud.storage.localdomain + + # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'. + # Type: string + CloudNameStorageManagement: overcloud.storagemgmt.localdomain + diff --git a/environments/puppet-ceph.yaml b/environments/puppet-ceph.yaml index 57af540a..2b4dfa05 100644 --- a/environments/puppet-ceph.yaml +++ b/environments/puppet-ceph.yaml @@ -1,3 +1,7 @@ +# **************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/storage/enable-ceph.yaml +# instead. +# **************************************************************************** resource_registry: OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml index b677a4f6..f0c671f6 100644 --- a/environments/services-docker/octavia.yaml +++ b/environments/services-docker/octavia.yaml @@ -3,3 +3,8 @@ resource_registry: OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml + +parameter_defaults: + NeutronServicePlugins: "qos,router,trunk,lbaasv2" + NeutronEnableForceMetadata: true + diff --git a/environments/split-stack-consistent-hostname-format.j2.yaml b/environments/split-stack-consistent-hostname-format.j2.yaml new file mode 100644 index 00000000..8345c108 --- /dev/null +++ b/environments/split-stack-consistent-hostname-format.j2.yaml @@ -0,0 +1,5 @@ +parameter_defaults: + # Consistent Hostname format +{% for role in roles %} + {{role.name}}HostnameFormat: overcloud-{{role.name.lower()}}-%index% +{% endfor %} diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml index 216afece..3b3ddc16 100644 --- a/environments/ssl/tls-endpoints-public-dns.yaml +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml index d216ab7f..bca6a891 100644 --- a/environments/ssl/tls-endpoints-public-ip.yaml +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml index 63157ddd..e3fe608b 100644 --- a/environments/ssl/tls-everywhere-endpoints-dns.yaml +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/storage/enable-ceph.yaml b/environments/storage/enable-ceph.yaml index c629f74b..596ec16e 100644 --- a/environments/storage/enable-ceph.yaml +++ b/environments/storage/enable-ceph.yaml @@ -33,3 +33,7 @@ parameter_defaults: # Type: boolean NovaEnableRbdBackend: True +resource_registry: + OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 83b32495..38942899 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -24,39 +24,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 8e502972..b6613f42 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -24,39 +24,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 84cabf10..074fae73 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,39 +20,6 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 559d81df..4bc16f8c 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -20,3 +20,5 @@ parameter_defaults: HeatMaxJsonBodySize: 2097152 IronicInspectorInterface: br-ctlplane IronicInspectorIpRange: '192.168.24.100,192.168.24.200' + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy' diff --git a/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml new file mode 100644 index 00000000..eaa6cf7f --- /dev/null +++ b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Veritas HyperScale backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendVRTSHyperScale: ../../puppet/services/cinder-backend-veritas-hyperscale.yaml diff --git a/environments/veritas-hyperscale/veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml new file mode 100644 index 00000000..f6633539 --- /dev/null +++ b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to install +# Veritas HyperScale packages for controller. +resource_registry: + OS::TripleO::Services::VRTSHyperScale: ../../puppet/services/veritas-hyperscale-controller.yaml + +parameter_defaults: + EnablePackageInstall: true + VrtsRabbitPassword: '' + VrtsKeystonePassword: '' + VrtsMysqlPassword: '' + VrtsCtrlMgmtIP: '' + VrtsDashboardIP: '' + VrtsZookeeperIP: '' + VrtsSSHPassword: '' + VrtsConfigParam1: '' + VrtsConfigParam2: '' + VrtsConfigParam3: '' diff --git a/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml b/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml new file mode 100644 index 00000000..51da6f65 --- /dev/null +++ b/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml @@ -0,0 +1,43 @@ +heat_template_version: pike + +parameters: + ContrailRepo: + type: string + default: '' + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: EnableContrailRepoConfig} + + EnableContrailRepoConfig: + type: OS::Heat::SoftwareConfig + properties: + config: + str_replace: + template: | + #!/bin/bash + contrail_repo=$contrail_repo + if [[ ${contrail_repo} ]]; then + cat <<EOF > /etc/yum.repos.d/contrail.repo + [Contrail] + name=Contrail Repo + baseurl=${contrail_repo} + enabled=1 + gpgcheck=0 + protect=1 + metadata_expire=30 + EOF + fi + params: + $contrail_repo: {get_param: ContrailRepo} + +outputs: + # This means get_resource from the parent template will get the userdata, see: + # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent + # Note this is new-for-kilo, an alternative is returning a value then using + # get_attr in the parent template instead. + OS::stack_id: + value: {get_resource: userdata} diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.yaml index 59b8e7f5..cdd4341a 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.yaml @@ -32,8 +32,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string resources: diff --git a/extraconfig/post_deploy/example_run_on_update.yaml b/extraconfig/post_deploy/example_run_on_update.yaml index 346a1d77..4e378b14 100644 --- a/extraconfig/post_deploy/example_run_on_update.yaml +++ b/extraconfig/post_deploy/example_run_on_update.yaml @@ -14,6 +14,9 @@ parameters: # otherwise unchanged DeployIdentifier: type: string + default: '' + description: > + Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. resources: diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml new file mode 100644 index 00000000..69e89f87 --- /dev/null +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -0,0 +1,162 @@ +heat_template_version: pike + +# NOTE: You don't need to pass the parameter explicitly from the +# parent template, it can be specified via the parameter_defaults +# in the resource_registry instead, if you want to override the default +# and/or share values with other templates in the tree. +parameters: + ContrailRepo: + type: string + default: '' + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVlanParentInterface: + default: '' + description: Parent interface of vlan interface + type: string + ContrailBondInterface: + default: '' + description: Bond interface name + type: string + ContrailBondInterfaceMembers: + default: '' + description: Bond interface members + type: string + ContrailBondMode: + default: '4' + description: Bond Mode + type: string + ContrailBondPolicy: + default: '1' + description: Bond Policy + type: string + RoleParameters: + type: json + description: Parameters specific to the role + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + server: + type: string + +description: > + This template installs the Contrail kernel module packages in order + to bring vhost0 interface up. Vhost0 interface must be up before + os-net-config takes over. + +resources: + + ContrailVrouterModuleDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: ContrailVrouterModuleDeployment + server: {get_param: server} + config: {get_resource: ContrailVrouterModuleConfig} + input_values: + phy_int: {get_param: ContrailVrouterPhysicalInterface} + bond_int: {get_param: ContrailBondInterface} + bond_int_members: {get_param: ContrailBondInterfaceMembers} + vlan_parent: {get_param: ContrailVlanParentInterface} + contrail_repo: {get_param: ContrailRepo} + bond_mode: {get_param: ContrailBondMode} + bond_policy: {get_param: ContrailBondPolicy} + actions: ['CREATE'] # Only do this on CREATE + + ContrailVrouterModuleConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: phy_int + - name: bond_int + - name: bond_int_members + - name: vlan_parent + - name: contrail_repo + - name: bond_mode + - name: bond_policy + config: | + #!/bin/bash + phy_int=$phy_int + bond_int=$bond_int + bond_int_members=$bond_int_members + bond_mode=$bond_mode + bond_policy=$bond_policy + vlan_parent=$vlan_parent + contrail_repo=$contrail_repo + if [[ ${contrail_repo} ]]; then + yum install -y contrail-vrouter-utils + fi + function pkt_setup () { + for f in /sys/class/net/$1/queues/rx-* + do + q="$(echo $f | cut -d '-' -f2)" + r=$(($q%32)) + s=$(($q/32)) + ((mask=1<<$r)) + str=(`printf "%x" $mask`) + if [ $s -gt 0 ]; then + for ((i=0; i < $s; i++)) + do + str+=,00000000 + done + fi + echo $str > $f/rps_cpus + done + ifconfig $1 up + } + function insert_vrouter() { + if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then + pkt_setup pkt1 + fi + if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then + pkt_setup pkt2 + fi + if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then + pkt_setup pkt3 + fi + DEV_MAC=$(cat /sys/class/net/${phy_int}/address) + vif --create vhost0 --mac $DEV_MAC + vif --add ${phy_int} --mac $DEV_MAC --vrf 0 --vhost-phys --type physical + vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect ${phy_int} + ip link set vhost0 up + return 0 + } + if [[ ${bond_int} ]]; then + bond_int_member_list=$(echo ${bond_int_members} | tr "," "\n") + ip link add name ${bond_int} type bond + echo ${bond_mode} > /sys/class/net/${bond_int}/bonding/mode + echo ${bond_policy} > /sys/class/net/${bond_int}/bonding/xmit_hash_policy + for member in ${bond_int_member_list}; do + ip link set dev $member master ${bond_int} + done + fi + if [[ ${vlan_parent} ]]; then + vlanId=`echo ${phy_int} | awk -F"vlan" '{print $2}'` + ip link add name ${phy_int} link ${vlan_parent} type vlan id ${vlanId} + fi + if [[ ${contrail_repo} ]]; then + yumdownloader contrail-vrouter --destdir /tmp + cd /tmp + rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv + cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp + insmod /tmp/vrouter.ko + else + modprobe vrouter + fi + insert_vrouter + if [[ `ifconfig ${phy_int} |grep "inet "` ]]; then + def_gw='' + if [[ `ip route show |grep default|grep ${phy_int}` ]]; then + def_gw=`ip route show |grep default|grep ${phy_int}|awk '{print $3}'` + fi + ip=`ifconfig ${phy_int} |grep "inet "|awk '{print $2}'` + mask=`ifconfig ${phy_int} |grep "inet "|awk '{print $4}'` + ip address delete $ip/$mask dev ${phy_int} + ip address add $ip/$mask dev vhost0 + if [[ $def_gw ]]; then + ip route add default via $def_gw + fi + fi diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml new file mode 100644 index 00000000..4b3c673c --- /dev/null +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -0,0 +1,168 @@ +heat_template_version: pike + +# NOTE: You don't need to pass the parameter explicitly from the +# parent template, it can be specified via the parameter_defaults +# in the resource_registry instead, if you want to override the default +# and/or share values with other templates in the tree. +parameters: + ContrailRepo: + type: string + default: '' + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVlanParentInterface: + default: '' + description: Parent interface of vlan interface + type: string + ContrailBondInterface: + default: '' + description: Bond interface name + type: string + ContrailBondInterfaceMembers: + default: '' + description: Bond interface members + type: string + ContrailBondMode: + default: '4' + description: Bond Mode + type: string + ContrailBondPolicy: + default: '1' + description: Bond Policy + type: string + ContrailDpdkHugePages: + default: '2048' + description: DPDK Hugepages setting + type: string + RoleParameters: + type: json + description: Parameters specific to the role + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + server: + type: string + +description: > + This template installs the Contrail dpdk packages in order + to bring vhost0 interface up. Vhost0 interface must be up before + os-net-config takes over. + +resources: + + ContrailVrouterDpdkDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: ContrailVrouterDpdkDeployment + server: {get_param: server} + config: {get_resource: ContrailVrouterDpdkConfig} + input_values: + phy_int: {get_param: ContrailVrouterPhysicalInterface} + bond_int: {get_param: ContrailBondInterface} + bond_int_members: {get_param: ContrailBondInterfaceMembers} + vlan_parent: {get_param: ContrailVlanParentInterface} + contrail_repo: {get_param: ContrailRepo} + bond_mode: {get_param: ContrailBondMode} + bond_policy: {get_param: ContrailBondPolicy} + dpdk_hugepages: {get_param: ContrailDpdkHugePages} + actions: ['CREATE'] # Only do this on CREATE + + ContrailVrouterDpdkConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + phy_int=$phy_int + bond_int=$bond_int + bond_int_members=$bond_int_members + bond_mode=$bond_mode + bond_policy=$bond_policy + vlan_parent=$vlan_parent + contrail_repo=$contrail_repo + dpdk_hugepages=$dpdk_hugepages + echo "vm.nr_hugepages = $dpdk_hugepages" >> /etc/sysctl.conf + echo "vm.max_map_count = 128960" >> /etc/sysctl.conf + echo "kernel.core_pattern = /var/crashes/core.%e.%p.%h.%t" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_time = 5" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_probes = 5" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_intvl = 1" >> /etc/sysctl.conf + /sbin/sysctl --system + modprobe uio + if [[ ${contrail_repo} ]]; then + yum install -y contrail-vrouter-utils contrail-vrouter-dpdk contrail-vrouter-dpdk-init + fi + pci_address=`ethtool -i ${phy_int} |grep bus-info| awk '{print $2}' |tr -d ' '` + if [[ ${vlan_parent} ]]; then + pci_address=`ethtool -i ${vlan_parent} |grep bus-info| awk '{print $2}' |tr -d ' '` + fi + if [[ ${bond_int} ]]; then + bond_int_member_list=$(echo ${bond_int_members} | tr "," "\n") + cat <<EOF> /etc/sysconfig/network-scripts/ifcfg-${bond_int} + DEVICE=${bond_int} + BOOTPROTO=none + ONBOOT=yes + USERCTL=no + BONDING_OPTS="mode=${bond_mode} xmit_hash_policy=${bond_policy}" + EOF + for member in ${bond_int_member_list}; do + cat <<EOF> /etc/sysconfig/network-scripts/ifcfg-${member} + DEVICE=${member} + BOOTPROTO=none + ONBOOT=yes + MASTER=${bond_int} + SLAVE=yes + USERCTL=no + EOF + ip link set dev ${member} down + done + ifup ${bond_int} + pci_address=0000:00:00.0 + fi + if [[ ${vlan_parent} ]]; then + echo ${vlan_parent} >> /tmp/vlan_parent + vlanId=`echo ${phy_int} | awk -F"vlan" '{print $2}'` + ip link add name ${phy_int} link ${vlan_parent} type vlan id ${vlanId} + fi + cat <<EOF > /etc/contrail/agent_param + LOG=/var/log/contrail.log + CONFIG=/etc/contrail/contrail-vrouter-agent.conf + prog=/usr/bin/contrail-vrouter-agent + pname=contrail-vrouter-agent + LIBDIR=/usr/lib64 + DEVICE=vhost0 + dev=${phy_int} + vgw_subnet_ip=__VGW_SUBNET_IP__ + vgw_intf=__VGW_INTF_LIST__ + LOGFILE=--log-file=/var/log/contrail/vrouter.log + EOF + mac=`ip link sh dev ${phy_int} | grep link/ether|awk '{print $2}' | tr -d ' '` + cat <<EOF > /etc/contrail/contrail-vrouter-agent.conf + [DEFAULT] + platform=dpdk + physical_interface_address=$pci_address + physical_interface_mac=$mac + physical_uio_driver=uio_pci_generic + [VIRTUAL-HOST-INTERFACE] + physical_interface=${phy_int} + name=vhost0 + EOF + echo $pci_address > /etc/contrail/dpdk_pci + echo $mac > /etc/contrail/dpdk_mac + systemctl start supervisor-vrouter + if [[ `ifconfig ${phy_int} |grep "inet "` ]]; then + def_gw='' + if [[ `ip route show |grep default|grep ${phy_int}` ]]; then + def_gw=`ip route show |grep default|grep ${phy_int}|awk '{print $3}'` + fi + ip=`ifconfig ${phy_int} |grep "inet "|awk '{print $2}'` + mask=`ifconfig ${phy_int} |grep "inet "|awk '{print $4}'` + ip address delete $ip/$mask dev ${phy_int} + ip address add $ip/$mask dev vhost0 + if [[ $def_gw ]]; then + ip route add default via $def_gw + fi + fi diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 31d0c1e0..87dbeaec 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -9,17 +9,11 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list default: [] - IsolCpusList: - default: "0" - description: List of cores to be isolated by tuned - type: string - constraints: - - allowed_pattern: "[0-9,-]+" OvsEnableDpdk: default: false description: Whether or not to configure enable DPDK in OVS @@ -47,12 +41,6 @@ parameters: mem>, <socket n mem>", where the value is specified in MB. For example: "1024,0". type: string - OvsDpdkDriverType: - default: "vfio-pci" - description: > - DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports - this UIO/PMD driver. - type: string OvsPmdCoreList: description: > A list or range of CPU cores for PMD threads to be pinned to. Note, NIC @@ -67,6 +55,21 @@ parameters: - allowed_pattern: "[0-9,-]*" type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + EnableDpdkDeploymentActions: + default: ['CREATE'] + type: comma_delimited_list + description: > + Exposing the DPDK deployment action, it may be required to run DPDK + config during an upgrade. By default DPDK will be enabled during the + CREATE action only. But on cases when it requires for certain migration, + it may be required to run it for UPDATE action too. # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Queens cycle. HostCpusList: @@ -91,29 +94,16 @@ parameters: default: '' description: Memory allocated for each socket type: string - NeutronDpdkDriverType: - default: "vfio-pci" - description: DPDK Driver type - type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} - # YAQL is enabled in conditions with https://review.openstack.org/#/c/467506/ is_dpdk_config_required: or: - yaql: - expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') - data: - service_names: {get_param: ServiceNames} - - {get_param: OvsEnableDpdk} - - {get_param: [RoleParameters, OvsEnableDpdk]} + expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') + data: + service_names: {get_param: ServiceNames} + - {equals: [{get_param: [RoleParameters, OvsEnableDpdk]}, true]} is_reboot_config_required: or: - is_host_config_required @@ -122,8 +112,6 @@ conditions: pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} - driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} - isol_cpus_empty: {equals: [{get_param: IsolCpusList}, '0']} deployment_actions_empty: equals: - {get_param: deployment_actions} @@ -137,19 +125,15 @@ resources: value: map_replace: - map_replace: - - IsolCpusList: IsolCpusList - OvsDpdkCoreList: OvsDpdkCoreList + - OvsDpdkCoreList: OvsDpdkCoreList OvsDpdkMemoryChannels: OvsDpdkMemoryChannels OvsDpdkSocketMemory: OvsDpdkSocketMemory - OvsDpdkDriverType: OvsDpdkDriverType - OvsPmdCoreList: OvsDpdkCoreList + OvsPmdCoreList: OvsPmdCoreList - values: {get_param: [RoleParameters]} - values: - IsolCpusList: {if: [isol_cpus_empty, {get_param: HostCpusList}, {get_param: IsolCpusList}]} OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} - OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} HostParametersConfig: @@ -183,6 +167,40 @@ resources: _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: is_reboot_config_required + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: HostParametersDeployment + condition: is_reboot_config_required + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + + # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk + # immediately after setting dpdk-init (behaviour change from ovs2.6). + # Starting of DPDK require the huge page configuration to be enabled. So + # reboot will happen before DPDK config and we don't need an explicity + # restart after dpdk-init as true because of the behavior change. + # TODO(skramaja): Dependency is that till the service file workaround, is + # maintained, restart of ovs is required. EnableDpdkConfig: type: OS::Heat::SoftwareConfig condition: is_dpdk_config_required @@ -218,6 +236,8 @@ resources: sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path fi + systemctl daemon-reload + systemctl restart openvswitch # DO NOT use --detailed-exitcodes puppet apply --logdest console \ @@ -239,38 +259,16 @@ resources: EnableDpdkDeployment: type: OS::Heat::SoftwareDeployment condition: is_dpdk_config_required + depends_on: RebootDeployment properties: name: EnableDpdkDeployment server: {get_param: server} config: {get_resource: EnableDpdkConfig} - actions: ['CREATE'] # Only do this on CREATE - - RebootConfig: - type: OS::Heat::SoftwareConfig - condition: is_reboot_config_required - properties: - group: script - config: | - #!/bin/bash - # Stop os-collect-config to avoid any race collecting another - # deployment before reboot happens - systemctl stop os-collect-config.service - /sbin/reboot - - RebootDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: HostParametersDeployment - condition: is_reboot_config_required - properties: - name: RebootDeployment - server: {get_param: server} - config: {get_resource: RebootConfig} actions: if: - deployment_actions_empty - [] - - ['CREATE'] # Only do this on CREATE - signal_transport: NO_SIGNAL + - {get_param: EnableDpdkDeploymentActions} outputs: result: diff --git a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml index 6bf5afb0..4d34aedf 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml @@ -27,6 +27,7 @@ resources: {{role.name}}PostPuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: + name: {{role.name}}PostPuppetMaintenanceModeDeployment servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml index 203ca1f8..102be8a8 100644 --- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -23,6 +23,7 @@ resources: ControllerPostPuppetRestartDeployment: type: OS::Heat::SoftwareDeployments properties: + name: ControllerPostPuppetRestartDeployment servers: {get_param: servers} config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index 02fdbf1c..ee06f0a9 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -36,6 +36,7 @@ resources: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} actions: {get_param: deployment_actions} + name: SshHostPubKeyDeployment outputs: diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index 1114897f..af49d49d 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -51,6 +51,10 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute yum install -y openstack-nova-migration + # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd + log_debug "Stop and disable libvirtd service for upgrade to containers" + systemctl stop libvirtd + systemctl disable libvirtd fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/firstboot/install_vrouter_kmod.yaml b/firstboot/install_vrouter_kmod.yaml deleted file mode 100644 index 65e93fe3..00000000 --- a/firstboot/install_vrouter_kmod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -heat_template_version: pike - -parameters: - ContrailRepo: - type: string - default: http://192.168.24.1/contrail - VrouterPhysicalInterface: - default: 'eth0' - description: vRouter physical interface - type: string - -description: > - Prepares vhost0 interface to be used by os-net-config - -resources: - userdata: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: vrouter_module_config} - - vrouter_module_config: - type: OS::Heat::SoftwareConfig - properties: - config: - str_replace: - template: | - #!/bin/bash - sed -i '/\[main\]/a \ \ \ \ \parser = future' /etc/puppet/puppet.conf - cat <<EOF > /etc/yum.repos.d/contrail.repo - [Contrail] - name=Contrail Repo - baseurl=$contrail_repo - enabled=1 - gpgcheck=0 - protect=1 - EOF - if [[ `hostname |awk -F"-" '{print $2}'` == "novacompute" || `hostname |awk -F"-" '{print $2}'` == "contrailtsn" ]]; then - yum install -y contrail-vrouter-utils - function pkt_setup () { - for f in /sys/class/net/$1/queues/rx-* - do - q="$(echo $f | cut -d '-' -f2)" - r=$(($q%32)) - s=$(($q/32)) - ((mask=1<<$r)) - str=(`printf "%x" $mask`) - if [ $s -gt 0 ]; then - for ((i=0; i < $s; i++)) - do - str+=,00000000 - done - fi - echo $str > $f/rps_cpus - done - ifconfig $1 up - } - function insert_vrouter() { - insmod /tmp/vrouter.ko - if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then - pkt_setup pkt1 - fi - if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then - pkt_setup pkt2 - fi - if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then - pkt_setup pkt3 - fi - DEV_MAC=$(cat /sys/class/net/$phy_int/address) - vif --create vhost0 --mac $DEV_MAC - vif --add $phy_int --mac $DEV_MAC --vrf 0 --vhost-phys --type physical - vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect $phy_int - ip link set vhost0 up - return 0 - } - yumdownloader contrail-vrouter --destdir /tmp - cd /tmp - rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv - cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp - insert_vrouter - if [[ `ifconfig $dev |grep "inet "` ]]; then - def_gw='' - if [[ `ip route show |grep default|grep $dev` ]]; then - def_gw=`ip route show |grep default|grep $dev|awk '{print $3}'` - fi - ip=`ifconfig $dev |grep "inet "|awk '{print $2}'` - mask=`ifconfig $dev |grep "inet "|awk '{print $4}'` - ip address delete $ip/$mask dev $dev - ip address add $ip/$mask dev vhost0 - if [[ $def_gw ]]; then - ip route add default via $def_gw - fi - fi - fi - params: - $phy_int: {get_param: VrouterPhysicalInterface} - $contrail_repo: {get_param: ContrailRepo} - -outputs: - # This means get_resource from the parent template will get the userdata, see: - # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent - # Note this is new-for-kilo, an alternative is returning a value then using - # get_attr in the parent template instead. - OS::stack_id: - value: {get_resource: userdata} diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 063e63d4..356068fc 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -8,3 +8,39 @@ name: - puppet/blockstorage-role.yaml - puppet/objectstorage-role.yaml - puppet/cephstorage-role.yaml + - network/internal_api.yaml + - network/external.yaml + - network/storage.yaml + - network/storage_mgmt.yaml + - network/tenant.yaml + - network/management.yaml + - network/internal_api_v6.yaml + - network/external_v6.yaml + - network/storage_v6.yaml + - network/storage_mgmt_v6.yaml + - network/tenant_v6.yaml + - network/management_v6.yaml + - network/ports/internal_api.yaml + - network/ports/external.yaml + - network/ports/storage.yaml + - network/ports/storage_mgmt.yaml + - network/ports/tenant.yaml + - network/ports/management.yaml + - network/ports/internal_api_v6.yaml + - network/ports/external_v6.yaml + - network/ports/storage_v6.yaml + - network/ports/storage_mgmt_v6.yaml + - network/ports/tenant_v6.yaml + - network/ports/management_v6.yaml + - network/ports/internal_api_from_pool.yaml + - network/ports/external_from_pool.yaml + - network/ports/storage_from_pool.yaml + - network/ports/storage_mgmt_from_pool.yaml + - network/ports/tenant_from_pool.yaml + - network/ports/management_from_pool.yaml + - network/ports/internal_api_from_pool_v6.yaml + - network/ports/external_from_pool_v6.yaml + - network/ports/storage_from_pool_v6.yaml + - network/ports/storage_mgmt_from_pool_v6.yaml + - network/ports/tenant_from_pool_v6.yaml + - network/ports/management_from_pool_v6.yaml diff --git a/environments/contrail/contrail-nic-config-compute.yaml b/network/config/contrail/contrail-nic-config-compute.yaml index a5f0ecab..a5f0ecab 100644 --- a/environments/contrail/contrail-nic-config-compute.yaml +++ b/network/config/contrail/contrail-nic-config-compute.yaml diff --git a/network/config/contrail/contrail-nic-config.yaml b/network/config/contrail/contrail-nic-config.yaml new file mode 100644 index 00000000..595f34d1 --- /dev/null +++ b/network/config/contrail/contrail-nic-config.yaml @@ -0,0 +1,164 @@ +heat_template_version: pike + +description: > + Software Config to drive os-net-config to configure multiple interfaces + for the compute role. This is an example for a Nova compute node using + Contrail vrouter and the vhost0 interface. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + InternalApiDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the internal api network. + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - '/' + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + routes: + - default: true + next_hop: + get_param: InternalApiDefaultRoute + - type: linux_bridge + name: br0 + use_dhcp: false + members: + - type: interface + name: nic3 + - type: vlan + vlan_id: + get_param: ManagementNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ManagementIpSubnet + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index ece40085..bed9c700 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -28,87 +28,6 @@ Ceilometer: net_param: CeilometerApi port: 8777 -ContrailConfig: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8082 - -ContrailDiscovery: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 5998 - -ContrailAnalyticsCollectorHttp: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8089 - -ContrailAnalyticsApi: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8081 - -ContrailAnalyticsHttp: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8090 - -ContrailAnalyticsCollectorSandesh: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8086 - -ContrailAnalyticsRedis: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 6379 - -ContrailWebuiHttp: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8080 - -ContrailWebuiHttps: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8143 - Ec2Api: Internal: net_param: Ec2Api diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 42d1fbd0..1ba7b6fa 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -37,39 +37,6 @@ parameters: CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} - ContrailAnalyticsApiAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsApiInternal: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsApiPublic: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpAdmin: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpInternal: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpPublic: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshInternal: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshPublic: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsHttpAdmin: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsHttpInternal: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsHttpPublic: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsRedisAdmin: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailAnalyticsRedisInternal: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailAnalyticsRedisPublic: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailConfigAdmin: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailConfigInternal: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailConfigPublic: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailDiscoveryAdmin: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailDiscoveryInternal: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailDiscoveryPublic: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailWebuiHttpAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpPublic: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpsAdmin: {protocol: http, port: '8143', host: IP_ADDRESS} - ContrailWebuiHttpsInternal: {protocol: http, port: '8143', host: IP_ADDRESS} - ContrailWebuiHttpsPublic: {protocol: http, port: '8143', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} @@ -2101,2289 +2068,6 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, CongressPublic, port] - ContrailAnalyticsApiAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - ContrailAnalyticsApiInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - ContrailAnalyticsApiPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - ContrailAnalyticsCollectorHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - ContrailAnalyticsCollectorHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - ContrailAnalyticsCollectorHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - ContrailAnalyticsCollectorSandeshAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - ContrailAnalyticsCollectorSandeshInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - ContrailAnalyticsCollectorSandeshPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - ContrailAnalyticsHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - ContrailAnalyticsHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - port] - ContrailAnalyticsHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - ContrailAnalyticsRedisAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - ContrailAnalyticsRedisInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - port] - ContrailAnalyticsRedisPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - ContrailConfigAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailConfigAdmin, port] - protocol: - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigAdmin, port] - ContrailConfigInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailConfigInternal, port] - protocol: - get_param: [EndpointMap, ContrailConfigInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigInternal, port] - ContrailConfigPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailConfigPublic, port] - protocol: - get_param: [EndpointMap, ContrailConfigPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigPublic, port] - ContrailDiscoveryAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - ContrailDiscoveryInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - ContrailDiscoveryPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - ContrailWebuiHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - ContrailWebuiHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - ContrailWebuiHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - ContrailWebuiHttpsAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - ContrailWebuiHttpsInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - ContrailWebuiHttpsPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] Ec2ApiAdmin: host: str_replace: diff --git a/network/management.yaml b/network/management.yaml index f54794c3..d9f773c1 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -39,7 +39,7 @@ parameters: description: Ip allocation pool range for the management network. type: json ManagementInterfaceDefaultRoute: - default: null + default: unset description: The default route of the management network. type: string diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml new file mode 100644 index 00000000..2c223c16 --- /dev/null +++ b/network/network.network.j2.yaml @@ -0,0 +1,92 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: + default: {{network.ip_subnet|default("")}} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json + {{network.name}}NetAdminStateUp: + default: false + description: This admin state of the network. + type: boolean + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: + default: {{network.allocation_pools|default([])}} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json + {{network.name}}InterfaceDefaultRoute: + default: {{network.gateway_ip|default("not_defined")}} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} +{%- if network.ipv6 %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} +{%- if network.ipv6 %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: {{network.name}}Subnet, cidr} + diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 5aec597a..c790d370 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -5,11 +5,7 @@ description: Create networks to split out Overcloud traffic resources: {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name}}Network: - {%- else %} - InternalNetwork: - {%- endif %} type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -23,15 +19,8 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name_lower}}: yaql: data: {get_attr: [{{network.name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') - {%- else %} - {{network.name_lower}}: - yaql: - data: {get_attr: [InternalNetwork, subnet_cidr]} - expression: str($.data).replace('null', 'disabled') - {%- endif %} {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index bb54ca62..f874c30d 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -9,8 +9,8 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: - description: # Here for compatibility with isolated networks + NetworkName: # Here for compatibility with isolated networks + description: Name of the network where the VIP will be created default: ctlplane type: string PortName: diff --git a/network/ports/external.yaml b/network/ports/external.yaml index a02cc284..72922093 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index d2610c69..a14aa90b 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index e5fe8d71..2aa51267 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 12d61cce..5a1b5ae3 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index f258080a..e9eb7875 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index cb87fd54..31c72daf 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 12a0731b..657310ed 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 46e6e187..6a9e7083 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/management.yaml b/network/ports/management.yaml index dd62033b..417d0612 100644 --- a/network/ports/management.yaml +++ b/network/ports/management.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index 188be68c..4815d163 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index b5d44259..2a7d3b1d 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml index 977502a8..9de06d9c 100644 --- a/network/ports/management_v6.yaml +++ b/network/ports/management_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index a6971b0f..ce58e96f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -14,6 +14,7 @@ parameters: ExternalIpSubnet: default: '' type: string + description: IP address/subnet on the external network ExternalIpUri: default: '' type: string @@ -24,6 +25,7 @@ parameters: InternalApiIpSubnet: default: '' type: string + description: IP address/subnet on the internal API network InternalApiIpUri: default: '' type: string @@ -34,6 +36,7 @@ parameters: StorageIpSubnet: default: '' type: string + description: IP address/subnet on the storage network StorageIpUri: default: '' type: string @@ -44,6 +47,7 @@ parameters: StorageMgmtIpSubnet: default: '' type: string + description: IP address/subnet on the storage mgmt network StorageMgmtIpUri: default: '' type: string @@ -54,6 +58,7 @@ parameters: TenantIpSubnet: default: '' type: string + description: IP address/subnet on the tenant network TenantIpUri: default: '' type: string diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index 018bf2bb..d0847882 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index aa40cf17..72e60cb2 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 8030bfc0..9f39c4ff 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -12,19 +12,21 @@ parameters: description: IP address on the control plane type: string ControlPlaneNetwork: - description: Name of the control plane network + description: The name of the undercloud Neutron control plane default: ctlplane type: string PortName: description: Name of the port default: '' type: string - NetworkName: - description: # Here for compatibility with vip.yaml - default: '' + NetworkName: # Here for compatibility with vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane type: string FixedIPs: - description: # Here for compatibility with vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] default: [] type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml new file mode 100644 index 00000000..ded3e798 --- /dev/null +++ b/network/ports/port.network.j2.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network. The IP address will be chosen + automatically if FixedIPs is empty. + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name_lower}} neutron network + default: {{network.name_lower|default(network.name|lower)}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json + IPPool: # Here for compatibility with from_pool.yaml + default: {} + type: json + NodeIndex: # Here for compatibility with from_pool.yaml + default: 0 + type: number + +resources: + + {{network.name}}Port: + type: OS::Neutron::Port + properties: + network: {get_param: {{network.name}}NetName} + name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} + replacement_policy: AUTO + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - '/' + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml new file mode 100644 index 00000000..9c08ec76 --- /dev/null +++ b/network/ports/port_from_pool.network.j2.yaml @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name}} neutron network + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index 5c1aba1a..13e51ccf 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index ca5993fc..11aa20c7 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index ec7cd2f0..2d2c3055 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 94b058a2..c06c58ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 63b2e154..07308a70 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -26,7 +26,7 @@ parameters: type: number StorageMgmtNetCidr: default: '172.16.3.0/24' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 6d0b8794..1b30f0ce 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -27,7 +27,7 @@ parameters: type: number StorageMgmtNetCidr: default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 3d70c690..c10b1393 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 6137d241..c7d47c54 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index a56b0f43..6c5eee38 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index 03ff6d11..94c419df 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index d45faf06..cc2b619a 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index d23e91f7..47d52d8a 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 70b4482c..f47760c8 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 09f646a6..90525a31 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network_data.yaml b/network_data.yaml index 23c231f9..947769ae 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -5,30 +5,59 @@ # name: Name of the network (mandatory) # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) -# vlan: vlan for the network (optional) -# gateway: gateway for the network (optional) # enabled: Is the network enabled (optional, defaults to true) +# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) +# (optional, may use parameter defaults in environment to set) +# vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support -# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104 +# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, +# to support VIPs on non-default networks. +# See https://bugs.launchpad.net/tripleo/+bug/1667104 +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# gateway_ip: gateway for the network (optional, may use parameter defaults) +# NOTE: IP-related values set parameter defaults in templates, may be overridden. +# +# Example: +# - name Example +# vip: false +# ip_subnet: '10.0.2.0/24' +# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] +# gateway_ip: '10.0.2.254' # +# TODO (dsneddon) remove existing templates from j2_excludes.yaml +# and generate all templates dynamically. + - name: External vip: true name_lower: external + ip_subnet: '10.0.0.0/24' + allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] + gateway_ip: '10.0.0.1' - name: InternalApi name_lower: internal_api vip: true + ip_subnet: '172.16.2.0/24' + allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] - name: Storage vip: true name_lower: storage + ip_subnet: '172.16.1.0/24' + allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - name: StorageMgmt name_lower: storage_mgmt vip: true + ip_subnet: '172.16.3.0/24' + allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant + ip_subnet: '172.16.0.0/24' + allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs name_lower: management + ip_subnet: '10.0.1.0/24' + allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a1220d30..0d3b875a 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -156,11 +156,13 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::OVNController: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None @@ -169,10 +171,12 @@ resource_registry: OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None + OS::TripleO::Services::Iscsid: puppet/services/iscsid.yaml OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None + OS::TripleO::Services::Tuned: puppet/services/tuned.yaml OS::TripleO::Services::Securetty: OS::Heat::None OS::TripleO::Services::Sshd: puppet/services/sshd.yaml OS::TripleO::Services::Redis: puppet/services/database/redis.yaml @@ -186,6 +190,7 @@ resource_registry: OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml + OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None @@ -257,6 +262,7 @@ resource_registry: OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None + OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::Ec2Api: OS::Heat::None @@ -272,6 +278,7 @@ resource_registry: OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Iscsid: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None + OS::TripleO::Services::VRTSHyperScale: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index ddf2701a..2bfdf506 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -46,8 +46,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string ControlFixedIPs: default: [] @@ -89,7 +89,7 @@ parameters: description: Neutron ID or name for ctlplane network. NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string PublicVirtualFixedIPs: default: [] diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b29a8a98..24aa1525 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -45,6 +45,7 @@ parameters: perform configuration on a Heat stack-update. UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger package update on all nodes diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d58d1da..de7b6b49 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 48e5b97a..ce44fd68 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -147,7 +147,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 3ad6f745..af45793e 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -159,7 +159,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 933b5e60..38589a4e 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -173,7 +173,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml index 313c1261..3b7bf40c 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml @@ -174,45 +174,15 @@ resources: echo "$HOST_FQDN $MACS" fi - CollectMacDeploymentsController: +{% for role in roles %} + CollectMacDeployments{{role.name}}: type: OS::Heat::SoftwareDeployments properties: - name: CollectMacDeploymentsController - servers: {get_param: [servers, Controller]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCompute: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCompute - servers: {get_param: [servers, Compute]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsBlockStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsBlockStorage - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsObjectStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsObjectStorage - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCephStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCephStorage - servers: {get_param: [servers, CephStorage]} + name: CollectMacDeployments{{role.name}} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE +{% endfor %} # Now we calculate the additional nexus config based on the mappings MappingToNexusConfig: @@ -220,11 +190,9 @@ resources: properties: group: script inputs: - - name: controller_mappings - - name: compute_mappings - - name: blockstorage_mappings - - name: objectstorage_mappings - - name: cephstorage_mappings + {%- for role in roles %} + - name: {{role.name}}_mappings + {%- endfor %} - name: nexus_config config: | #!/bin/python @@ -233,11 +201,9 @@ resources: import os from copy import deepcopy - mappings = ['controller_mappings', - 'compute_mappings', - 'blockstorage_mappings', - 'objectstorage_mappings', - 'cephstorage_mappings', + mappings = [{%- for role in roles %} + '{{role.name}}_mappings', + {%- endfor %} 'nexus_config'] mapdict_list = [] nexus = {} @@ -295,11 +261,9 @@ resources: # FIXME(shardy): It'd be more convenient if we could join these # items together but because the returned format is a map (not a list) # we can't use list_join or str_replace. Possible Heat TODO. - controller_mappings: {get_attr: [CollectMacDeploymentsController, deploy_stdouts]} - compute_mappings: {get_attr: [CollectMacDeploymentsCompute, deploy_stdouts]} - blockstorage_mappings: {get_attr: [CollectMacDeploymentsBlockStorage, deploy_stdouts]} - objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]} - cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]} + {%- for role in roles %} + {{role.name}}_mappings: {get_attr: [CollectMacDeployments{{role.name}}, deploy_stdouts]} + {%- endfor %} nexus_config: {get_param: NetworkNexusConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 574c41b0..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -18,6 +18,7 @@ parameters: type: json UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. @@ -31,7 +32,7 @@ parameters: default: 'regionOne' description: Keystone region for endpoint NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index a03a9da5..10e56450 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 3d071018..f7651a57 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -23,6 +23,7 @@ resources: {{role.name}}ArtifactsDeploy: type: OS::Heat::StructuredDeployments properties: + name: {{role.name}}ArtifactsDeploy servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}ArtifactsConfig} @@ -36,7 +37,7 @@ resources: {{role.name}}Config: type: OS::TripleO::{{role.name}}Config properties: - StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} # Step through a series of configuration steps {% for step in range(1, deploy_steps_max) %} @@ -139,6 +140,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -148,6 +150,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true {% endfor %} # END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 85520fc0..23d8896e 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -180,7 +180,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json @@ -513,14 +513,27 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: - depends_on: {{role.name}}Deployment + depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: server: {get_resource: {{role.name}}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: {{role.name}}} + NodeIndex: {get_param: NodeIndex} + {%- endif -%} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: depends_on: {{role.name}}Deployment @@ -534,7 +547,13 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData] + depends_on: + - {{role.name}}ExtraConfigPre + {%- if 'primary' in role.tags and 'controller' in role.tags %} + - NodeTLSData + {%- else %} + - NodeTLSCAData + {%- endif %} type: OS::TripleO::NodeExtraConfig # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere @@ -674,6 +693,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - 6 - 0 - keys: {hostname: {get_param: Hostname}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} + {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource value: {get_attr: [{{role.name}}, os_collect_config]} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index d9b61ccd..f84edde0 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -30,6 +30,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiExternalProject: + default: 'service' + description: Project name of resources creator in Gnocchi. + type: string MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string @@ -85,6 +89,7 @@ outputs: aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi' aodh::api::service_name: 'httpd' aodh::api::enable_proxy_headers_parsing: true + aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject} aodh::policy::policies: {get_param: AodhApiPolicies} tripleo.aodh_api.firewall_rules: '128 aodh-api': diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 3e4f5b42..4fe6e908 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -172,6 +172,6 @@ outputs: until: ceph_quorum_nodecheck.rc == 0 retries: {get_param: CephValidationRetries} delay: {get_param: CephValidationDelay} - - name: set crush tunables + - name: ceph osd crush tunables default tags: step0 - shell: ceph osd crush tunables optimal + shell: ceph osd crush tunables default diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index aa025684..29629461 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -40,7 +40,7 @@ parameters: type: string hidden: true SwiftPassword: - description: The password for the swift service account, used by the Ceph RGW services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml index caa2f2f7..388e49b7 100644 --- a/puppet/services/cinder-backend-dellps.yaml +++ b/puppet/services/cinder-backend-dellps.yaml @@ -31,6 +31,9 @@ parameters: CinderDellPsSanPassword: type: string hidden: true + CinderDellPsSanPrivateKey: + type: string + default: '' CinderDellPsSanThinProvision: type: boolean default: true @@ -87,6 +90,7 @@ outputs: cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp} cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin} cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword} + cinder::backend::eqlx::san_private_key: {get_param: CinderDellPsSanPrivateKey} cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision} cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname} cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool} diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml new file mode 100644 index 00000000..11ceb2fd --- /dev/null +++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Veritas HyperScale backend. + value: + service_name: cinder_backend_veritas_hyperscale + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 31a4d3eb..f5d38b60 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. CongressDebug: default: '' description: Set to True to enable debugging Glance service. diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index 2881a5c6..c218e8b5 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -56,7 +56,3 @@ outputs: mongodb::server::journal: false mongodb::server::ipv6: {get_param: MongoDbIPv6} mongodb::server::replset: {get_param: MongoDbReplset} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 9b8386c1..abbe7a22 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -51,7 +51,7 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean NovaPassword: - description: The password for the nova db account + description: The password for the nova service and db account type: string hidden: true EnableInternalTLS: @@ -96,10 +96,6 @@ outputs: - {get_param: [DefaultPasswords, mysql_root_password]} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index d15b30cb..2a6a89e9 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -5,7 +5,7 @@ description: > parameters: RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true RedisFDLimit: diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d92b666b..d11ef66a 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -4,13 +4,11 @@ description: > Configures docker on the host parameters: - DockerNamespace: - description: namespace - default: tripleoupstream + DockerInsecureRegistryAddress: + description: Optional. The IP Address and Port of an insecure docker + namespace that will be configured in /etc/sysconfig/docker. type: string - DockerNamespaceIsRegistry: - type: boolean - default: false + default: '' EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -38,14 +36,19 @@ parameters: description: Parameters specific to the role type: json +conditions: + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: - tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} - tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + if: + - insecure_registry_is_empty + - {} + - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index d5056c60..85fdb369 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -61,7 +61,7 @@ parameters: path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml index a4a25d9e..ac1f11ac 100644 --- a/puppet/services/external-swift-proxy.yaml +++ b/puppet/services/external-swift-proxy.yaml @@ -44,7 +44,7 @@ parameters: type: string default: 'service' SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 0af132e7..a37135da 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -51,7 +51,7 @@ parameters: description: Whether or not to enable the HAProxy stats interface. type: boolean RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 2c13cb30..28bb8658 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -130,6 +130,8 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cfn is deployed command: systemctl is-enabled openstack-heat-api-cfn @@ -151,5 +153,5 @@ outputs: when: heat_api_cfn_apache.rc == 0 - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) tags: step1 - when: heat_api_cfn_apache.rc == 0 + when: heat_api_cfn_enabled.rc == 0 service: name=openstack-heat-api-cfn state=stopped enabled=no diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index b23dc895..689251a3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -114,6 +114,8 @@ outputs: - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cloudwatch is deployed command: systemctl is-enabled openstack-heat-api-cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 3349271c..51f52a71 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -137,6 +137,8 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check is heat_api is deployed command: systemctl is-enabled openstack-heat-api diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml new file mode 100644 index 00000000..222977e9 --- /dev/null +++ b/puppet/services/iscsid.yaml @@ -0,0 +1,41 @@ +heat_template_version: pike + +description: > + Configure iscsid + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for iscsid + value: + service_name: iscsid + config_settings: {} + step_config: | + include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 136c0ad4..8796209b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -67,6 +67,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. KeystoneDebug: default: '' description: Set to True to enable debugging Keystone service. diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 160b4e4a..7d43f685 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -32,7 +32,7 @@ parameters: type: json NovaPassword: type: string - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account hidden: true NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 24dda549..0f0fe957 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -44,7 +44,7 @@ parameters: to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without specifying a private key or cert chain to use SSL transport, but not cert auth. - type: string + type: boolean MonitoringRabbitSSLPrivateKey: default: '' description: Private key to be used by Sensu to connect to RabbitMQ host. diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index f2b062e0..a9ffabe5 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string + hidden: true KeystoneRegion: default: 'regionOne' description: Keystone region for endpoint diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index 51ecbf29..c60ffcd0 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -33,6 +33,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAnalyticsCollectorHttp: + default: 8089 + description: Contrail Analytics Collector http port + type: number + ContrailAnalyticsCollectorSandesh: + default: 8086 + description: Contrail Analytics Collector sandesh port + type: number + ContrailAnalyticsHttp: + default: 8090 + description: Contrail Analytics http port + type: number + ContrailAnalyticsRedis: + default: 6379 + description: Contrail Analytics redis port + type: number + ContrailAnalyticsApi: + default: 8081 + description: Contrail Analytics Api port + type: number resources: ContrailBase: @@ -41,7 +61,6 @@ resources: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -53,14 +72,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} - contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp} + contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh} contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp} contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} contrail::analytics::redis_server: '127.0.0.1' - contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis} contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} + contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index 9ee8a651..77c30bd9 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -30,16 +30,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAAAMode: + AAAMode: description: AAAmode can be no-auth, cloud-admin or rbac type: string default: 'rbac' - ContrailAAAModeAnalytics: + AAAModeAnalytics: description: AAAmode for analytics can be no-auth, cloud-admin or rbac type: string default: 'no-auth' AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminTenantName: @@ -47,25 +47,33 @@ parameters: type: string default: 'admin' AdminToken: - description: Keystone admin token + description: The keystone auth secret and db password. type: string hidden: true AdminUser: description: Keystone admin user name type: string default: 'admin' - AuthPortSSL: - default: 13357 - description: Keystone SSL port - type: number - AuthPortSSLPublic: - default: 13000 - description: Keystone Public SSL port - type: number ContrailAuth: default: 'keystone' description: Keystone authentication method type: string + ContrailAnalyticsVIP: + default: '' + description: Contrail Analytics Api Virtual IP address + type: string + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number + ContrailConfigVIP: + default: '' + description: Contrail Config Virtual IP address + type: string + ContrailDiscoveryPort: + default: 5998 + description: Contrail Config Api port + type: number ContrailInsecure: default: false description: Keystone insecure mode @@ -74,6 +82,14 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string + ContrailVIP: + default: '' + description: Contrail VIP + type: string + ContrailWebuiVIP: + default: '' + description: Contrail Webui Virtual IP address + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -87,29 +103,49 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']} + contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']} + contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']} + outputs: role_data: description: Shared role data for the Contrail services. value: service_name: contrail_base config_settings: - contrail::aaa_mode: {get_param: ContrailAAAMode} - contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} - contrail::admin_password: {get_param: AdminPassword} - contrail::admin_tenant_name: {get_param: AdminTenantName} - contrail::admin_token: {get_param: AdminToken} - contrail::admin_user: {get_param: AdminUser} - contrail::auth: {get_param: ContrailAuth} - contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } - contrail::auth_port_ssl: {get_param: AuthPortSSL } - contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } - contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } - contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } - contrail::insecure: {get_param: ContrailInsecure} - contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::rabbit_password: {get_param: RabbitPassword} - contrail::rabbit_user: {get_param: RabbitUserName} - contrail::rabbit_port: {get_param: RabbitClientPort} + map_merge: + - contrail::aaa_mode: {get_param: AAAMode} + contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics} + contrail::admin_password: {get_param: AdminPassword} + contrail::admin_tenant_name: {get_param: AdminTenantName} + contrail::admin_token: {get_param: AdminToken} + contrail::admin_user: {get_param: AdminUser} + contrail::auth: {get_param: ContrailAuth} + contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] } + contrail::api_port: {get_param: ContrailConfigPort } + contrail::disc_server_port: {get_param: ContrailDiscoveryPort } + contrail::insecure: {get_param: ContrailInsecure} + contrail::memcached_server: {get_param: ContrailMemcachedServer} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} + contrail::vip: {get_param: ContrailVIP} + - + if: + - contrail_config_vip_unset + - {} + - contrail_config_vip: {get_param: ContrailConfigVIP} + - + if: + - contrail_webui_vip_unset + - {} + - contrail_webui_vip: {get_param: ContrailWebuiVIP} + - + if: + - contrail_analytics_vip_unset + - {} + - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index d11cf6d0..210c81d7 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -41,6 +41,10 @@ parameters: description: Ifmap user password type: string default: 'api-server' + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number resources: ContrailBase: @@ -64,8 +68,8 @@ outputs: - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} - contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::listen_port: {get_param: ContrailConfigPort} contrail::config::redis_server: '127.0.0.1' - contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]} step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 529160ee..20951b0b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -41,6 +41,10 @@ parameters: description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string hidden: true + ContrailControlManageNamed: + description: named config file mgmt + type: string + default: true resources: ContrailBase: @@ -64,5 +68,6 @@ outputs: - contrail::control::asn: {get_param: ContrailControlASN } contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} + contrail::control::manage_named: {get_param: ContrailControlManageNamed} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml new file mode 100644 index 00000000..65b2a2a1 --- /dev/null +++ b/puppet/services/network/contrail-dpdk.yaml @@ -0,0 +1,82 @@ +heat_template_version: pike + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_dpdk + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::is_dpdk: 'true' + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: + - 8097 + - 8085 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml index 95951fd5..50a6be48 100644 --- a/puppet/services/network/contrail-neutron-plugin.yaml +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -33,7 +33,7 @@ parameters: ContrailExtensions: description: List of OpenContrail extensions to be enabled type: comma_delimited_list - default: '' + default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None' resources: ContrailBase: @@ -54,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions' contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} step_config: | include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 469e18cc..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,17 +31,18 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string - VrouterPhysicalInterface: + hidden: true + ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface type: string - VrouterGateway: + ContrailVrouterGateway: default: '192.168.24.1' description: vRouter default gateway type: string - VrouterNetmask: + ContrailVrouterNetmask: default: '255.255.255.0' description: vRouter netmask type: string @@ -65,10 +66,10 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} - contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} - contrail::vrouter::gateway: {get_param: VrouterGateway} - contrail::vrouter::netmask: {get_param: VrouterNetmask} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} contrail::vrouter::is_tsn: 'true' tripleo.neutron_compute_plugin_opencontrail.firewall_rules: diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index d36a5651..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: @@ -46,6 +46,10 @@ parameters: default: '255.255.255.0' description: vRouter netmask type: string + ContrailVrouterControlNodeIps: + description: List of Contrail Node IPs + type: comma_delimited_list + default: '' resources: ContrailBase: @@ -66,14 +70,16 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - tripleo.neutron_compute_plugin_opencontrail.firewall_rules: - '111 neutron_compute_plugin_opencontrail proxy': + contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps} + tripleo.contrail_vrouter.firewall_rules: + '111 contrail_vrouter_8085': + dport: 8085 + '112 contrail_vrouter_8097': dport: 8097 - proto: tcp step_config: | include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index aa73fb94..8f96643f 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -33,6 +33,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailWebuiHttp: + default: 8080 + description: Contrail Webui http port + type: number + ContrailWebuiHttps: + default: 8143 + description: Contrail Webui https port + type: number resources: ContrailBase: @@ -53,8 +61,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } - contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + - contrail::webui::http_port: {get_param: ContrailWebuiHttp } + contrail::webui::https_port: {get_param: ContrailWebuiHttps } contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index d650b11f..459a968a 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -50,7 +50,7 @@ parameters: description: Allow automatic l3-agent failover type: string NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronEnableDVR: diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index 5842149f..f1a56530 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NovaPassword: - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NuageMetadataPort: diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0d56b3b1..a3baf710 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -34,6 +34,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 82371337..7ccf526a 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -33,6 +33,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index d98d1620..dd757b5d 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -53,8 +53,8 @@ parameters: default: 'datacentre:1:1000' description: > The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + Neutron documentation for permitted values. Defaults to permitting VLANs + 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronTunnelIdRanges: description: | diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index a28f4672..b413fb12 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 82f8bc13..08302ee9 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -41,7 +41,7 @@ parameters: constraints: - allowed_values: [ 'messagingv2', 'noop' ] NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronPassword: diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index d0f8fda2..6e1f3f56 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -97,14 +97,20 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > SSH key for migration. Expects a dictionary with keys 'public_key' and 'private_key'. Values should be identical to SSH public/private key files. - default: {} + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number resources: NovaBase: @@ -159,14 +165,9 @@ outputs: NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} - tripleo::profile::base::nova::migration_ssh_localaddrs: - - "%{hiera('cold_migration_ssh_inbound_addr')}" - - "%{hiera('live_migration_ssh_inbound_addr')}" - live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} - cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} - tripleo::profile::base::nova::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 3a5d7536..e2ae7260 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -30,6 +30,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean NovaComputeLibvirtType: type: string default: kvm @@ -70,6 +84,19 @@ parameters: the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO's default CA, which is FreeIPA. It will only be used if internal TLS is enabled. + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number conditions: @@ -111,8 +138,12 @@ outputs: - nova::compute::libvirt::manage_libvirt_services: false # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} @@ -120,6 +151,7 @@ outputs: nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: @@ -132,7 +164,7 @@ outputs: - use_tls_for_live_migration - generate_service_certificates: true - tripleo::profile::base::nova::libvirt_tls: true + tripleo::profile::base::nova::migration::client::libvirt_tls: true nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml new file mode 100644 index 00000000..128abc2c --- /dev/null +++ b/puppet/services/nova-migration-target.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + OpenStack Nova migration target configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + +outputs: + role_data: + description: Role data for the Nova migration target service. + value: + service_name: nova_migration_target + config_settings: + tripleo::profile::base::nova::migration::target::ssh_authorized_keys: + - {get_param: [ MigrationSshKey, public_key ]} + tripleo::profile::base::nova::migration::target::ssh_localaddrs: + - "%{hiera('cold_migration_ssh_inbound_addr')}" + - "%{hiera('live_migration_ssh_inbound_addr')}" + live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} + step_config: | + include tripleo::profile::base::nova::migration::target diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5cb4ef5c..916cefd9 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-placement. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index da925181..472dbcce 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -58,6 +58,10 @@ parameters: default: {} description: Parameters specific to the role type: json + OpenDaylightManageRepositories: + description: Whether to manage the OpenDaylight repository + type: boolean + default: false outputs: role_data: @@ -72,6 +76,7 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml index dfd87eda..30720448 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/ovn-controller.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - OpenStack Neutron Compute OVN agent + OpenStack OVN Controller agent parameters: EndpointMap: @@ -45,23 +45,23 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" outputs: role_data: - description: Role data for the Neutron Compute OVN agent + description: Role data for the OVN Controller agent value: - service_name: neutron_compute_plugin_ovn + service_name: ovn_controller config_settings: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} nova::compute::force_config_drive: true - tripleo.neutron_compute_plugin_ovn.firewall_rules: + tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 @@ -70,3 +70,17 @@ outputs: dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn + upgrade_tasks: + - name: Check if ovn_controller is deployed + command: systemctl is-enabled ovn-controller + tags: common + ignore_errors: True + register: ovn_controller_enabled + - name: "PreUpgrade step0,validation: Check service ovn-controller is running" + shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b' + when: ovn_controller_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-controller service + tags: step1 + when: ovn_controller_enabled.rc == 0 + service: name=ovn-controller state=stopped diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f6f3e3c8..2b98008b 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -57,3 +57,17 @@ outputs: - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd + upgrade_tasks: + - name: Check if ovn_northd is deployed + command: systemctl is-enabled ovn-northd + tags: common + ignore_errors: True + register: ovn_northd_enabled + - name: "PreUpgrade step0,validation: Check service ovn-northd is running" + shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b' + when: ovn_northd_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-northd service + tags: step1 + when: ovn_northd_enabled.rc == 0 + service: name=ovn-northd state=stopped diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 893e8418..158d04bd 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -105,11 +105,6 @@ parameters: description: Whether to deploy a LoadBalancer on the Controller type: boolean - PacemakerResources: - type: comma_delimited_list - description: List of resources managed by pacemaker - default: ['rabbitmq', 'galera'] - outputs: role_data: description: Role data for the Pacemaker role. @@ -156,20 +151,8 @@ outputs: async: 30 poll: 4 - name: Stop pacemaker cluster - tags: step2 + tags: step3 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - - name: Check pacemaker resource - tags: step4 - pacemaker_is_active: - resource: "{{ item }}" - max_wait: 500 - with_items: {get_param: PacemakerResources} - - name: Check pacemaker haproxy resource - tags: step4 - pacemaker_is_active: - resource: haproxy - max_wait: 500 - when: {get_param: EnableLoadBalancer} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 66f5c4b6..5867721a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -97,7 +97,7 @@ outputs: NODE_PORT: '' NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 283bb3f3..06e8180d 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -35,7 +35,7 @@ parameters: description: Set to True to enable debugging on all services. type: string SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true SwiftProxyNodeTimeout: diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 40bc1368..f9c3cbae 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -130,6 +130,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 7661dd2f..541a2eb6 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e52dd71e..e471c2a6 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,7 +32,7 @@ parameters: type: json EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean outputs: diff --git a/puppet/services/tuned.yaml b/puppet/services/tuned.yaml new file mode 100644 index 00000000..f1dec931 --- /dev/null +++ b/puppet/services/tuned.yaml @@ -0,0 +1,50 @@ +heat_template_version: ocata + +description: > + Configure tuned + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + TunedProfileName: + default: '' + description: Tuned Profile to apply to the host + type: string + +outputs: + role_data: + description: Role data for tuned + value: + service_name: tuned + config_settings: + map_replace: + - map_replace: + - tripleo::profile::base::tuned::profile: TunedProfileName + - values: {get_param: RoleParameters} + - values: {'TunedProfileName': {get_param: TunedProfileName}} + step_config: | + include ::tripleo::profile::base::tuned diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml new file mode 100644 index 00000000..fe641ad6 --- /dev/null +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -0,0 +1,106 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + VrtsRabbitPassword: + type: string + description: The Rabbitmq password of the hyperscale user. Mandatory. + VrtsKeystonePassword: + type: string + description: The Keystone password of the hyperscale service. Mandatory. + VrtsMysqlPassword: + type: string + description: The MySQL password of the hyperscale user. Mandatory. + VrtsCtrlMgmtIP: + type: string + default: '' + description: The management IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsDashboardIP: + type: string + default: '' + description: The dashboard IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsZookeeperIP: + type: string + description: The IP of a node where Zookeeper is configured. Mandatory. + VrtsSSHPassword: + type: string + description: The SSH password of the hyperscale user. Mandatory. + VrtsConfigParam1: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam2: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam3: + type: string + default: '' + description: Additional config parameter. Optional. + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Install Veritas HyperScale packages for controller. + value: + service_name: veritas_hyperscale_controller + config_settings: + global_config_settings: + vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP} + vrts_dashboard_ip: {get_param: VrtsDashboardIP} + vrts_zookeeper_ip: {get_param: VrtsZookeeperIP} + vrts_ssh_passwd: {get_param: VrtsSSHPassword} + vrts_config_param1: {get_param: VrtsConfigParam1} + vrts_config_param2: {get_param: VrtsConfigParam2} + vrts_config_param3: {get_param: VrtsConfigParam3} + step_config: | + include ::veritas_hyperscale::controller_pkg_inst + service_config_settings: + rabbitmq: + vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword} + keystone: + vrts_keystone_passwd: {get_param: VrtsKeystonePassword} + mysql: + vrts_mysql_passwd: {get_param: VrtsMysqlPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index debdc742..4a1ad179 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -56,6 +56,14 @@ parameters: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' + ZaqarMessageStore: + type: string + description: The messaging store for Zaqar + default: mongodb + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EnableInternalTLS: type: boolean default: false @@ -63,6 +71,8 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} + zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: @@ -95,7 +105,7 @@ outputs: - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::unreliable: true @@ -105,28 +115,71 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_store: {get_param: ZaqarMessageStore} + zaqar::management_store: {get_param: ZaqarManagementStore} + - + if: + - zaqar_messaging_store_swift + - + zaqar::messaging::swift::uri: + list_join: + - '' + - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] + zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + tripleo::profile::base::zaqar::messaging_store: 'swift' + - {} + - + if: + - zaqar_management_store_sqlalchemy + - + tripleo::profile::base::zaqar::management_store: 'sqlalchemy' + zaqar::management::sqlalchemy::uri: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: zaqar + password: {get_param: ZaqarPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /zaqar + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: - keystone: - zaqar::keystone::auth::password: {get_param: ZaqarPassword} - zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} - zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} - zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} - zaqar::keystone::auth::region: {get_param: KeystoneRegion} - zaqar::keystone::auth::tenant: 'service' - zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} - zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} - zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} - zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} - zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} - zaqar::keystone::auth_websocket::tenant: 'service' - + map_merge: + - keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + - + if: + - zaqar_management_store_sqlalchemy + - mysql: + zaqar::db::mysql::user: zaqar + zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + zaqar::db::mysql::dbname: zaqar + zaqar::db::mysql::password: {get_param: ZaqarPassword} + zaqar::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + - {} step_config: | include ::tripleo::profile::base::zaqar + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: yaql: expression: $.data.apache_upgrade + $.data.zaqar_upgrade diff --git a/releasenotes/notes/ceph-ansible-workflow-70f7d52faf4cd419.yaml b/releasenotes/notes/ceph-ansible-workflow-70f7d52faf4cd419.yaml new file mode 100644 index 00000000..c7d1826d --- /dev/null +++ b/releasenotes/notes/ceph-ansible-workflow-70f7d52faf4cd419.yaml @@ -0,0 +1,14 @@ +--- +prelude: > + Deployment of Ceph in containers is implemented using a Mistral workflow. +other: + - | + It is possible to deploy Ceph in docker containers in the overcloud. This + is implemented by triggering `ceph-ansible` via a Mistral workflow. A new + `CephAnsibleExtraConfig` parameter has been added to the templates and can + be used to provide arbitrary config variables consumed by `ceph-ansible`. + The pre-existing template params consumed by the TripleO Pike release to + drive `puppet-ceph` continue to work and are translated, when possible, into + their equivalent `ceph-ansible` variable. To enable the deployment of Ceph + in containers use `environments/ceph-ansible/ceph-ansible.yaml` when + deploying the overcloud.
\ No newline at end of file diff --git a/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml new file mode 100644 index 00000000..01ce1758 --- /dev/null +++ b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - Deprecate and remove configuring clustering for + OpenDaylight container using an exec. + Configuration is now handled via puppet-opendaylight + using file resources. diff --git a/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml new file mode 100644 index 00000000..3c17e242 --- /dev/null +++ b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for Veritas HyperScale Cinder backend. diff --git a/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml new file mode 100644 index 00000000..ec7f40c9 --- /dev/null +++ b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml @@ -0,0 +1,4 @@ +--- +features: + - A new role ComputeOvsDpdk has been added to enable dynamic roles_data + creation with OVS-DPDK role. diff --git a/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml b/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml new file mode 100644 index 00000000..776c7b48 --- /dev/null +++ b/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + This patch enables the configuration of Contrail DPDK on the Compute nodes + by specifying the required parameters in an environment file. +fixes: + - | + The patch moves the Contrail control plane communication from the public + network to the internal_api network. diff --git a/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml new file mode 100644 index 00000000..b7497b19 --- /dev/null +++ b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adding the ability to disable the OpenDaylight upstream repository. + Introducing the OpenDaylightManageRepositories parameter. diff --git a/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml new file mode 100644 index 00000000..23f482a1 --- /dev/null +++ b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for DPDK with OvS2.7, which requires huge page + configuration (with reboot) to be available before enabling DPDK. + diff --git a/releasenotes/notes/ps-san_private_key-5aa111e7907ba600.yaml b/releasenotes/notes/ps-san_private_key-5aa111e7907ba600.yaml new file mode 100644 index 00000000..63593311 --- /dev/null +++ b/releasenotes/notes/ps-san_private_key-5aa111e7907ba600.yaml @@ -0,0 +1,4 @@ +--- +features: + - Added new parameter san_private_key to configure SSH Private Key + for the PS Series cinder backend diff --git a/releasenotes/notes/systemd-d9a41bb3709d0653.yaml b/releasenotes/notes/systemd-d9a41bb3709d0653.yaml deleted file mode 100644 index af66f89d..00000000 --- a/releasenotes/notes/systemd-d9a41bb3709d0653.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -fixes: - - | - Latest commits in puppet-systemd enabled by default systemd-networkd and - systemd-resolved but we don't want to manage them for now in TripleO. - MySQL and MongoDB services were managing some systemd resources so now - we ensure that these 2 systemd services are disabled. In the future, we - might want and activate these services and revert that patch but for now - we want to disable them. diff --git a/releasenotes/notes/tuned-service-650c0eec1cf12a4d.yaml b/releasenotes/notes/tuned-service-650c0eec1cf12a4d.yaml new file mode 100644 index 00000000..30e72db4 --- /dev/null +++ b/releasenotes/notes/tuned-service-650c0eec1cf12a4d.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allows the user to set the tuned profile on a given + host. Defaults to throughput-performance. diff --git a/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml new file mode 100644 index 00000000..a72da829 --- /dev/null +++ b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add Heat parameters which allow the end user to configure custom + management and messaging backends for MySQL and Swift. diff --git a/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml new file mode 100644 index 00000000..64a41424 --- /dev/null +++ b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Update undercloud default Heat parameters so we use the Zaqar swift/mysql + backends. This allows us to drop MongoDB from the undercloud. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 7b41a9e2..939b263c 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b2' +release = '7.0.0.0b3' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index b0117400..e4fdfa44 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -13,6 +13,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient @@ -27,3 +28,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index 647c4d5a..f3978c5b 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -25,3 +25,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 75a6f608..56daa864 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty @@ -42,4 +43,6 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index a04a12e1..0e8a90b7 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty @@ -42,4 +43,6 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml new file mode 100644 index 00000000..7c3cd218 --- /dev/null +++ b/roles/ComputeOvsDpdk.yaml @@ -0,0 +1,41 @@ +############################################################################### +# Role: ComputeOvsDpdk # +############################################################################### +- name: ComputeOvsDpdk + description: | + Compute OvS DPDK Role + CountDefault: 1 + networks: + - InternalApi + - Tenant + - Storage + HostnameFormatDefault: '%stackname%-computeovsdpdk-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsDpdk + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Controller.yaml b/roles/Controller.yaml index e3af321e..d702a63d 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -40,6 +40,7 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler @@ -108,6 +109,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ @@ -125,5 +127,6 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 4ad405aa..10d76dd7 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -57,6 +57,7 @@ - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone @@ -85,6 +86,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Redis @@ -100,6 +102,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar diff --git a/roles/Database.yaml b/roles/Database.yaml index 75b26a8c..e101fd4f 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -22,4 +22,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - + - OS::TripleO::Services::Tuned diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index 8a29b337..ae848bc8 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -19,3 +19,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index 5b06063f..47e0f920 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -21,4 +21,5 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 635c430f..311e0a7d 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -36,4 +36,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - + - OS::TripleO::Services::Tuned diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index 27dc1233..81bedbd1 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -28,3 +28,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles/README.rst b/roles/README.rst index cd1fcb47..b21a34b6 100644 --- a/roles/README.rst +++ b/roles/README.rst @@ -95,6 +95,7 @@ Example BlockStorage CephStorage Compute + ComputeOvsDpdk Controller ControllerOpenstack Database @@ -151,12 +152,14 @@ Example * OS::TripleO::Services::ComputeNeutronOvsAgent * OS::TripleO::Services::Docker * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Iscsid * OS::TripleO::Services::Kernel * OS::TripleO::Services::MySQLClient * OS::TripleO::Services::NeutronSriovAgent * OS::TripleO::Services::NeutronVppAgent * OS::TripleO::Services::NovaCompute * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::NovaMigrationTarget * OS::TripleO::Services::Ntp * OS::TripleO::Services::OpenDaylightOvs * OS::TripleO::Services::Securetty diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index d23ab6e3..b1c73798 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -29,4 +29,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - + - OS::TripleO::Services::Tuned diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index f56749a9..a408a21b 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -26,7 +26,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin @@ -44,6 +43,7 @@ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tuned - OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhEvaluator - OS::TripleO::Services::UndercloudAodhListener diff --git a/roles_data.yaml b/roles_data.yaml index fe24a423..0d6c8035 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -43,6 +43,7 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler @@ -111,6 +112,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ @@ -128,6 +130,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar ############################################################################### @@ -165,6 +168,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty @@ -174,7 +178,9 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController ############################################################################### # Role: BlockStorage # ############################################################################### @@ -190,6 +196,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient @@ -204,6 +211,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned ############################################################################### # Role: ObjectStorage # ############################################################################### @@ -234,6 +242,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned ############################################################################### # Role: CephStorage # ############################################################################### @@ -261,4 +270,5 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 2aa5a291..d61d1a2f 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -29,7 +29,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin @@ -47,6 +46,7 @@ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tuned - OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhEvaluator - OS::TripleO::Services::UndercloudAodhListener diff --git a/sample-env-generator/predictable-placement.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..3a971fbd 100644 --- a/sample-env-generator/predictable-placement.yaml +++ b/sample-env-generator/predictable-placement.yaml @@ -15,3 +15,18 @@ environments: Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with OS::stack_name in the template below. If you want to use the heat generated names, pass '' (empty string). + - + name: predictable-placement/custom-domain + title: Custom Domain Name + files: + overcloud.yaml: + parameters: + - CloudDomain + - CloudName + - CloudNameInternal + - CloudNameStorage + - CloudNameStorageManagement + - CloudNameCtlplane + description: | + This environment contains the parameters that need to be set in order to + use a custom domain name and have all of the various FQDNs reflect it. diff --git a/sample-env-generator/storage.yaml b/sample-env-generator/storage.yaml index aa0385cc..dc4fbb10 100644 --- a/sample-env-generator/storage.yaml +++ b/sample-env-generator/storage.yaml @@ -26,6 +26,10 @@ environments: NovaEnableRbdBackend: True GlanceBackend: rbd GnocchiBackend: rbd + resource_registry: + OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml description: | Include this environment to enable Ceph as the backend for Cinder, Nova, Gnocchi, and Glance. diff --git a/test-requirements.txt b/test-requirements.txt index 9291450a..1b60459c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,7 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -openstackdocstheme>=1.11.0 # Apache-2.0 +openstackdocstheme>=1.11.0 # Apache-2.0 PyYAML>=3.10.0 # MIT Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT diff --git a/tools/process-templates.py b/tools/process-templates.py index badc1426..07c27bad 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -96,6 +96,16 @@ def process_templates(template_path, role_data_path, output_dir, r_map = {} for r in role_data: r_map[r.get('name')] = r + + n_map = {} + for n in network_data: + if (n.get('enabled') is not False): + n_map[n.get('name')] = n + if not n.get('name_lower'): + n_map[n.get('name')]['name_lower'] = n.get('name').lower() + else: + print("skipping %s network: network is disabled" % n.get('name')) + excl_templates = ['%s/%s' % (template_path, e) for e in j2_excludes.get('name')] @@ -126,10 +136,13 @@ def process_templates(template_path, role_data_path, output_dir, for f in files: file_path = os.path.join(subdir, f) - # We do two templating passes here: + # We do three templating passes here: # 1. *.role.j2.yaml - we template just the role name # and create multiple files (one per role) - # 2. *.j2.yaml - we template with all roles_data, + # 2 *.network.j2.yaml - we template the network name and + # data and create multiple files for networks and + # network ports (one per network) + # 3. *.j2.yaml - we template with all roles_data, # and create one file common to all roles if f.endswith('.role.j2.yaml'): print("jinja2 rendering role template %s" % f) @@ -167,6 +180,30 @@ def process_templates(template_path, role_data_path, output_dir, else: print('skipping rendering of %s' % out_f_path) + + elif f.endswith('.network.j2.yaml'): + print("jinja2 rendering network template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering networks %s" % ",".join(n_map)) + for network in n_map: + j2_data = {'network': n_map[network]} + # Output file names in "<name>.yaml" format + out_f = os.path.basename(f).replace('.network.j2.yaml', + '.yaml') + if os.path.dirname(file_path).endswith('ports'): + out_f = out_f.replace('port', + n_map[network]['name_lower']) + else: + out_f = out_f.replace('network', + n_map[network]['name_lower']) + out_f_path = os.path.join(out_dir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): print("jinja2 rendering normal template %s" % f) with open(file_path) as j2_template: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 3828766f..a096d69a 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -31,6 +31,7 @@ envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', 'tls-endpoints-public-ip.yaml', 'tls-everywhere-endpoints-dns.yaml'] ENDPOINT_MAP_FILE = 'endpoint_map.yaml' +OPTIONAL_SECTIONS = ['service_workflow_tasks'] REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', 'config_settings', 'step_config'] OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', @@ -51,6 +52,60 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'StorageAllocationPools': ['default'], 'StorageMgmtNetCidr': ['default'], 'StorageMgmtAllocationPools': ['default'], + 'TenantNetCidr': ['default'], + 'TenantAllocationPools': ['default'], + 'InternalApiNetCidr': ['default'], + 'InternalApiAllocationPools': ['default'], + 'UpdateIdentifier': ['description'], + 'key_name': ['default'], + # There's one template that defines this + # differently, and I'm not sure if we can + # safely change it. + 'EC2MetadataIp': ['default'], + # Same as EC2MetadataIp + 'ControlPlaneDefaultRoute': ['default'], + # TODO(bnemec): Address these existing + # inconsistencies. + 'ServiceNetMap': ['description', 'default'], + 'network': ['default'], + 'ControlPlaneIP': ['default', + 'description'], + 'ControlPlaneIp': ['default', + 'description'], + 'NeutronBigswitchLLDPEnabled': ['default'], + 'NeutronWorkers': ['description'], + 'ServerMetadata': ['description'], + 'server': ['description'], + 'servers': ['description'], + 'ExtraConfig': ['description'], + 'DefaultPasswords': ['description', + 'default'], + 'BondInterfaceOvsOptions': ['description', + 'default', + 'constraints'], + 'KeyName': ['constraints'], + 'OVNSouthboundServerPort': ['description'], + 'ExternalInterfaceDefaultRoute': + ['description', 'default'], + 'IPPool': ['description'], + 'SSLCertificate': ['description', + 'default', + 'hidden'], + 'HostCpusList': ['default', 'constraints'], + 'NodeIndex': ['description'], + 'name': ['description', 'default'], + 'image': ['description', 'default'], + 'NeutronBigswitchAgentEnabled': ['default'], + 'EndpointMap': ['description', 'default'], + 'DockerManilaConfigImage': ['description', + 'default'], + 'replacement_policy': ['default'], + 'CloudDomain': ['description', 'default'], + 'EnableLoadBalancer': ['description'], + 'ControllerExtraConfig': ['description'], + 'NovaComputeExtraConfig': ['description'], + 'controllerExtraConfig': ['description'], + 'DockerSwiftConfigImage': ['default'], } PREFERRED_CAMEL_CASE = { @@ -126,6 +181,22 @@ def validate_hci_computehci_role(hci_role_filename, hci_role_tpl): return 0 +def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -147,25 +218,69 @@ def validate_mysql_connection(settings): error_status[0] = 1 return False - def search(item, check_item, check_key): - if check_item(item): - return True - elif isinstance(item, list): - for i in item: - if search(i, check_item, check_key): - return True - elif isinstance(item, dict): - for k in item.keys(): - if check_key(k, item[k]): - return True - elif search(item[k], check_item, check_key): - return True - return False - search(settings, no_op, validate_mysql_uri) return error_status[0] +def validate_docker_service_mysql_usage(filename, tpl): + no_op = lambda *args: False + included_res = [] + + def match_included_res(item): + is_config_setting = isinstance(item, list) and len(item) > 1 and \ + item[1:] == ['role_data', 'config_settings'] + if is_config_setting: + included_res.append(item[0]) + return is_config_setting + + def match_use_mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + all_content = [] + + def read_all(incfile, inctpl): + # search for included content + content = inctpl['outputs']['role_data']['value'].get('config_settings',{}) + all_content.append(content) + included_res[:] = [] + if search(content, match_included_res, no_op): + files = [inctpl['resources'][x]['type'] for x in included_res] + # parse included content + for r, f in zip(included_res, files): + # disregard class names, only consider file names + if 'OS::' in f: + continue + newfile = os.path.normpath(os.path.dirname(incfile)+'/'+f) + newtmp = yaml.load(open(newfile).read()) + read_all(newfile, newtmp) + + read_all(filename, tpl) + if search(all_content, match_use_mysql_protocol, no_op): + # ensure this service includes the mysqlclient service + resources = tpl['resources'] + mysqlclient = [x for x in resources + if resources[x]['type'].endswith('mysql-client.yaml')] + if len(mysqlclient) == 0: + print("ERROR: containerized service %s uses mysql but " + "resource mysql-client.yaml is not used" + % filename) + return 1 + + # and that mysql::client puppet module is included in puppet-config + match_mysqlclient = \ + lambda x: x == [mysqlclient[0], 'role_data', 'step_config'] + role_data = tpl['outputs']['role_data'] + puppet_config = role_data['value']['puppet_config']['step_config'] + if not search(puppet_config, match_mysqlclient, no_op): + print("ERROR: containerized service %s uses mysql but " + "puppet_config section does not include " + "::tripleo::profile::base::database::mysql::client" + % filename) + return 1 + + return 0 + + def validate_docker_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -186,12 +301,18 @@ def validate_docker_service(filename, tpl): else: if section_name in OPTIONAL_DOCKER_SECTIONS: continue + elif section_name in OPTIONAL_SECTIONS: + continue else: print('ERROR: %s is extra in role_data for %s.' % (section_name, filename)) return 1 if 'puppet_config' in role_data: + if validate_docker_service_mysql_usage(filename, tpl): + print('ERROR: could not validate use of mysql service for %s.' + % filename) + return 1 puppet_config = role_data['puppet_config'] for key in puppet_config: if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS: @@ -219,11 +340,13 @@ def validate_docker_service(filename, tpl): if 'docker_config' in role_data: docker_config = role_data['docker_config'] for _, step in docker_config.items(): + if not isinstance(step, dict): + # NOTE(mandre) this skips everything that is not a dict + # so we may ignore some containers definitions if they + # are in a map_merge for example + continue for _, container in step.items(): if not isinstance(container, dict): - # NOTE(mandre) this skips everything that is not a dict - # so we may ignore some containers definitions if they - # are in a map_merge for example continue command = container.get('command', '') if isinstance(command, list): @@ -422,10 +545,8 @@ for p, defs in param_map.items(): # If all items in the list are not == the first, then the check fails if check_data.count(check_data[0]) != len(check_data): mismatch_count += 1 - # TODO(bnemec): Make this a hard failure once all the templates have - # been fixed. - #exit_val |= 1 - #failed_files.extend([d['filename'] for d in defs]) + exit_val |= 1 + failed_files.extend([d['filename'] for d in defs]) print('Mismatched parameter definitions found for "%s"' % p) print('Definitions found:') for d in defs: |