diff options
21 files changed, 105 insertions, 65 deletions
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml index 0437cc67..b9a84342 100644 --- a/environments/cinder-netapp-config.yaml +++ b/environments/cinder-netapp-config.yaml @@ -25,5 +25,5 @@ parameter_defaults: CinderNetappControllerIps: '' CinderNetappSaPassword: '' CinderNetappStoragePools: '' - CinderNetappEseriesHostType: 'linux_dm_mp' + CinderNetappHostType: '' CinderNetappWebservicePath: '/devmgr/v2' diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml index eefa7026..c583ca79 100644 --- a/environments/logging-environment.yaml +++ b/environments/logging-environment.yaml @@ -4,7 +4,7 @@ resource_registry: OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml -parameter_defaults: +#parameter_defaults: ## Simple configuration # diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml index a8ad2084..62ab06dc 100644 --- a/environments/monitoring-environment.yaml +++ b/environments/monitoring-environment.yaml @@ -4,7 +4,7 @@ resource_registry: OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml -parameter_defaults: +#parameter_defaults: #### Sensu settings #### ##MonitoringRabbitHost: 10.10.10.10 ##MonitoringRabbitPort: 5672 diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index 705e84eb..56b54e22 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -69,6 +69,16 @@ elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # Replay udev events with newer rules udevadm trigger && udevadm settle + # If on ext4, we need to enforce lower values for name and namespace len + # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187 + for OSD_ID in $OSD_IDS; do + OSD_FS=$(findmnt -n -o FSTYPE -T /var/lib/ceph/osd/ceph-${OSD_ID}) + if [ ${OSD_FS} = ext4 ]; then + crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256 + crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64 + fi + done + # Enable systemd unit systemctl enable ceph-osd.target for OSD_ID in $OSD_IDS; do diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index d4200e5f..23074fcb 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -20,9 +20,13 @@ check_disk_for_mysql_dump STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') pcs property set stonith-enabled=false -# Migrate to HA NG +# Migrate to HA NG and fix up rabbitmq queues +# We fix up the rabbitmq ha queues after the migration because it will +# restart the rabbitmq resource. Doing it after the migration means no other +# services will be restart as there are no other constraints if [[ -n $(is_bootstrap_node) ]]; then migrate_full_to_ng_ha + rabbitmq_mitaka_newton_upgrade fi # After migrating the cluster to HA-NG the services not under pacemaker's control diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index cd78f838..df87c93f 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -154,7 +154,7 @@ function migrate_full_to_ng_ha { fi pcs resource delete --force "$resource" else - log_debug "Service $service not found as a pacemaker resource, not trying to delete." + log_debug "Service $resource not found as a pacemaker resource, not trying to delete." fi done @@ -169,3 +169,22 @@ function migrate_full_to_ng_ha { fi fi } + +# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton +# In mitaka we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" +# In newton we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" +# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) +# Note that changing an attribute like this makes the rabbitmq resource restart +function rabbitmq_mitaka_newton_upgrade { + if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then + # Number of controller is obtained by counting how many hostnames we + # have in controller_node_names hiera key + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + fi +} diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 07e2de4c..346059f2 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -32,6 +32,29 @@ parameters: default: [] type: comma_delimited_list +resources: + # This adds the extra "services" on for keystone + # so that keystone_admin_api_network and + # keystone_public_api_network point to the correct + # network on the nodes running the "keystone" service + EnabledServicesValue: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: let(root => $) -> $.data.extra_services.items().where($[0] in $root.data.enabled_services).select($[1]).flatten() + $root.data.enabled_services + data: + enabled_services: {get_param: EnabledServices} + extra_services: + # If anything other than keystone needs this + # then we should add an extra_networks interface + # to the service templates role_data but for + # now we hard-code the keystone special case + keystone: + - keystone_admin_api + - keystone_public_api + outputs: net_ip_map: description: > @@ -64,7 +87,7 @@ outputs: template: SERVICE_node_ips: SERVICE_network for_each: - SERVICE: {get_param: EnabledServices} + SERVICE: {get_attr: [EnabledServicesValue, value]} - values: {get_param: ServiceNetMap} - values: ctlplane: {get_param: ControlPlaneIpList} @@ -89,4 +112,4 @@ outputs: template: SERVICE_node_names: {get_param: ServiceHostnameList} for_each: - SERVICE: {get_param: EnabledServices} + SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2aebc105..6c30d3f3 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -99,6 +99,7 @@ resource_registry: OS::TripleO::Services::CinderBackup: OS::Heat::None OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml + OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Core: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index bd699f50..fc756617 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -340,8 +340,6 @@ resources: {% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} - keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index c764d4ef..67dc056b 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -28,10 +28,6 @@ parameters: type: comma_delimited_list memcache_node_ips: type: comma_delimited_list - keystone_public_api_node_ips: - type: comma_delimited_list - keystone_admin_api_node_ips: - type: comma_delimited_list NetVipMap: type: json RedisVirtualIP: @@ -56,6 +52,12 @@ parameters: Heat action on performed top-level stack. constraints: - allowed_values: ['CREATE', 'UPDATE'] + # NOTE(jaosorior): This is being set as IPA as it's the first + # CA we'll actually be testing out. But we can change this if + # people request it. + CertmongerCA: + type: string + default: 'IPA' resources: @@ -136,22 +138,6 @@ resources: list_join: - "]','inet6:[" - {get_param: memcache_node_ips} - keystone_public_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_public_api_node_ips} - keystone_admin_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_admin_api_node_ips} deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} @@ -210,6 +196,8 @@ resources: cloud_name_storage: {get_param: cloud_name_storage} cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + # TLS parameters + certmonger_ca: {get_param: CertmongerCA} outputs: config_id: diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 6ff90881..48446e5a 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -70,12 +70,22 @@ parameters: CinderNetappStoragePools: type: string default: '' - CinderNetappEseriesHostType: + CinderNetappHostType: type: string - default: 'linux_dm_mp' + default: '' CinderNetappWebservicePath: type: string default: '/devmgr/v2' + # DEPRECATED options for compatibility with older versions + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - CinderNetappEseriesHostType resources: CinderNetappConfig: @@ -108,7 +118,7 @@ resources: cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType} + cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} CinderNetappDeployment: @@ -139,7 +149,7 @@ resources: NetappControllerIps: {get_param: CinderNetappControllerIps} NetappSaPassword: {get_param: CinderNetappSaPassword} NetappStoragePools: {get_param: CinderNetappStoragePools} - NetappEseriesHostType: {get_param: CinderNetappEseriesHostType} + NetappHostType: {get_param: CinderNetappHostType} NetappWebservicePath: {get_param: CinderNetappWebservicePath} outputs: diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index e281ef51..49d84574 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -64,11 +64,9 @@ resources: | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus # We need to reload haproxy in case the certificate changed because - # puppet doesn't know the contents of the cert file. The pacemaker - # case is handled separately in a pacemaker-specific resource. - pacemaker_status=$(systemctl is-active pacemaker) + # puppet doesn't know the contents of the cert file. haproxy_status=$(systemctl is-active haproxy) - if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + if [ "$haproxy_status" = "active" ]; then systemctl reload haproxy fi diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 950e9026..0e2410f7 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -59,14 +59,7 @@ outputs: value: service_name: aodh_base config_settings: - aodh::evaluator::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + aodh_redis_password: {get_param: RedisPassword} aodh::db::database_connection: list_join: - '' diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 2ae46d0e..c4abc307 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -51,13 +51,6 @@ outputs: config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + - ceilometer_redis_password: {get_param: RedisPassword} step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 93ab1d79..59c9b844 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -66,7 +66,6 @@ outputs: cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 73889363..556baae0 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -56,6 +56,7 @@ outputs: service_name: gnocchi_base config_settings: #Gnocchi engine + gnocchi_redis_password: {get_param: RedisPassword} gnocchi::debug: {get_param: Debug} gnocchi::db::database_connection: list_join: @@ -67,14 +68,6 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' - gnocchi::storage::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 11b9bf8f..d91a0181 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -41,5 +41,6 @@ outputs: - get_attr: [CinderVolumeBase, role_data, config_settings] - cinder::volume::manage_service: false cinder::volume::enabled: false + cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml index 64ae2e91..982b6064 100644 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -22,7 +22,7 @@ parameters: resources: MongoDbBase: - type: ../../database/mongodb-base.yaml + type: ../../database/mongodb.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index d9156e67..196754eb 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -21,7 +21,7 @@ parameters: resources: RedisBase: - type: ../../database/redis-base.yaml + type: ../../database/redis.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 52300a2f..5387529d 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -38,6 +38,13 @@ parameters: type: string default: '' hidden: true + RabbitHAQueues: + description: + The number of HA queues to be configured in rabbit. The default is 0 which will + be automatically overridden to CEIL(N/2) where N is the number of nodes running + rabbitmq. + default: 0 + type: number MonitoringSubscriptionRabbitmq: default: 'overcloud-rabbitmq' type: string @@ -73,6 +80,7 @@ outputs: rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' + queue_master_locator: '<<"min-masters">>' loopback_users: '[]' rabbitmq::erlang_cookie: yaql: @@ -88,5 +96,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} + step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/roles_data.yaml b/roles_data.yaml index fe98d827..f3b64475 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -124,7 +124,7 @@ - name: BlockStorage ServicesDefault: - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone |