aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/multinode-containers.yaml23
-rw-r--r--ci/environments/scenario001-multinode-containers.yaml47
-rw-r--r--ci/environments/scenario002-multinode-containers.yaml38
-rw-r--r--ci/environments/scenario002-multinode.yaml4
-rw-r--r--ci/environments/scenario003-multinode-containers.yaml17
-rw-r--r--ci/environments/scenario004-multinode-containers.yaml36
-rw-r--r--common/deploy-steps-tasks.yaml5
-rwxr-xr-xdocker/docker-puppet.py14
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml20
-rw-r--r--docker/services/cinder-api.yaml1
-rw-r--r--docker/services/cinder-volume.yaml1
-rw-r--r--docker/services/database/mysql.yaml2
-rw-r--r--docker/services/glance-api.yaml39
-rw-r--r--docker/services/heat-api.yaml1
-rw-r--r--docker/services/horizon.yaml6
-rw-r--r--docker/services/keystone.yaml1
-rw-r--r--docker/services/memcached.yaml10
-rw-r--r--docker/services/mistral-api.yaml36
-rw-r--r--docker/services/nova-api.yaml1
-rw-r--r--docker/services/nova-compute.yaml3
-rw-r--r--docker/services/nova-ironic.yaml2
-rw-r--r--docker/services/nova-libvirt.yaml4
-rw-r--r--docker/services/nova-migration-target.yaml2
-rw-r--r--docker/services/pacemaker/clustercheck.yaml5
-rw-r--r--environments/composable-roles/standalone.yaml12
-rw-r--r--environments/deployed-server-pacemaker-environment.yaml4
-rw-r--r--environments/network-isolation-v6.j2.yaml2
-rw-r--r--environments/storage/enable-ceph.yaml2
-rw-r--r--environments/storage/external-ceph.yaml2
-rw-r--r--environments/storage/glance-nfs.yaml2
-rw-r--r--extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml2
-rw-r--r--extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration40
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml21
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml19
-rw-r--r--puppet/role.role.j2.yaml2
-rw-r--r--puppet/services/cinder-base.yaml2
-rw-r--r--puppet/services/database/mysql.yaml50
-rw-r--r--puppet/services/glance-api.yaml4
-rw-r--r--puppet/services/gnocchi-metricd.yaml5
-rw-r--r--puppet/services/neutron-lbaas.yaml3
-rw-r--r--puppet/services/nova-compute.yaml2
-rw-r--r--puppet/services/nova-placement.yaml2
-rw-r--r--puppet/services/rabbitmq.yaml2
-rw-r--r--releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml17
-rw-r--r--releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml5
-rw-r--r--releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml5
-rw-r--r--sample-env-generator/composable-roles.yaml25
-rwxr-xr-xtools/yaml-validate.py5
48 files changed, 393 insertions, 160 deletions
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml
index 7f0d622..9092d3d 100644
--- a/ci/environments/multinode-containers.yaml
+++ b/ci/environments/multinode-containers.yaml
@@ -1,16 +1,22 @@
-# NOTE: This is an environment specific for containers upgrade
-# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
-# being containerization of services managed by pacemaker is not
-# complete, so we deploy and upgrade the non-HA services for now.
-
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
-
+ OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
+ # TODO(mandre) use the containerized service once we've reintroduced cinder
+ # OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
- OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
@@ -50,9 +56,10 @@ parameter_defaults:
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index df12bc5..082541c 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -1,27 +1,41 @@
-# NOTE: This is an environment specific for containers CI. Mainly we
-# deploy non-pacemakerized overcloud. Once we are able to deploy and
-# upgrade pacemakerized and containerized overcloud, we should remove
-# this file and use normal CI multinode environments/scenarios.
-
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
+ # TODO(mandre) fix the tacker service - https://bugs.launchpad.net/tripleo/+bug/1714270
+ # OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
+ OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
+ OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
+ OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
+ # TODO(mandre) use the containerized service once we've reintroduced cinder
+ # OS::TripleO::Services::CinderBackup: ../../docker/services/pacemaker/cinder-backup.yaml
+ # OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
+ OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# FIXME(mandre) fluentd container image missing from tripleomaster registry
# https://bugs.launchpad.net/tripleo/+bug/1721723
# OS::TripleO::Services::FluentdClient: ../../docker/services/fluentd-client.yaml
- OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+ # FIXME(mandre/bandini) mixing BM fluentd and containers is problematic
+ # https://bugs.launchpad.net/tripleo/+bug/1726891
+ # OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
- OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
@@ -82,10 +96,13 @@ parameter_defaults:
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Tacker
- OS::TripleO::Services::Congress
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::FluentdClient
+ # FIXME(mandre/bandini) mixing BM fluentd and containers is problematic
+ # https://bugs.launchpad.net/tripleo/+bug/1726891
+ #- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Iscsid
@@ -95,20 +112,14 @@ parameter_defaults:
# This makes the job twice as fast
ceilometer::agent::polling::polling_interval: 15
Debug: true
- #NOTE(gfidente): not great but we need this to deploy on ext4
- #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
CephAnsibleDisksConfig:
devices:
- /dev/loop3
journal_size: 512
osd_scenario: collocated
+ CephPoolDefaultPgNum: 32
+ CephPoolDefaultSize: 1
CephAnsibleExtraConfig:
- ceph_conf_overrides:
- global:
- osd_pool_default_size: 1
- osd_pool_default_pg_num: 32
- osd_max_object_name_len: 256
- osd_max_object_namespace_len: 64
centos_package_dependencies: []
CephAnsibleSkipTags: ''
#NOTE: These ID's and keys should be regenerated for
@@ -118,8 +129,6 @@ parameter_defaults:
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
- CephPoolDefaultSize: 1
- DockerCephDaemonImage: ceph/daemon:tag-stable-3.0-jewel-centos-7
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
index bec5f48..7941908 100644
--- a/ci/environments/scenario002-multinode-containers.yaml
+++ b/ci/environments/scenario002-multinode-containers.yaml
@@ -1,19 +1,28 @@
-# NOTE: This is an environment specific for containers CI. Mainly we
-# deploy non-pacemakerized overcloud. Once we are able to deploy and
-# upgrade pacemakerized and containerized overcloud, we should remove
-# this file and use normal CI multinode environments/scenarios.
-
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
- OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
+ OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
+ OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
+ # TODO(mandre) use the containerized service once we've reintroduced cinder
+ # OS::TripleO::Services::CinderBackup: ../../docker/services/pacemaker/cinder-backup.yaml
+ # OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
+ OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
- OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
@@ -58,16 +67,29 @@ parameter_defaults:
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentIpmi
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::PankoApi
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index 6c7f4eb..2f731ce 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -9,7 +9,6 @@ resource_registry:
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
- OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
@@ -63,7 +62,6 @@ parameter_defaults:
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
@@ -86,5 +84,7 @@ parameter_defaults:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml
index 65fa6a6..66ced0d 100644
--- a/ci/environments/scenario003-multinode-containers.yaml
+++ b/ci/environments/scenario003-multinode-containers.yaml
@@ -1,8 +1,3 @@
-# NOTE: This is an environment specific for containers CI. Mainly we
-# deploy non-pacemakerized overcloud. Once we are able to deploy and
-# upgrade pacemakerized and containerized overcloud, we should remove
-# this file and use normal CI multinode environments/scenarios.
-
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
@@ -11,10 +6,19 @@ resource_registry:
OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml
OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml
OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml
+ OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
- OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
@@ -49,6 +53,7 @@ parameter_defaults:
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml
index 7eb9813..8340aa3 100644
--- a/ci/environments/scenario004-multinode-containers.yaml
+++ b/ci/environments/scenario004-multinode-containers.yaml
@@ -1,11 +1,11 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
- OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
- OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
- OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
- OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
+ OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
+ OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml
+ OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml
+ OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
@@ -93,14 +93,17 @@ parameter_defaults:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
- #NOTE(gfidente): not great but we need this to deploy on ext4
- #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
- ExtraConfig:
- ceph::profile::params::osd_max_object_name_len: 256
- ceph::profile::params::osd_max_object_namespace_len: 64
- #NOTE(gfidente): necessary when deploying a single OSD
- ceph::profile::params::osd_pool_default_pg_num: 32
- ceph::profile::params::osd_pool_default_pgp_num: 32
+ CephAnsibleDisksConfig:
+ devices:
+ - /dev/loop3
+ journal_size: 512
+ journal_collocation: true
+ osd_scenario: collocated
+ CephPoolDefaultPgNum: 32
+ CephPoolDefaultSize: 1
+ CephAnsibleExtraConfig:
+ centos_package_dependencies: []
+ CephAnsibleSkipTags: ''
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
@@ -108,7 +111,12 @@ parameter_defaults:
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
- CephPoolDefaultSize: 1
+ NovaEnableRbdBackend: true
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ CinderEnableIscsiBackend: false
SwiftCeilometerPipelineEnabled: false
# TODO: in Queens, re-add bgp-vpn and l2gw services when
# containerized.
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 785095b..79a8bc8 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -14,16 +14,17 @@
command: >-
puppet apply {{ host_puppet_config_debug|default('') }}
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ --detailed-exitcodes
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
- changed_when: false
+ changed_when: outputs.rc == 2
check_mode: no
register: outputs
failed_when: false
no_log: true
- debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
when: outputs is defined
- failed_when: outputs|failed
+ failed_when: outputs.rc not in [0, 2]
######################################
# Generate config via docker-puppet.py
######################################
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index 533ed07..d12e055 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -225,8 +225,14 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
touch /tmp/the_origin_of_time
sync
+ set +e
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \
- --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
+ --detailed-exitcodes --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
+ rc=$?
+ set -e
+ if [ $rc -ne 2 -a $rc -ne 0 ]; then
+ exit $rc
+ fi
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
@@ -307,7 +313,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, env=env)
cmd_stdout, cmd_stderr = subproc.communicate()
- if subproc.returncode != 0:
+ # puppet with --detailed-exitcodes will return 0 for success and no changes
+ # and 2 for success and resource changes. Other numbers are failures
+ if subproc.returncode not in [0, 2]:
log.error('Failed running docker-puppet.py for %s' % config_volume)
if cmd_stdout:
log.error(cmd_stdout)
@@ -355,7 +363,7 @@ returncodes = list(p.map(mp_puppet_config, process_map))
config_volumes = [pm[0] for pm in process_map]
success = True
for returncode, config_volume in zip(returncodes, config_volumes):
- if returncode != 0:
+ if returncode not in [0, 2]:
log.error('ERROR configuring %s' % config_volume)
success = False
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 8cc81fb..4674ec1 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -73,15 +73,9 @@ parameters:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
- {
- "volumes": {
- "size": 5,
- "pg_num": 128,
- "pgp_num": 128
- }
- }
- default: {}
- type: json
+ [{"name": "volumes", "pg_num": 64, "rule_name": ""}]
+ default: []
+ type: comma_delimited_list
CinderRbdPoolName:
default: volumes
type: string
@@ -225,13 +219,7 @@ outputs:
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
- - repeat:
- template:
- name: <%pool%>
- pg_num: {get_param: CephPoolDefaultPgNum}
- rule_name: ""
- for_each:
- <%pool%>: {get_param: CephPools}
+ - {get_param: CephPools}
openstack_keys: &openstack_keys
- name:
list_join:
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 25390c6..336b454 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -200,6 +200,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old cinder cron jobs
+ tags: step2
file:
path: /var/spool/cron/cinder
state: absent
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index d8a93b1..46873ea 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -125,6 +125,7 @@ outputs:
step_4:
cinder_volume:
image: *cinder_volume_image
+ ipc: host
net: host
privileged: true
restart: always
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 174acd4..aeba7d7 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -202,7 +202,7 @@ outputs:
volumes:
list_concat:
-
- - /var/lib/mysql:/var/lib/mysql/:ro
+ - /var/lib/mysql:/var/lib/mysql/:rw
- /var/log/containers/mysql:/var/log/mariadb
- /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
- if:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index e1a3827..b4336be 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -39,6 +39,13 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, cinder, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
@@ -48,11 +55,22 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
+ GlanceNfsShare:
+ default: ''
+ description: >
+ NFS share to mount for image storage (when GlanceNfsEnabled is true)
+ type: string
+ GlanceNfsOptions:
+ default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
+ description: >
+ NFS mount options for image storage (when GlanceNfsEnabled is true)
+ type: string
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
+ cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]}
resources:
@@ -108,6 +126,10 @@ outputs:
dest: "/etc/ceph/"
merge: true
preserve_properties: true
+ permissions:
+ - path: /var/lib/glance
+ owner: glance:glance
+ recurse: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
@@ -147,6 +169,12 @@ outputs:
- nfs_backend_enabled
- /var/lib/glance:/var/lib/glance
- ''
+ -
+ if:
+ - cinder_backend_enabled
+ - - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - []
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -157,7 +185,7 @@ outputs:
start_order: 2
image: *glance_api_image
net: host
- privileged: false
+ privileged: {if: [cinder_backend_enabled, true, false]}
restart: always
volumes: *glance_volumes
environment:
@@ -182,6 +210,15 @@ outputs:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
+ - name: Mount NFS on host
+ vars:
+ nfs_backend_enable: {get_param: GlanceNfsEnabled}
+ mount: name=/var/lib/glance src="{{item.NFS_SHARE}}" fstype=nfs4 opts="{{item.NFS_OPTIONS}}" state=mounted
+ with_items:
+ - NFS_SHARE: {get_param: GlanceNfsShare}
+ NFS_OPTIONS: {get_param: GlanceNfsOptions}
+ when:
+ - nfs_backend_enable
- name: create persistent logs directory
file:
path: "{{ item }}"
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 75d0b8c..dcba519 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -166,6 +166,7 @@ outputs:
ignore_errors: True
register: heat_api_enabled
- name: remove old heat cron jobs
+ tags: step2
file:
path: /var/spool/cron/heat
state: absent
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 2c7d7a7..94fd9ee 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -95,6 +95,12 @@ outputs:
- path: /var/log/horizon/
owner: apache:apache
recurse: true
+ # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
+ # horizon:horizon - the policy.json files need read permissions for the apache user
+ # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
+ - path: /etc/openstack-dashboard/
+ owner: apache:apache
+ recurse: true
# FIXME Apache tries to write a .lock file there
- path: /usr/share/openstack-dashboard/openstack_dashboard/local/
owner: apache:apache
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 26cef61..a8ba5bf 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -211,6 +211,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old keystone cron jobs
+ tags: step2
file:
path: /var/spool/cron/keystone
state: absent
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index 817f9ec..67b8424 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -94,7 +94,15 @@ outputs:
-
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- /var/log/containers/memcached:/var/log/
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ # NOTE: We're adding the log redirection here, even though should
+ # already be part of the options. This is because the redirection
+ # via the options is not working and ends up being passed as a
+ # parameter to the memcached command (which it silently ignores).
+ # Thus the need for the explicit redirection here. The redirection
+ # will be removed from the $OPTIONS, which is done via the puppet
+ # module, but we'll only be able to do this once the following pull
+ # request merges: https://github.com/saz/puppet-memcached/pull/88
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 50c8021..1b4b44f 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -36,6 +36,16 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ MistralWorkers:
+ default: 1
+ description: The number of workers for the mistral-api.
+ type: number
+ MistralApiPolicies:
+ description: |
+ A hash of policies to configure for Mistral API.
+ e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+ default: {}
+ type: json
resources:
@@ -45,6 +55,16 @@ resources:
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
+ MistralBase:
+ type: ../../puppet/services/mistral-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
MistralApiBase:
type: ../../puppet/services/mistral-api.yaml
properties:
@@ -60,9 +80,23 @@ outputs:
description: Role data for the Mistral API role.
value:
service_name: {get_attr: [MistralApiBase, role_data, service_name]}
+ # FIXME(mandre) restore once mistral-api image has the necessary packages
+ # to run on top of apache
+ # config_settings:
+ # map_merge:
+ # - get_attr: [MistralApiBase, role_data, config_settings]
config_settings:
map_merge:
- - get_attr: [MistralApiBase, role_data, config_settings]
+ - get_attr: [MistralBase, role_data, config_settings]
+ - mistral::api::api_workers: {get_param: MistralWorkers}
+ mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::policy::policies: {get_param: MistralApiPolicies}
+ tripleo.mistral_api.firewall_rules:
+ '133 mistral':
+ dport:
+ - 8989
+ - 13989
+ mistral_wsgi_enabled: false
logging_source: {get_attr: [MistralApiBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralApiBase, role_data, logging_groups]}
step_config: &step_config
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index f262bcb..7f1b7a5 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -246,6 +246,7 @@ outputs:
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
- name: remove old nova cron jobs
+ tags: step2
file:
path: /var/spool/cron/nova
state: absent
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 883f438..b43193e 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -115,6 +115,7 @@ outputs:
step_4:
nova_compute:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
+ ipc: host
net: host
privileged: true
user: nova
@@ -130,7 +131,7 @@ outputs:
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/containers/nova:/var/log/nova
- /sys/class/net:/sys/class/net
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 1bed40e..f41d197 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -109,7 +109,7 @@ outputs:
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /run:/run
- /dev:/dev
- - /var/lib/nova/:/var/lib/nova
+ - /var/lib/nova/:/var/lib/nova:shared
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index e585cb6..13dbec9 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -174,7 +174,7 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu:ro
@@ -199,7 +199,7 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml
index cb3b950..7909e41 100644
--- a/docker/services/nova-migration-target.yaml
+++ b/docker/services/nova-migration-target.yaml
@@ -149,6 +149,6 @@ outputs:
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ssh/:/host-ssh/:ro
- /run:/run
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
index b5d128d..6db8a21 100644
--- a/docker/services/pacemaker/clustercheck.yaml
+++ b/docker/services/pacemaker/clustercheck.yaml
@@ -44,8 +44,11 @@ resources:
ContainersCommon:
type: ../containers-common.yaml
+# We import from the corresponding docker service because otherwise we risk
+# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
+# rules (see LP#1728918)
MysqlPuppetBase:
- type: ../../../puppet/services/pacemaker/database/mysql.yaml
+ type: ../../../docker/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml
index 3305c9e..c12d72d 100644
--- a/environments/composable-roles/standalone.yaml
+++ b/environments/composable-roles/standalone.yaml
@@ -30,13 +30,13 @@ parameter_defaults:
# Type: string
ComputeHostnameFormat: '%stackname%-novacompute-%index%'
- # Number of Controller nodes to deploy
+ # Number of ControllerOpenstack nodes
# Type: number
- ControllerCount: 3
+ ControllerOpenstackCount: 3
- # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Format for ControllerOpenstack node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
# Type: string
- ControllerHostnameFormat: '%stackname%-controller-%index%'
+ ControllerOpenstackHostnameFormat: '%stackname%-controller-%index%'
# Number of Database nodes
# Type: number
@@ -66,9 +66,9 @@ parameter_defaults:
# Type: string
OvercloudComputeFlavor: compute
- # Name of the flavor for Controller nodes
+ # Name of the flavor for ControllerOpenstack nodes
# Type: string
- OvercloudControllerFlavor: control
+ OvercloudControllerOpenstackFlavor: control
# Name of the flavor for Database nodes
# Type: string
diff --git a/environments/deployed-server-pacemaker-environment.yaml b/environments/deployed-server-pacemaker-environment.yaml
index cc9ea99..83d81bb 100644
--- a/environments/deployed-server-pacemaker-environment.yaml
+++ b/environments/deployed-server-pacemaker-environment.yaml
@@ -1,4 +1,4 @@
resource_registry:
- OS::TripleO::Tasks::ControllerDeployedServerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
- OS::TripleO::Tasks::ControllerDeployedServerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerDeployedServerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerDeployedServerPostConfig: OS::Heat::None
OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml
index 617dfa6..fefa20c 100644
--- a/environments/network-isolation-v6.j2.yaml
+++ b/environments/network-isolation-v6.j2.yaml
@@ -55,3 +55,5 @@ parameter_defaults:
RabbitIPv6: True
# Enable IPv6 environment for Memcached.
MemcachedIPv6: True
+ # Enable IPv6 environment for MySQL.
+ MysqlIPv6: True
diff --git a/environments/storage/enable-ceph.yaml b/environments/storage/enable-ceph.yaml
index 596ec16..c43f2fa 100644
--- a/environments/storage/enable-ceph.yaml
+++ b/environments/storage/enable-ceph.yaml
@@ -21,7 +21,7 @@ parameter_defaults:
# Type: boolean
CinderEnableRbdBackend: True
- # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # The short name of the Glance backend to use. Should be one of swift, rbd, cinder, or file
# Type: string
GlanceBackend: rbd
diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml
index 0f2d039..dde2c90 100644
--- a/environments/storage/external-ceph.yaml
+++ b/environments/storage/external-ceph.yaml
@@ -43,7 +43,7 @@ parameter_defaults:
# Type: string
CinderRbdPoolName: volumes
- # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # The short name of the Glance backend to use. Should be one of swift, rbd, cinder, or file
# Type: string
GlanceBackend: rbd
diff --git a/environments/storage/glance-nfs.yaml b/environments/storage/glance-nfs.yaml
index 3c13930..359401d 100644
--- a/environments/storage/glance-nfs.yaml
+++ b/environments/storage/glance-nfs.yaml
@@ -21,7 +21,7 @@ parameter_defaults:
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
- # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # The short name of the Glance backend to use. Should be one of swift, rbd, cinder, or file
# Type: string
GlanceBackend: file
diff --git a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
index 2455751..a5eb35c 100644
--- a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
@@ -20,7 +20,7 @@ parameter_defaults:
rhel_reg_user: ""
rhel_reg_type: ""
rhel_reg_method: ""
- rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms"
+ rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.2-rpms"
rhel_reg_http_proxy_host: ""
rhel_reg_http_proxy_port: ""
rhel_reg_http_proxy_username: ""
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index d754aaf..4592473 100644
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -23,6 +23,8 @@ proxy_port=
proxy_url=
proxy_username=
proxy_password=
+curl_opts="--retry-delay 10 --max-time 30 --retry ${retry_max_count} --cacert /etc/rhsm/ca/redhat-uep.pem"
+portal_test_url="https://$(crudini --get /etc/rhsm/rhsm.conf server hostname)/subscription/"
# process variables..
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
@@ -129,12 +131,14 @@ if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
# Good both values are not empty
proxy_url="http://${proxy_host}:${proxy_port}"
config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}"
- sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}"
+ sat5_opts="${sat5_opts} --proxy=${proxy_url}"
+ curl_opts="${curl_opts} -x http://${proxy_host}:${proxy_port}"
echo "RHSM Proxy set to: ${proxy_url}"
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}"
sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}"
+ curl_opts="${curl_opts} --proxy-user ${proxy_username}:${proxy_password}"
else
echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..."
proxy_username= ; proxy_password=
@@ -187,10 +191,10 @@ function retry() {
}
function detect_satellite_server {
- if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then
+ if curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then
echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL
katello_api_enabled=1
- elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
+ elif curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
echo Satellite 5 with RHN detected at $REG_SAT_URL
katello_api_enabled=0
else
@@ -199,7 +203,13 @@ function detect_satellite_server {
fi
}
-if [ "x${proxy_url}" != "x" ];then
+if [ "x${proxy_url}" != "x" ]; then
+ # Before everything, we want to make sure the proxy can be reached
+ # Note: no need to manage retries, already done by retry() function.
+ echo "Testing proxy connectivity..."
+ retry bash -c "</dev/tcp/${proxy_host}/${proxy_port}"
+ echo "Proxy ${proxy_url} is reachable!"
+
# Config subscription-manager for proxy
subscription-manager config ${config_opts}
@@ -222,6 +232,22 @@ fi
case "${REG_METHOD:-}" in
portal)
+ # First test curl to RHSM through the specified proxy
+
+ if curl ${curl_opts} -L -s -D - -o /dev/null ${portal_test_url}|grep '200 OK'; then
+ if [ "x${proxy_url}" = "x" ]; then
+ echo "Access to RHSM portal OK, continuing..."
+ else
+ echo "Access to RHSM portal through proxy ${proxy_url} OK, continuing..."
+ fi
+ else
+ if [ "x${proxy_url}" = "x" ]; then
+ echo "Unable to access RHSM portal! Please check your parameters."
+ else
+ echo "Unable to access RHSM portal through configured HTTP proxy (${proxy_url}) ! Please check your parameters."
+ fi
+ exit 1
+ fi
retry subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then
retry subscription-manager attach $attach_opts
@@ -233,7 +259,7 @@ case "${REG_METHOD:-}" in
detect_satellite_server
if [ "$katello_api_enabled" = "1" ]; then
repos="$repos --enable ${satellite_repo}"
- curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
+ curl ${curl_opts} -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
# https://bugs.launchpad.net/tripleo/+bug/1711435
# Delete the /etc/rhsm/facts directory entirely so that the
@@ -247,7 +273,7 @@ case "${REG_METHOD:-}" in
rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true
retry subscription-manager register $opts
retry subscription-manager $repos
- retry yum install -y katello-agent || true # needed for errata reporting to satellite6
+ yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
# https://bugs.launchpad.net/tripleo/+bug/1711435
@@ -255,7 +281,7 @@ case "${REG_METHOD:-}" in
mkdir -p /etc/rhsm/facts
else
pushd /usr/share/rhn/
- curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
+ curl ${curl_opts} -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
popd
retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts
fi
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
index 93408dd..6e010de 100644
--- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
@@ -24,17 +24,16 @@ resources:
config:
datafiles:
neutron_bigswitch_data:
- mapped_data:
- neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
- neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
- # NOTE(aschultz): required for the puppet module but we don't
- # actually want them defined on the compute nodes so we're
- # relying on the puppet module's handling of <SERVICE DEFAULT>
- # to just not set these but still accept that they were defined.
- # This will should be fixed in puppet-neutron and removed here,
- # but for backportability, we need to define something.
- neutron::plugins::ml2::bigswitch::restproxy::servers: '<SERVICE DEFAULT>'
- neutron::plugins::ml2::bigswitch::restproxy::server_auth: '<SERVICE DEFAULT>'
+ neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
+ neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
+ # NOTE(aschultz): required for the puppet module but we don't
+ # actually want them defined on the compute nodes so we're
+ # relying on the puppet module's handling of <SERVICE DEFAULT>
+ # to just not set these but still accept that they were defined.
+ # This will should be fixed in puppet-neutron and removed here,
+ # but for backportability, we need to define something.
+ neutron::plugins::ml2::bigswitch::restproxy::servers: '<SERVICE DEFAULT>'
+ neutron::plugins::ml2::bigswitch::restproxy::server_auth: '<SERVICE DEFAULT>'
NeutronBigswitchDeployment:
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
index 71a915d..cda598a 100644
--- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
@@ -50,16 +50,15 @@ resources:
config:
datafiles:
neutron_bigswitch_data:
- mapped_data:
- neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
- neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
- neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers}
- neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth}
- neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure}
- neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval}
- neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id}
- neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl}
- neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory}
+ neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
+ neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
+ neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers}
+ neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth}
+ neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure}
+ neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval}
+ neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id}
+ neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl}
+ neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory}
NeutronBigswitchDeployment:
type: OS::Heat::StructuredDeployment
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 15da177..d53afd0 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -565,6 +565,7 @@ resources:
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
+ - net_ip_map
- '"%{::osfamily}"'
# The following are required for compatibility with the Controller role
# where some vendor integrations added hieradata via ExtraConfigPre
@@ -578,6 +579,7 @@ resources:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index 5b2a258..2a8026d 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -89,7 +89,7 @@ parameters:
type: string
description: >
Cron to move deleted instances to another table - User
- default: 'keystone'
+ default: 'cinder'
CinderCronDbPurgeAge:
type: string
description: >
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index abbe7a2..c1f54bb 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -57,6 +57,11 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ MysqlIPv6:
+ default: false
+ description: Enable IPv6 in MySQL
+ type: boolean
+
conditions:
@@ -77,6 +82,7 @@ outputs:
# in tripleo-puppet-elements.
mysql::server::package_name: 'mariadb-galera-server'
mysql::server::manage_config_file: true
+ mysql_ipv6: {get_param: MysqlIPv6}
tripleo.mysql.firewall_rules:
'104 mysql galera':
dport:
@@ -113,30 +119,34 @@ outputs:
{get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
{get_param: MysqlIncreaseFileLimit}
- - generate_service_certificates: true
- tripleo::profile::base::database::mysql::certificate_specs:
- service_certificate: '/etc/pki/tls/certs/mysql.crt'
- service_key: '/etc/pki/tls/private/mysql.key'
- hostname:
- str_replace:
- template: "%{hiera('cloud_name_NETWORK')}"
- params:
- NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- dnsnames:
- - str_replace:
+ - if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ tripleo::profile::base::database::mysql::certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/mysql.crt'
+ service_key: '/etc/pki/tls/private/mysql.key'
+ hostname:
+ str_replace:
template: "%{hiera('cloud_name_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- - str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
+ dnsnames:
+ - str_replace:
+ template: "%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ - str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ principal:
+ str_replace:
+ template: "mysql/%{hiera('cloud_name_NETWORK')}"
params:
- $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- principal:
- str_replace:
- template: "mysql/%{hiera('cloud_name_NETWORK')}"
- params:
- NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::database::mysql
metadata_settings:
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 8ec3546..1baf120 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -78,10 +78,10 @@ parameters:
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
+ of swift, rbd, cinder, or file
type: string
constraints:
- - allowed_values: ['swift', 'file', 'rbd']
+ - allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index d45d140..1918c6e 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -37,6 +37,10 @@ parameters:
default: '%{::os_workers}'
description: Number of workers for Gnocchi MetricD
type: string
+ MetricProcessingDelay:
+ default: 30
+ description: Delay between processing metrics.
+ type: number
resources:
GnocchiServiceBase:
@@ -59,6 +63,7 @@ outputs:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers}
+ gnocchi::metricd::metric_processing_delay: {get_param: MetricProcessingDelay}
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
upgrade_tasks:
diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml
index ec477dd..a2c1a2a 100644
--- a/puppet/services/neutron-lbaas.yaml
+++ b/puppet/services/neutron-lbaas.yaml
@@ -73,3 +73,6 @@ outputs:
service_config_settings:
neutron_api:
neutron::server::service_providers: {get_param: NeutronServiceProviders}
+ horizon:
+ horizon::neutron_options:
+ enable_lb: True
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 9e5ba12..5326a25 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -210,7 +210,7 @@ outputs:
collectd:
tripleo.collectd.plugins.nova_compute:
- virt
- collectd::plugins::virt::connection: "qemu:///system"
+ collectd::plugin::virt::connection: 'qemu:///system'
upgrade_tasks:
- name: Stop nova-compute service
tags: step1
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 916cefd..e44a721 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -99,7 +99,7 @@ outputs:
- 13778
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
- nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index a1a6020..879af2a 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -41,7 +41,7 @@ parameters:
RabbitFDLimit:
default: 65536
description: Configures RabbitMQ FD limit
- type: string
+ type: number
RabbitIPv6:
default: false
description: Enable IPv6 in RabbitMQ
diff --git a/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml
new file mode 100644
index 0000000..63e6f21
--- /dev/null
+++ b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml
@@ -0,0 +1,17 @@
+---
+upgrade:
+ - |
+ The format to use for the CephPools parameter needs to be updated into the
+ form expected by ceph-ansible. For example, for a new pool named `mypool`
+ it should change from:
+ { "mypool": { "size": 3, "pg_num": 128, "pgp_num": 128 } }
+ into:
+ [ { "name": "mypool", "pg_num": 128, "rule_name": "" } ]
+ The first is a map where each key is a pool name and its value the pool
+ properties, the second is a list where each item describes all properties
+ of a pool, including its name.
+other:
+ - |
+ With the migration from puppet-ceph to ceph-ansible for the deployment
+ of Ceph, the format of CephPools parameter changes because the two tools
+ use a different format to represent the list of additional pools to create.
diff --git a/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml
new file mode 100644
index 0000000..626ecba
--- /dev/null
+++ b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ When using RHSM proxy, TripleO will now verify that the proxy can be reached
+ otherwise we'll stop early and not try to subscribe nodes.
diff --git a/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml b/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml
new file mode 100644
index 0000000..eb3ab5f
--- /dev/null
+++ b/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1.
+ The new version is supported by RHEL 7.4 and provides katello-agent package.
diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml
index 91d6060..2c929a4 100644
--- a/sample-env-generator/composable-roles.yaml
+++ b/sample-env-generator/composable-roles.yaml
@@ -89,10 +89,8 @@ environments:
files:
overcloud.yaml:
parameters:
- - ControllerHostnameFormat
- ComputeHostnameFormat
- CephStorageHostnameFormat
- - ControllerCount
- ComputeCount
- CephStorageCount
puppet/services/time/ntp.yaml:
@@ -100,19 +98,21 @@ environments:
- NtpServer
sample-env-generator/composable-roles.yaml:
parameters:
+ - ControllerOpenstackHostnameFormat
- DnsServers
+ - ControllerOpenstackCount
- DatabaseCount
- MessagingCount
- NetworkerCount
- - OvercloudControllerFlavor
+ - OvercloudControllerOpenstackFlavor
- OvercloudComputeFlavor
- OvercloudCephStorageFlavor
- OvercloudDatabaseFlavor
- OvercloudMessagingFlavor
- OvercloudNetworkerFlavor
sample_values:
- ControllerCount: 3
- OvercloudControllerFlavor: control
+ ControllerOpenstackCount: 3
+ OvercloudControllerOpenstackFlavor: control
ComputeCount: 1
OvercloudComputeFlavor: compute
CephStorageCount: 1
@@ -135,6 +135,10 @@ parameters:
description: DNS servers to use for the Overcloud
type: comma_delimited_list
# Dynamic vars based on roles
+ ControllerOpenstackCount:
+ default: 0
+ description: Number of ControllerOpenstack nodes
+ type: number
DatabaseCount:
default: 0
description: Number of Database nodes
@@ -147,10 +151,21 @@ parameters:
default: 0
description: Number of Networker nodes
type: number
+ ControllerOpenstackHostnameFormat:
+ type: string
+ description: >
+ Format for ControllerOpenstack node hostnames
+ Note %index% is translated into the index of the node, e.g 0/1/2 etc
+ and %stackname% is replaced with the stack name e.g overcloud
+ default: "%stackname%-controller-%index%"
OvercloudControllerFlavor:
default: control
description: Name of the flavor for Controller nodes
type: string
+ OvercloudControllerOpenstackFlavor:
+ default: control
+ description: Name of the flavor for ControllerOpenstack nodes
+ type: string
OvercloudComputeFlavor:
default: compute
description: Name of the flavor for Compute nodes
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index c322962..76f856d 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -46,7 +46,10 @@ OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
# consistency across files on. This should only contain parameters whose
# definition we cannot change for backwards compatibility reasons. New
# parameters to the templates should not be added to this list.
-PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'],
+PARAMETER_DEFINITION_EXCLUSIONS = {'CephPools': ['description',
+ 'type',
+ 'default'],
+ 'ManagementNetCidr': ['default'],
'ManagementAllocationPools': ['default'],
'ExternalNetCidr': ['default'],
'ExternalAllocationPools': ['default'],