diff options
205 files changed, 2421 insertions, 4708 deletions
@@ -113,13 +113,13 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | swift | | X | | | X | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| aodh | X | | | | | | +| aodh | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| ceilometer | X | | | | | | +| ceilometer | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| gnocchi | X | | | | | | +| gnocchi | rbd | swift | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| panko | X | | | | | | +| panko | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | barbican | | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index decac6bb..fdf2ad63 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -10,13 +10,13 @@ # environment_groups: (required) # environment_groups: -# Identifies an environment choice. If group includes multiple environments it -# indicates that environments in group are mutually exclusive. +# Identifies a group of environments. # Attributes: # title: (optional) # description: (optional) # tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) +# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive # environments: # List of environments in environment group @@ -25,149 +25,37 @@ # title: (required) # description: (optional) # requires: an array of environments which are required by this environment (optional) -# resource_registry: [tbd] (optional) - -# resource_registry: -# [tbd] Each environment can provide options on resource_registry level applicable -# only when that given environment is used. (resource_type of that environment can -# be implemented using multiple templates). topics: - - title: Base Resources Configuration + - title: General Deployment Options description: environment_groups: - - title: - description: Enable base configuration for all resources required for OpenStack Deployment + - name: general-deployment-options + title: + description: Enables base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml title: Base resources configuration description: - - - title: Deployment Options - description: - environment_groups: - - title: High Availability - description: Enables configuration of an Overcloud controller with Pacemaker - environments: - - file: environments/puppet-pacemaker.yaml - title: Pacemaker - description: Enable configuration of an Overcloud controller with Pacemaker - requires: - - overcloud-resource-registry-puppet.yaml - - title: Pacemaker options - description: - environments: - - file: environments/puppet-pacemaker-no-restart.yaml - title: Pacemaker No Restart - description: - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Docker RDO + - title: Containerized Deployment description: > - Docker container with heat agents for containerized compute node + Configures Deployment to use containerized services environments: - file: environments/docker.yaml - title: Docker RDO + title: Containerized Deployment description: requires: - overcloud-resource-registry-puppet.yaml - - title: Enable TLS - description: > - environments: - - file: environments/enable-tls.yaml - title: TLS - description: > - Use this option to pass in certificates for SSL deployments. - For these values to take effect, one of the TLS endpoints - environments must also be used. - requires: - - overcloud-resource-registry-puppet.yaml - - title: TLS Endpoints - description: > - environments: - - file: environments/tls-endpoints-public-dns.yaml - title: SSL-enabled deployment with DNS name as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is a DNS name. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - file: environments/tls-endpoints-public-ip.yaml - title: SSL-enabled deployment with IP address as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is an IP address. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - title: External load balancer - description: > - Enable external load balancer - environments: - - file: environments/external-loadbalancer-vip-v6.yaml - title: External load balancer IPv6 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - file: environments/external-loadbalancer-vip.yaml - title: External load balancer IPv4 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - - title: Additional Services - description: Deploy additional Overcloud services - environment_groups: - - title: Manila - description: - environments: - - file: environments/manila-generic-config.yaml - title: Manila - description: Enable Manila generic driver backend - requires: - - overcloud-resource-registry-puppet.yaml - - title: Sahara - description: - environments: - - file: environments/services/sahara.yaml - title: Sahara - description: Deploy Sahara service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ironic - description: - environments: - - file: environments/services/ironic.yaml - title: Ironic - description: Deploy Ironic service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Mistral - description: - environments: - - file: environments/services/mistral.yaml - title: Mistral - description: Deploy Mistral service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ceilometer Api - description: + - title: High Availability + description: Enables configuration of an Overcloud Controller with Pacemaker environments: - - file: environments/services/disable-ceilometer-api.yaml - title: Ceilometer Api - description: Disable Ceilometer Api service. This service is - deprecated and will be removed in future releases. Please move - to using gnocchi/aodh/panko apis instead. + - file: environments/puppet-pacemaker.yaml + title: High Availability (Pacemaker) + description: requires: - overcloud-resource-registry-puppet.yaml - # - title: Network Interface Configuration - # description: - # environment_groups: - - - title: Overlay Network Configuration + - title: Network Configuration description: environment_groups: - title: Network Isolation @@ -189,10 +77,12 @@ topics: to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single NIC or Bonding + mutually_exclusive: true + - title: NICs, Bonding, VLANs Configuration description: > - Configure roles to use pair of bonded nics or to use Vlans on a - single nic. This option assumes use of Network Isolation. + Choose one of the pre-defined configurations or provide custom + network-environment.yaml instead. Note that pre-defined configuration work + only with standard Roles and Networks. These options assume use of Network Isolation. environments: - file: environments/net-bond-with-vlans.yaml title: Bond with Vlans @@ -202,7 +92,6 @@ topics: for each role. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-no-external.yaml title: Bond with Vlans No External Ports description: > @@ -212,7 +101,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-v6.yaml title: Bond with Vlans IPv6 description: > @@ -222,7 +110,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics.yaml title: Multiple NICs description: > @@ -231,7 +118,6 @@ topics: This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics-v6.yaml title: Multiple NICs IPv6 description: > @@ -240,7 +126,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml title: Single NIC with Vlans description: > @@ -248,7 +133,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-no-external.yaml title: Single NIC with Vlans No External Ports description: > @@ -257,7 +141,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-linux-bridge-with-vlans.yaml title: Single NIC with Linux Bridge Vlans description: > @@ -265,7 +148,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-v6.yaml title: Single NIC with Vlans IPv6 description: > @@ -274,7 +156,7 @@ topics: This option assumes use of Network Isolation IPv6 requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true - title: Management Network description: > Enable the creation of a system management network. This @@ -292,6 +174,35 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + + - title: Docker Network + description: > + [Temporary] Use this option when deploying containerized deployment + without network isolation + environments: + - file: environments/docker-network.yaml + title: Docker network + description: + requires: + - environments/docker.yaml + + - title: External load balancer + description: > + Enable external load balancer, requires network Isolation to be enabled. + Note that this option assumes standard isolated networks set. + environments: + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - environments/network-isolation.yaml + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - environments/network-isolation-v6.yaml + mutually_exclusive: true - title: Neutron Plugin Configuration description: @@ -327,8 +238,8 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/neutron-midonet.yaml - title: Deploy MidoNet Services + - file: environments/networking/neutron-midonet.yaml + title: Neutron MidoNet Services description: requires: - overcloud-resource-registry-puppet.yaml @@ -378,34 +289,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - - title: Nova Extensions - description: - environment_groups: - - title: Nova Extensions - description: - environments: - - file: environments/nova-nuage-config.yaml - title: Nuage backend - description: > - Enables Nuage backend on the Compute - requires: - - overcloud-resource-registry-puppet.yaml - - title: Storage description: environment_groups: - - title: Cinder backup service - description: - environments: - - file: environments/cinder-backup.yaml - title: Cinder backup service - description: > - OpenStack Cinder Backup service with Pacemaker configured - with Puppet - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Cinder backend + - title: Cinder backends description: > Enable various Cinder backends environments: @@ -414,7 +301,7 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-netapp-config.yaml + - file: environments/storage/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: @@ -422,22 +309,19 @@ topics: - file: environments/cinder-dellsc-config.yaml title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell EMC Storage Center ISCSI backend, - configured via puppet + Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > - Enables a Cinder HPELeftHandISCSI backend, configured - via puppet + Enables a Cinder HPELeftHandISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellps-config.yaml title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder Dell EMC PS Series backend, - configured via puppet + Enables a Cinder Dell EMC PS Series backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml @@ -447,8 +331,7 @@ topics: - file: environments/cinder-scaleio-config.yaml title: Cinder Dell EMC ScaleIO backend description: > - Enables a Cinder Dell EMC ScaleIO backend, - configured via puppet + Enables a Cinder Dell EMC ScaleIO backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-veritas-hyperscale-config.yaml @@ -458,106 +341,199 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph - description: > - Enable the use of Ceph in the overcloud + - title: Cinder backup service + description: environments: - - file: environments/puppet-ceph-external.yaml - title: Externally managed Ceph + - file: environments/cinder-backup.yaml + title: Cinder backup service description: > - Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + OpenStack Cinder Backup service with Pacemaker requires: + - environments/puppet-pacemaker.yaml - overcloud-resource-registry-puppet.yaml + - title: Ceph + description: > + Enable the use of Ceph in the overcloud + environments: - file: environments/puppet-ceph.yaml - title: TripleO managed Ceph + title: Ceph Storage Backend description: > Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: CephMDS - description: > - Deploys CephMDS via TripleO, an additional Ceph service needed to create shared - filesystems hosted in Ceph. + - file: environments/storage/external-ceph.yaml + title: Externally managed Ceph + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + - title: Additional Ceph Options + description: environments: - file: environments/services/ceph-mds.yaml title: Deploys CephMDS - description: + description: > + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. requires: - environments/puppet-ceph.yaml - - title: Ceph Rados Gateway - description: > - Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API - which stores data in the Ceph cluster. - environments: - file: environments/ceph-radosgw.yaml - title: Deploys CephRGW - description: + title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. requires: - environments/puppet-ceph.yaml - - title: Manila with CephFS - description: > - Deploys Manila and configures it with the CephFS driver. This requires the deployment of - Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. - environments: - file: environments/manila-cephfsnative-config.yaml - title: Deploys Manila with CephFS driver - description: Deploys Manila and configures CephFS as its default backend. + title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. requires: - overcloud-resource-registry-puppet.yaml - - title: Storage Environment - description: > - Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It - configures which services will use Ceph, or if any of the services - will use NFS. And more. Usually requires to be edited by user first. - tags: - - no-gui + - title: Glance backends + description: environments: - - file: environments/storage-environment.yaml - title: Storage Environment - description: + - file: environments/storage/glance-nfs.yaml + title: Glance NFS Backend + description: | + Configure and enable this option to enable the use of an NFS + share as the backend for Glance. requires: - overcloud-resource-registry-puppet.yaml - - title: Utilities - description: + + - title: Security + description: Security Hardening Options environment_groups: - - title: Config Debug - description: Enable config management (e.g. Puppet) debugging + - title: TLS + description: environments: - - file: environments/config-debug.yaml - title: Config Debug + - file: environments/ssl/enable-tls.yaml + title: SSL on OpenStack Public Endpoints + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + options must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: + environments: + - file: environments/ssl/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-everywhere-endpoints-dns.yaml + title: Deploy All SSL Endpoints as DNS names + description: > + Use this option when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/ssl/enable-tls.yaml + mutually_exclusive: true + - title: SSH Banner Text + description: Enables population of SSH Banner Text + environments: + - file: environments/sshd-banner.yaml + title: SSH Banner Text description: requires: - overcloud-resource-registry-puppet.yaml - - title: Disable journal in MongoDb - description: > - Since, when journaling is enabled, MongoDb will create big journal - file it can take time. In a CI environment for example journaling is - not necessary. + - title: Horizon Password Validation + description: Enable Horizon Password validation environments: - - file: environments/mongodb-nojournal.yaml - title: Disable journal in MongoDb + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation description: requires: - overcloud-resource-registry-puppet.yaml - - title: Overcloud Steps - description: > - Specifies hooks/breakpoints where overcloud deployment should stop - Allows operator validation between steps, and/or more granular control. - Note: the wildcards relate to naming convention for some resource suffixes, - e.g see puppet/*-post.yaml, enabling this will mean we wait for - a user signal on every *Deployment_StepN resource defined in those files. - tags: - - no-gui + - title: AuditD Rules + description: Management of AuditD rules environments: - - file: environments/overcloud-steps.yaml - title: Overcloud Steps + - file: environments/auditd.yaml + title: AuditD Rule Management description: requires: - overcloud-resource-registry-puppet.yaml + - title: Keystone CADF auditing + description: Enable CADF notifications in Keystone for auditing + environments: + - file: environments/cadf.yaml + title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values + + - title: Additional Services + description: + environment_groups: + - title: + description: Deploy additional services + environments: + - file: environments/services/manila-generic-config.yaml + title: Barbican + description: Enable Barbican with the default secret store backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila with generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ec2-api.yaml + title: EC2 API + description: Enable EC2-API service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/zaqar.yaml + title: Zaqar + description: Deploy Zaqar service + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -566,7 +542,7 @@ topics: description: Enable monitoring agents environments: - file: environments/monitoring-environment.yaml - title: Enable monitoring agents + title: Monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml @@ -574,7 +550,7 @@ topics: description: Enable centralized logging clients (fluentd) environments: - file: environments/logging-environment.yaml - title: Enable fluentd client + title: fluentd client description: requires: - overcloud-resource-registry-puppet.yaml @@ -582,45 +558,45 @@ topics: description: Enable performance monitoring agents environments: - file: environments/collectd-environment.yaml - title: Enable performance monitoring agents + title: Performance monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml - - title: Security Options - description: Security Hardening Options + - title: Utilities + description: environment_groups: - - title: SSH Banner Text - description: Enables population of SSH Banner Text + - title: Config Debug + description: Enable config management (e.g. Puppet) debugging environments: - - file: environments/sshd-banner.yaml - title: SSH Banner Text + - file: environments/config-debug.yaml + title: Config Debug description: requires: - overcloud-resource-registry-puppet.yaml - - title: Horizon Password Validation - description: Enable Horizon Password validation + - title: Disable journal in MongoDb + description: > + Since, when journaling is enabled, MongoDb will create big journal + file it can take time. In a CI environment for example journaling is + not necessary. environments: - - file: environments/horizon_password_validation.yaml - title: Horizon Password Validation + - file: environments/mongodb-nojournal.yaml + title: Disable journal in MongoDb description: requires: - overcloud-resource-registry-puppet.yaml - - title: AuditD Rules - description: Management of AuditD rules + - title: Overcloud Steps + description: > + Specifies hooks/breakpoints where overcloud deployment should stop + Allows operator validation between steps, and/or more granular control. + Note: the wildcards relate to naming convention for some resource suffixes, + e.g see puppet/*-post.yaml, enabling this will mean we wait for + a user signal on every *Deployment_StepN resource defined in those files. + tags: + - no-gui environments: - - file: environments/auditd.yaml - title: AuditD Rule Management + - file: environments/overcloud-steps.yaml + title: Overcloud Steps description: requires: - overcloud-resource-registry-puppet.yaml - - title: Keystone CADF auditing - description: Enable CADF notifications in Keystone for auditing - environments: - - file: environments/cadf.yaml - title: Keystone CADF auditing - - title: SecureTTY Values - description: Set values within /etc/securetty - environments: - - file: environments/securetty.yaml - title: SecureTTY Values diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index cdbcbfd6..513d3f71 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -5,6 +5,7 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml @@ -68,6 +69,18 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentIpmi + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml index 6db00ef1..dd73f476 100644 --- a/ci/environments/scenario007-multinode.yaml +++ b/ci/environments/scenario007-multinode.yaml @@ -16,7 +16,8 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml parameter_defaults: @@ -34,7 +35,7 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::OVNController - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/docker/deploy-steps-playbook.yaml b/common/deploy-steps-tasks.yaml index cd7d5b55..998bbe0c 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/common/deploy-steps-tasks.yaml @@ -1,6 +1,6 @@ -- hosts: localhost - connection: local - tasks: + # Note the indentation here is required as it's joined + # to create a playbook in deploy-steps.j2 + ##################################################### # Per step puppet configuration of the baremetal host ##################################################### @@ -10,7 +10,7 @@ command: >- puppet apply --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - --logdest syslog --color=false + --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp changed_when: false check_mode: no @@ -27,7 +27,7 @@ shell: python /var/lib/docker-puppet/docker-puppet.py environment: NET_HOST: 'true' - DEBUG: '{{docker_puppet_debug}}' + DEBUG: '{{docker_puppet_debug|default(false)}}' when: step == "1" changed_when: false check_mode: no diff --git a/docker/docker-steps.j2 b/common/deploy-steps.j2 index 05ff7945..b36bb97a 100644 --- a/docker/docker-steps.j2 +++ b/common/deploy-steps.j2 @@ -10,6 +10,7 @@ {%- set primary_role_name = primary_role[0].name -%} # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} +{% set update_steps_max = 6 -%} heat_template_version: pike @@ -72,7 +73,15 @@ resources: - name: update_identifier - name: bootstrap_server_id - name: docker_puppet_debug - config: {get_file: deploy-steps-playbook.yaml} + config: + str_replace: + template: | + - hosts: localhost + connection: local + tasks: + _TASKS + params: + _TASKS: {get_file: deploy-steps-tasks.yaml} {%- for step in range(1, deploy_steps_max) %} # BEGIN service_workflow_tasks handling @@ -159,7 +168,7 @@ resources: connection: local vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} - docker_puppet_script: {get_file: docker-puppet.py} + docker_puppet_script: {get_file: ../docker/docker-puppet.py} docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} @@ -235,7 +244,7 @@ resources: {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup + type: OS::TripleO::DeploymentSteps depends_on: - WorkflowTasks_Step{{step}}_Execution # TODO(gfidente): the following if/else condition @@ -294,3 +303,38 @@ resources: {% endfor %} + +outputs: + RoleConfig: + description: Mapping of config data for all roles + value: + deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml} + deploy_steps_playbook: | + - hosts: overcloud + tasks: +{%- for role in roles %} + - include: {{role.name}}/host_prep_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step + update_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/update_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + update_steps_playbook: | + - hosts: overcloud + serial: 1 + tasks: + - include: update_steps_tasks.yaml + with_sequence: count={{update_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step + diff --git a/puppet/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml index 11113eec..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/common/major_upgrade_steps.j2.yaml diff --git a/docker/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml index 4477f868..7cd6abdf 100644 --- a/docker/post-upgrade.j2.yaml +++ b/common/post-upgrade.j2.yaml @@ -1,4 +1,4 @@ # Note the include here is the same as post.j2.yaml but the data used at # # the time of rendering is different if any roles disable upgrades {% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'docker-steps.j2' %} +{% include 'deploy-steps.j2' %} diff --git a/common/post.j2.yaml b/common/post.j2.yaml new file mode 100644 index 00000000..8a70dfa9 --- /dev/null +++ b/common/post.j2.yaml @@ -0,0 +1 @@ +{% include 'deploy-steps.j2' %} diff --git a/common/services.yaml b/common/services.yaml index 350026cc..a8186e43 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -35,7 +35,7 @@ parameters: description: Role name on which the service is applied type: string RoleParameters: - description: Role Specific parameters to be provided to service + description: Parameters specific to the role default: {} type: json @@ -193,6 +193,16 @@ resources: expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + UpdateTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + UpgradeBatchTasks: type: OS::Heat::Value properties: @@ -253,6 +263,7 @@ outputs: service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} step_config: {get_attr: [PuppetStepConfig, value]} upgrade_tasks: {get_attr: [UpgradeTasks, value]} + update_tasks: {get_attr: [UpdateTasks, value]} upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 16deb7d6..d116e7c6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -9,6 +9,7 @@ parameters: key_name: type: string default: unused + description: Name of keypair to assign to servers security_groups: type: json default: [] diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh new file mode 100755 index 00000000..dcabeadf --- /dev/null +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +set -eu + +# whitespace (space or newline) separated list +OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""} +OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"} +# this is just for compatibility with CI +SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"} +# this is the intended variable for overriding +OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"} + +SLEEP_TIME=5 + +function overcloud_ssh_hosts_json { + echo "$OVERCLOUD_HOSTS" | python -c ' +from __future__ import print_function +import json, re, sys +print(json.dumps(re.split("\s+", sys.stdin.read().strip())))' +} + +function overcloud_ssh_key_json { + # we pass the contents to Mistral instead of just path, otherwise + # the key file would have to be readable for the mistral user + cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' +} + +function workflow_finished { + local execution_id="$1" + openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null +} + +if [ -z "$OVERCLOUD_HOSTS" ]; then + echo 'Please set $OVERCLOUD_HOSTS' + exit 1 +fi + +echo "Starting workflow to create ssh admin on deployed servers." +echo "SSH user: $OVERCLOUD_SSH_USER" +echo "SSH key file: $OVERCLOUD_SSH_KEY" +echo "Hosts: $OVERCLOUD_HOSTS" +echo + +EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}" +EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS") +echo "$EXECUTION_CREATE_OUTPUT" +EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }') + +if [ -z "$EXECUTION_ID" ]; then + echo "Failed to get workflow execution ID for ssh admin creation workflow" + exit 1 +fi + +echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)." +while ! workflow_finished $EXECUTION_ID; do + sleep $SLEEP_TIME + echo -n . +done + +echo "Success." diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 36c63887..fadd12d3 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -211,7 +211,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume sync FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \ - --color=false --logdest syslog $TAGS /etc/config.pp + --color=false --logdest syslog --logdest console $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml deleted file mode 100644 index fd956215..00000000 --- a/docker/post.j2.yaml +++ /dev/null @@ -1 +0,0 @@ -{% include 'docker-steps.j2' %} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 70b43eb1..8afb6d28 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -68,7 +71,10 @@ outputs: - get_attr: [AodhApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [AodhApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index f75c57b3..86bdfdf9 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhEvaluatorBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhEvaluatorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhEvaluatorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 9db2ffbe..3f986ab2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhListenerBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhListenerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhListenerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index c16c0161..852120c9 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhNotifierBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhNotifierBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhNotifierBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 6caffd15..424c316f 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -115,7 +115,7 @@ outputs: command: - '/usr/bin/bootstrap_host_exec' - 'ceilometer_agent_central' - - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" + - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 1468415e..52c4a65c 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -102,6 +102,33 @@ conditions: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') +resources: + DockerImageUrlParts: + type: OS::Heat::Value + properties: + type: json + value: + host: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1] + data: {get_param: DockerCephDaemonImage} + - docker.io + image: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2] + data: {get_param: DockerCephDaemonImage} + - yaql: + expression: $.data.rightSplit(':', 1)[0] + data: {get_param: DockerCephDaemonImage} + image_tag: + yaql: + expression: $.data.rightSplit(':', 1)[1] + data: {get_param: DockerCephDaemonImage} + outputs: role_data: description: Role data for the Ceph base service. @@ -125,23 +152,12 @@ outputs: ceph_common_ansible_vars: fsid: { get_param: CephClusterFSID } docker: true - ceph_docker_registry: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[1] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - docker.io - ceph_docker_image: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[2] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} + ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]} + ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} user_config: true ceph_stable: true @@ -185,11 +201,7 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - acls: - - "u:glance:r--" - - "u:nova:r--" - - "u:cinder:r--" - - "u:gnocchi:r--" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 7804fdb2..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-api.yaml properties: @@ -66,7 +69,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -154,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: @@ -166,6 +173,8 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [CinderBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index de637f3b..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-backup.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -114,7 +120,6 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 1bae005c..1ac31874 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-scheduler.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index ce81fbf8..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-volume.yaml properties: @@ -75,6 +78,7 @@ outputs: - "\n" - - "include ::tripleo::profile::base::lvm" - get_attr: [CinderBase, role_data, step_config] + - get_attr: [MySQLClient, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -125,7 +129,6 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index e49682f9..08170cef 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CongressBase: type: ../../puppet/services/congress.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CongressBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5ba79b31..9b5c5b8f 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -36,6 +36,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -77,6 +89,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -84,6 +100,8 @@ outputs: - path: /var/log/mongodb owner: mongodb:mongodb recurse: true + - path: /etc/pki/tls/certs/mongodb.pem + owner: mongodb:mongodb docker_config: step_2: mongodb: @@ -91,11 +109,21 @@ outputs: net: host privileged: false volumes: &mongodb_volumes - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/mongodb:/var/log/mongodb - - /var/lib/mongodb:/var/lib/mongodb + list_concat: + - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/mongodb:/var/log/mongodb + - /var/lib/mongodb:/var/lib/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -106,8 +134,18 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_config_image volumes: - - /var/lib/mongodb:/var/lib/mongodb - - /var/log/containers/mongodb:/var/log/mongodb + list_concat: + - - /var/lib/mongodb:/var/lib/mongodb + - /var/log/containers/mongodb:/var/log/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null host_prep_tasks: - name: create persistent directories file: @@ -116,6 +154,8 @@ outputs: with_items: - /var/log/containers/mongodb - /var/lib/mongodb + metadata_settings: + get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml deleted file mode 100644 index d45d58e1..00000000 --- a/docker/services/database/mysql-client.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: pike - -description: > - Configuration for containerized MySQL clients - -parameters: - DockerMysqlClientConfigImage: - description: The container image to use for the mysql_client config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - InternalTLSCAFile: - default: '/etc/ipa/ca.crt' - type: string - description: Specifies the default CA cert to use if TLS is used for - services in the internal network. - -outputs: - role_data: - description: Role for setting mysql client parameters - value: - service_name: mysql_client - config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} - tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} - # BEGIN DOCKER SETTINGS # - step_config: "" - puppet_config: - config_volume: mysql_client - puppet_tags: file # set this even though file is the default - step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: {get_param: DockerMysqlClientConfigImage} - # no need for a docker config, this service only generates configuration files - docker_config: {} diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index 9f1ecbc1..1d4ddd38 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + Ec2ApiPuppetBase: type: ../../puppet/services/ec2-api.yaml properties: @@ -58,7 +61,10 @@ outputs: service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [Ec2ApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index f4c724b0..044eb283 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -70,7 +73,10 @@ outputs: - get_attr: [GlanceApiPuppetBase, role_data, config_settings] - glance::api::sync_db: false step_config: &step_config - get_attr: [GlanceApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 5129b89f..7c6b6766 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NumberOfStorageSacks: + default: 128 + description: Number of storage sacks to create. + type: number conditions: @@ -84,6 +88,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -97,7 +105,7 @@ outputs: volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] - step_3: + step_4: gnocchi_db_sync: image: *gnocchi_api_image net: host @@ -110,8 +118,13 @@ outputs: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" - step_4: + - /etc/ceph:/etc/ceph:ro + command: + str_replace: + template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM' + params: + SACK_NUM: {get_param: NumberOfStorageSacks} + step_5: gnocchi_api: image: *gnocchi_api_image net: host @@ -124,6 +137,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: - internal_tls_enabled @@ -141,6 +155,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable httpd service tags: step2 diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6778543b..5a6958a0 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiMetricdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiMetricdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 00d218d2..19e658cd 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiStatsdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiStatsdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index f080dcb2..2f0584ea 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -85,6 +85,7 @@ outputs: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false + tripleo::haproxy::haproxy_service_manage: false step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -92,7 +93,8 @@ outputs: puppet_config: config_volume: haproxy puppet_tags: haproxy_config - step_config: *step_config + step_config: + "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: @@ -110,10 +112,44 @@ outputs: preserve_properties: true docker_config: step_1: + haproxy_firewall: + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: *step_config + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: image: {get_param: DockerHAProxyImage} net: host - privileged: false restart: always volumes: list_concat: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 0bc331ca..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 789f3f9d..a20dc131 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -63,7 +66,10 @@ outputs: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [HeatBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [HeatBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 90978f3e..2a9735b5 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [IronicApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [IronicApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 6368bd23..37f4d46e 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -69,7 +72,10 @@ outputs: - ironic::pxe::http_root: /var/lib/ironic/httpboot - ironic::conductor::http_root: /var/lib/ironic/httpboot step_config: &step_config - get_attr: [IronicConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index f6b348c7..80519800 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -118,4 +118,3 @@ outputs: tags: step2 service: name=iscsid.socket state=stopped enabled=no when: stat_iscsid_socket.stat.exists - metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 7ecfc329..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -55,6 +55,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -83,6 +86,7 @@ outputs: - "\n" - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" - {get_attr: [KeystoneBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -99,7 +103,9 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/keystone_cron.json: - command: /usr/sbin/cron -n + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -164,9 +170,11 @@ outputs: keystone_cron: start_order: 4 image: *keystone_image + user: root net: host privileged: false restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index c33f4094..7b2dbfaf 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index 730d33f6..7b5dfec3 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaSchedulerPuppetBase: type: ../../puppet/services/manila-scheduler.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index b4278155..332ba864 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaBase: type: ../../puppet/services/manila-share.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [ManilaBase, role_data, service_name]} config_settings: {get_attr: [ManilaBase, role_data, config_settings]} step_config: &step_config - get_attr: [ManilaBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 73db3742..38b97aef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [MistralApiBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 4c6b300d..2b498be3 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index ea54c574..e106fe47 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index a0c02f30..5e01558a 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,11 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d - config_files: - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/" - merge: true - preserve_properties: true + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: @@ -90,4 +90,3 @@ outputs: - name: Stop and disable multipathd service tags: step2 service: name=multipathd state=stopped enabled=no - metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index a9125c8c..b4fce226 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -68,7 +71,10 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] step_config: &step_config - get_attr: [NeutronBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NeutronBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 4bec8035..45de265e 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -36,12 +36,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -61,14 +71,12 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false - nova_wsgi_enabled: false - nova::api::service_name: '%{::nova::params::api_service_name}' - nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" - {get_attr: [NovaApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -78,7 +86,7 @@ outputs: config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api + command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -108,7 +116,7 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -159,7 +167,7 @@ outputs: start_order: 2 image: *nova_api_image net: host - user: nova + user: root privileged: true restart: always volumes: @@ -169,6 +177,16 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_api_cron: @@ -195,6 +213,8 @@ outputs: volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" + metadata_settings: + get_attr: [NovaApiBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 6b8ebace..39d1740c 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -47,6 +47,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: @@ -66,7 +69,10 @@ outputs: config_settings: get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaComputeBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaComputeBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini @@ -118,6 +124,8 @@ outputs: - /var/lib/nova:/var/lib/nova - /var/lib/libvirt:/var/lib/libvirt - /var/log/containers/nova:/var/log/nova + - /sys/class/net:/sys/class/net + - /sys/bus/pci:/sys/bus/pci environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 9f666577..ae737056 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [NovaConductorBase, role_data, service_name]} config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 0d3d1ec9..715a861b 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConsoleauthPuppetBase: type: ../../puppet/services/nova-consoleauth.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 17068b41..543758a1 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaIronicBase, role_data, service_name]} config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaIronicBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaIronicBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 7344508e..916b057e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -56,7 +56,21 @@ parameters: description: Port that dockerized nova migration target sshd service binds to. type: number - + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. conditions: @@ -69,11 +83,23 @@ conditions: - {get_param: UseTLSTransportForLiveMigration} - true + need_libvirt_secret: + or: + - equals: + - {get_param: NovaEnableRbdBackend} + - true + - equals: + - {get_param: CinderEnableRbdBackend} + - true + resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -93,10 +119,13 @@ outputs: config_settings: get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaLibvirtBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config,file,exec + puppet_tags: libvirtd_config,nova_config,file step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -139,21 +168,46 @@ outputs: - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova - - /etc/libvirt/secrets:/etc/libvirt/secrets + - /etc/libvirt:/etc/libvirt # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - - /etc/libvirt/qemu:/etc/libvirt/qemu - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + if: + - need_libvirt_secret + - nova_libvirt_init_secret: + detach: false + image: {get_param: DockerNovaLibvirtImage} + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro + - /etc/libvirt:/etc/libvirt + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + command: + - /bin/bash + - -c + - str_replace: + template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY' + params: + SECRET_UUID: {get_param: CephClusterFSID} + SECRET_KEY: {get_param: CephClientKey} + - {} host_prep_tasks: - name: create libvirt persistent data directories file: path: "{{ item }}" state: directory with_items: + - /etc/libvirt - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 7350db20..26d17560 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -36,12 +36,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -62,7 +72,10 @@ outputs: - get_attr: [NovaPlacementBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaPlacementBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaPlacementBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -98,8 +111,20 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaPlacementBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 5c1aa308..8d8a6358 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaSchedulerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaSchedulerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 37831ff7..c5f651d2 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaVncProxyPuppetBase: type: ../../puppet/services/nova-vnc-proxy.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index f5b4baec..86730ebc 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + OctaviaApiPuppetBase: type: ../../puppet/services/octavia-api.yaml properties: @@ -67,7 +70,10 @@ outputs: service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [OctaviaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 26ae9bca..c6a80efa 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -52,6 +52,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBackupBase: type: ../../../puppet/services/cinder-backup.yaml properties: @@ -82,7 +85,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBackupBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 262e999d..3c1b7a74 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -48,6 +48,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../../puppet/services/cinder-volume.yaml properties: @@ -76,7 +79,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 624e4caf..8ba7d723 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -32,6 +32,9 @@ parameters: type: string hidden: true default: '' + MysqlClustercheckPassword: + type: string + hidden: true RoleName: default: '' description: Role name on which the service is applied @@ -40,6 +43,14 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -56,6 +67,10 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: role_data: description: Containerized service MySQL using composable services. @@ -76,6 +91,13 @@ outputs: - 4567 - 4568 - 9200 + - + if: + - internal_tls_enabled + - + tripleo::profile::pacemaker::database::mysql_bundle::ca_file: + get_param: InternalTLSCAFile + - {} step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -100,6 +122,20 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + perm: '0600' + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + perm: '0600' + optional: true docker_config: step_1: mysql_data_ownership: @@ -118,7 +154,19 @@ outputs: image: *mysql_image net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ec' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -131,6 +179,12 @@ outputs: - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 + - + list_join: + - '=' + - - 'DB_CLUSTERCHECK_PASSWORD' + - {get_param: MysqlClustercheckPassword} - list_join: - '=' @@ -174,6 +228,8 @@ outputs: file: path: /var/lib/mysql state: directory + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index ad2fa0f6..01c17388 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -71,7 +74,10 @@ outputs: - get_attr: [PankoApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [PankoApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index bff2fdac..b0c3736c 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaApiPuppetBase: type: ../../puppet/services/sahara-api.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaApiPuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 01d4bb9c..b1660296 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaEnginePuppetBase: type: ../../puppet/services/sahara-engine.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaEnginePuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index cdcb4d2a..1b7d78ca 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + TackerBase: type: ../../puppet/services/tacker.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [TackerBase, role_data, config_settings] step_config: &step_config - get_attr: [TackerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [TackerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 061a4a70..072c6759 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -40,15 +40,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false conditions: zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + internal_tls_enabled: {get_param: EnableInternalTLS} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -58,6 +65,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -66,7 +74,10 @@ outputs: service_name: {get_attr: [ZaqarBase, role_data, service_name]} config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} step_config: &step_config - get_attr: [ZaqarBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ZaqarBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -137,6 +148,16 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS zaqar_websocket: @@ -162,3 +183,5 @@ outputs: - name: Stop and disable zaqar service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [ZaqarBase, role_data, metadata_settings] diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml index 47f8e528..01a118e4 100644 --- a/environments/docker-centos-tripleoupstream.yaml +++ b/environments/docker-centos-tripleoupstream.yaml @@ -1,6 +1,6 @@ -# Generated with the following on 2017-07-12T11:40:50.219622 +# Generated with the following on 2017-08-11T04:58:59.567629 # -# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml +# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml # parameter_defaults: @@ -9,6 +9,7 @@ parameter_defaults: DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest + DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest @@ -45,8 +46,8 @@ parameter_defaults: DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest - DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest + DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest @@ -82,7 +83,7 @@ parameter_defaults: DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest - DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest + DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest @@ -100,8 +101,6 @@ parameter_defaults: DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest - DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest - DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 474e9966..1e25a357 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -5,6 +5,8 @@ resource_registry: # Pacemaker runs on the host OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None # Services that are disabled for HA deployments with pacemaker OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 255726a1..49d02e6f 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -6,12 +6,18 @@ resource_registry: OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # The compute node still needs extra initialization steps OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml # NOTE: add roles to be docker enabled as we support them. OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml @@ -22,17 +28,16 @@ resource_registry: OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index a7504611..9b977f6e 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -32,8 +32,8 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml - OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml @@ -51,7 +51,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml - OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml @@ -61,6 +61,3 @@ resource_registry: # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index d1970d64..834c4f10 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -39,3 +39,4 @@ parameter_defaults: - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::OVNController diff --git a/environments/ips-from-pool-all.yaml b/environments/ips-from-pool-all.yaml index 87563753..d4eccbcf 100644 --- a/environments/ips-from-pool-all.yaml +++ b/environments/ips-from-pool-all.yaml @@ -51,7 +51,7 @@ parameter_defaults: - 172.16.0.251 #management: #- 172.16.4.251 - NovaComputeIPs: + ComputeIPs: # Each compute will get an IP from the lists below, first compute, first IP internal_api: - 172.16.2.252 diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml index 20340c78..888e2705 100644 --- a/environments/major-upgrade-composable-steps-docker.yaml +++ b/environments/major-upgrade-composable-steps-docker.yaml @@ -1,8 +1,5 @@ resource_registry: - # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to - # enable docker specific logic, or is just overridding PostUpgradeSteps - # enough (as we want to share the ansible tasks steps etc) - OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: UPGRADE diff --git a/environments/major-upgrade-converge-docker.yaml b/environments/major-upgrade-converge-docker.yaml index 163d1de4..668f8a94 100644 --- a/environments/major-upgrade-converge-docker.yaml +++ b/environments/major-upgrade-converge-docker.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml index d222fb86..668f8a94 100644 --- a/environments/major-upgrade-converge.yaml +++ b/environments/major-upgrade-converge.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../puppet/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml new file mode 100644 index 00000000..bb27ee43 --- /dev/null +++ b/environments/network-isolation-v6.j2.yaml @@ -0,0 +1,58 @@ +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + {%- if network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- else %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endif %} + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.enabled|default(true) %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- else %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{%- endfor %} + + +parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. + MongoDbIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml deleted file mode 100644 index 11ca5b31..00000000 --- a/environments/network-isolation-v6.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Enable the creation of IPv6 Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. -resource_registry: - OS::TripleO::Network::External: ../network/external_v6.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml - OS::TripleO::Network::Storage: ../network/storage_v6.yaml - # IPv4 until OVS and Neutron support IPv6 tunnel endpoints - OS::TripleO::Network::Tenant: ../network/tenant.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - -parameter_defaults: - # Enable IPv6 for Ceph. - CephIPv6: True - # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. - CorosyncIPv6: True - # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. - MongoDbIPv6: True - # Enable various IPv6 features in Nova. - NovaIPv6: True - # Enable IPv6 environment for RabbitMQ. - RabbitIPv6: true - # Enable IPv6 environment for Memcached. - MemcachedIPv6: true diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 6a7318fc..1b792afd 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -17,7 +17,7 @@ resource_registry: {%- endfor %} # Port assignments for the VIPs - {%- for network in networks if network.vip %} + {%- for network in networks if network.vip and network.enabled|default(true) %} OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml index 812e84f3..59056217 100644 --- a/environments/network-management-v6.yaml +++ b/environments/network-management-v6.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml +# and define the needed networks in your custom role file. +# ****************************************************************************** # Enable the creation of an IPv6 system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 041617be..5f50bb15 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -1,3 +1,7 @@ +# *************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml +# and define the needed networks in your custom role file. +# *************************************************************************** # Enable the creation of a system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml index c592d576..a9f732b2 100644 --- a/environments/neutron-ml2-ovn-ha.yaml +++ b/environments/neutron-ml2-ovn-ha.yaml @@ -2,14 +2,15 @@ # extensions, configured via puppet resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 7483bdbb..7322b05c 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -1,15 +1,16 @@ # A Heat environment file which can be used to enable OVN # extensions, configured via puppet resource_registry: - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None - OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 601554a1..ce64311b 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -1,13 +1,13 @@ # A Heat environment file which can be used to enable a # a Neutron Nuage backend on the controller, configured via puppet resource_registry: + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage - OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage parameter_defaults: NeutronNuageNetPartitionName: 'default_name' @@ -18,9 +18,18 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' - NeutronEnableDHCPAgent: false - NeutronServicePlugins: [] - NovaOVSBridge: 'alubr0' - controllerExtraConfig: + NeutronServicePlugins: '' + NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini' + NeutronTypeDrivers: '' + NeutronNetworkType: '' + NeutronMechanismDrivers: '' + NeutronPluginExtensions: '' + NeutronFlatNetworks: '' + NeutronTunnelIdRanges: '' + NeutronNetworkVLANRanges: '' + NeutronVniRanges: '' + NovaOVSBridge: 'default_bridge' + NeutronMetadataProxySharedSecret: 'default' + InstanceNameTemplate: 'inst-%08x' + ControllerExtraConfig: neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/' diff --git a/environments/neutron-opendaylight-sriov.yaml b/environments/neutron-opendaylight-sriov.yaml new file mode 100644 index 00000000..5c0a0350 --- /dev/null +++ b/environments/neutron-opendaylight-sriov.yaml @@ -0,0 +1,28 @@ +# A Heat environment that can be used to deploy OpenDaylight with SRIOV +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2'] + NeutronServicePlugins: 'odl-router_v2,trunk' + + # Add PciPassthroughFilter to the scheduler default filters + #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] + + #NeutronPhysicalDevMappings: "datacentre:ens20f2" + + # Number of VFs that needs to be configured for a physical interface + #NeutronSriovNumVFs: "ens20f2:5" + + #NovaPCIPassthrough: + # - devname: "ens20f2" + # physical_network: "datacentre" diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml index 56c64d15..5e75ed9e 100644 --- a/environments/nova-nuage-config.yaml +++ b/environments/nova-nuage-config.yaml @@ -2,7 +2,13 @@ # Nuage backend on the compute, configured via puppet resource_registry: OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NuageActiveController: '0.0.0.0' NuageStandbyController: '0.0.0.0' + NovaOVSBridge: 'default_bridge' + NovaComputeLibvirtType: 'default_type' + NovaIPv6: False + NuageMetadataProxySharedSecret: 'default' + NuageNovaApiEndpoint: 'default_endpoint' diff --git a/environments/overcloud-baremetal.j2.yaml b/environments/overcloud-baremetal.j2.yaml index 8d7bc8d9..93191a7b 100644 --- a/environments/overcloud-baremetal.j2.yaml +++ b/environments/overcloud-baremetal.j2.yaml @@ -11,10 +11,3 @@ parameter_defaults: {% for role in roles %} {{role.name}}Services: [] {% endfor %} - - # Consistent Hostname format - ControllerHostnameFormat: overcloud-controller-%index% - ComputeHostnameFormat: overcloud-novacompute-%index% - ObjectStorageHostnameFormat: overcloud-objectstorage-%index% - CephStorageHostnameFormat: overcloud-cephstorage-%index% - BlockStorageHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/overcloud-services.yaml b/environments/overcloud-services.yaml index 1d01cb3c..ac1c69f0 100644 --- a/environments/overcloud-services.yaml +++ b/environments/overcloud-services.yaml @@ -1,10 +1,2 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml - -parameter_defaults: - # Consistent Hostname format - ControllerDeployedServerHostnameFormat: overcloud-controller-%index% - ComputeDeployedServerHostnameFormat: overcloud-novacompute-%index% - ObjectStorageDeployedServerHostnameFormat: overcloud-objectstorage-%index% - CephStorageDeployedServerHostnameFormat: overcloud-cephstorage-%index% - BlockStorageDeployedServerHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml new file mode 100644 index 00000000..aacb677a --- /dev/null +++ b/environments/predictable-placement/custom-domain.yaml @@ -0,0 +1,35 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Custom Domain Name +# description: | +# This environment contains the parameters that need to be set in order to +# use a custom domain name and have all of the various FQDNs reflect it. +parameter_defaults: + # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. + # Type: string + CloudDomain: localdomain + + # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + # Type: string + CloudName: overcloud.localdomain + + # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. + # Type: string + CloudNameCtlplane: overcloud.ctlplane.localdomain + + # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'. + # Type: string + CloudNameInternal: overcloud.internalapi.localdomain + + # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'. + # Type: string + CloudNameStorage: overcloud.storage.localdomain + + # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'. + # Type: string + CloudNameStorageManagement: overcloud.storagemgmt.localdomain + diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 2f577c26..7718b821 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -1,5 +1,5 @@ # ****************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml +# DEPRECATED: Use tripleo-heat-templates/environments/storage/external-ceph.yaml # instead. # ****************************************************************************** # A Heat environment file which can be used to enable the diff --git a/environments/services-docker/ironic.yaml b/environments/services-docker/ironic.yaml index e927ecb3..d98ca1d4 100644 --- a/environments/services-docker/ironic.yaml +++ b/environments/services-docker/ironic.yaml @@ -3,3 +3,5 @@ resource_registry: OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml +parameter_defaults: + NovaSchedulerDiscoverHostsInCellsInterval: 15 diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml index b677a4f6..f0c671f6 100644 --- a/environments/services-docker/octavia.yaml +++ b/environments/services-docker/octavia.yaml @@ -3,3 +3,8 @@ resource_registry: OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml + +parameter_defaults: + NeutronServicePlugins: "qos,router,trunk,lbaasv2" + NeutronEnableForceMetadata: true + diff --git a/environments/split-stack-consistent-hostname-format.j2.yaml b/environments/split-stack-consistent-hostname-format.j2.yaml new file mode 100644 index 00000000..8345c108 --- /dev/null +++ b/environments/split-stack-consistent-hostname-format.j2.yaml @@ -0,0 +1,5 @@ +parameter_defaults: + # Consistent Hostname format +{% for role in roles %} + {{role.name}}HostnameFormat: overcloud-{{role.name.lower()}}-%index% +{% endfor %} diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.yaml index 59b8e7f5..cdd4341a 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.yaml @@ -32,8 +32,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string resources: diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..8b2b2308 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -72,6 +72,10 @@ conditions: equals: - {get_param: deployment_actions} - [] + update_requested: + equals: + - {get_param: UpdateOnRHELRegistration} + - true resources: @@ -180,8 +184,7 @@ resources: UpdateDeploymentAfterRHELRegistration: type: OS::Heat::SoftwareDeployment depends_on: RHELRegistrationDeployment - conditions: - update_requested: {get_param: UpdateOnRHELRegistration} + condition: update_requested properties: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml index a30330f9..69e89f87 100644 --- a/extraconfig/pre_network/contrail/compute_pre_network.yaml +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -34,7 +34,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml index 623eb7e0..4b3c673c 100644 --- a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -38,7 +38,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 2f5fcdf7..87dbeaec 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -9,7 +9,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list @@ -55,6 +55,21 @@ parameters: - allowed_pattern: "[0-9,-]*" type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + EnableDpdkDeploymentActions: + default: ['CREATE'] + type: comma_delimited_list + description: > + Exposing the DPDK deployment action, it may be required to run DPDK + config during an upgrade. By default DPDK will be enabled during the + CREATE action only. But on cases when it requires for certain migration, + it may be required to run it for UPDATE action too. # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Queens cycle. HostCpusList: @@ -79,13 +94,6 @@ parameters: default: '' description: Memory allocated for each socket type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} @@ -159,6 +167,40 @@ resources: _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: is_reboot_config_required + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: HostParametersDeployment + condition: is_reboot_config_required + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + + # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk + # immediately after setting dpdk-init (behaviour change from ovs2.6). + # Starting of DPDK require the huge page configuration to be enabled. So + # reboot will happen before DPDK config and we don't need an explicity + # restart after dpdk-init as true because of the behavior change. + # TODO(skramaja): Dependency is that till the service file workaround, is + # maintained, restart of ovs is required. EnableDpdkConfig: type: OS::Heat::SoftwareConfig condition: is_dpdk_config_required @@ -194,6 +236,8 @@ resources: sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path fi + systemctl daemon-reload + systemctl restart openvswitch # DO NOT use --detailed-exitcodes puppet apply --logdest console \ @@ -215,6 +259,7 @@ resources: EnableDpdkDeployment: type: OS::Heat::SoftwareDeployment condition: is_dpdk_config_required + depends_on: RebootDeployment properties: name: EnableDpdkDeployment server: {get_param: server} @@ -223,34 +268,7 @@ resources: if: - deployment_actions_empty - [] - - ['CREATE'] # Only do this on CREATE - - RebootConfig: - type: OS::Heat::SoftwareConfig - condition: is_reboot_config_required - properties: - group: script - config: | - #!/bin/bash - # Stop os-collect-config to avoid any race collecting another - # deployment before reboot happens - systemctl stop os-collect-config.service - /sbin/reboot - - RebootDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: HostParametersDeployment - condition: is_reboot_config_required - properties: - name: RebootDeployment - server: {get_param: server} - config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE - signal_transport: NO_SIGNAL + - {get_param: EnableDpdkDeploymentActions} outputs: result: diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index 1114897f..baf838e4 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -51,6 +51,13 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute yum install -y openstack-nova-migration + # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd + log_debug "Stop and disable libvirtd service for upgrade to containers" + systemctl stop libvirtd + systemctl disable libvirtd + log_debug "Stop and disable openstack-nova-compute for upgrade to containers" + systemctl stop openstack-nova-compute + systemctl disable openstack-nova-compute fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/firstboot/userdata_example.yaml b/firstboot/userdata_example.yaml index 2f03c83b..32da7eda 100644 --- a/firstboot/userdata_example.yaml +++ b/firstboot/userdata_example.yaml @@ -42,10 +42,9 @@ resources: str_replace: template: | #!/bin/bash - curl http://169.254.169.254/openstack/2012-08-10/meta_data.json -o /root/meta_data.json mkdir -p /home/$user/.ssh chmod 700 /home/$user/.ssh - cat /root/meta_data.json | jq -r ".keys[0].data" > /home/$user/.ssh/authorized_keys + os-apply-config --key public-keys.0.openssh-key --type raw > /home/$user/.ssh/authorized_keys chmod 600 /home/$user/.ssh/authorized_keys chown -R $user:$user /home/$user/.ssh params: diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 063e63d4..4afbeb01 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -1,10 +1,43 @@ # This template specifies which j2 rendered templates # should be excluded in the render process from # tripleo-common/tripleo_common/actions/templates.py - +# E.g: +# name: +# - puppet/cephstorage-role.yaml name: - - puppet/controller-role.yaml - - puppet/compute-role.yaml - - puppet/blockstorage-role.yaml - - puppet/objectstorage-role.yaml - - puppet/cephstorage-role.yaml + - network/internal_api.yaml + - network/external.yaml + - network/storage.yaml + - network/storage_mgmt.yaml + - network/tenant.yaml + - network/management.yaml + - network/internal_api_v6.yaml + - network/external_v6.yaml + - network/storage_v6.yaml + - network/storage_mgmt_v6.yaml + - network/tenant_v6.yaml + - network/management_v6.yaml + - network/ports/internal_api.yaml + - network/ports/external.yaml + - network/ports/storage.yaml + - network/ports/storage_mgmt.yaml + - network/ports/tenant.yaml + - network/ports/management.yaml + - network/ports/internal_api_v6.yaml + - network/ports/external_v6.yaml + - network/ports/storage_v6.yaml + - network/ports/storage_mgmt_v6.yaml + - network/ports/tenant_v6.yaml + - network/ports/management_v6.yaml + - network/ports/internal_api_from_pool.yaml + - network/ports/external_from_pool.yaml + - network/ports/storage_from_pool.yaml + - network/ports/storage_mgmt_from_pool.yaml + - network/ports/tenant_from_pool.yaml + - network/ports/management_from_pool.yaml + - network/ports/internal_api_from_pool_v6.yaml + - network/ports/external_from_pool_v6.yaml + - network/ports/storage_from_pool_v6.yaml + - network/ports/storage_mgmt_from_pool_v6.yaml + - network/ports/tenant_from_pool_v6.yaml + - network/ports/management_from_pool_v6.yaml diff --git a/network/external.yaml b/network/external.yaml index 8dbe3e20..708d4635 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -66,4 +66,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/external_v6.yaml b/network/external_v6.yaml index 3266932a..9d1c3d00 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -73,4 +73,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 7ff0dafd..6e1885a9 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 0688f138..7264b1c0 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/management.yaml b/network/management.yaml index f54794c3..be197e5c 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -39,7 +39,7 @@ parameters: description: Ip allocation pool range for the management network. type: json ManagementInterfaceDefaultRoute: - default: null + default: unset description: The default route of the management network. type: string @@ -67,4 +67,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/management_v6.yaml b/network/management_v6.yaml index bf715513..2eb8c876 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -68,4 +68,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml new file mode 100644 index 00000000..ccf437bb --- /dev/null +++ b/network/network.network.j2.yaml @@ -0,0 +1,91 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: + default: {{network.ip_subnet|default("")}} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json + {{network.name}}NetAdminStateUp: + default: false + description: This admin state of the network. + type: boolean + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: + default: {{network.allocation_pools|default([])}} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json + {{network.name}}InterfaceDefaultRoute: + default: {{network.gateway_ip|default("not_defined")}} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} +{%- if network.ipv6 %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} +{%- if network.ipv6 %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: [{{network.name}}Subnet, cidr]} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 5aec597a..48c509df 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -3,13 +3,9 @@ heat_template_version: pike description: Create networks to split out Overcloud traffic resources: - {%- for network in networks %} - {%- if network.name != 'InternalApi' %} - {{network.name}}Network: - {%- else %} - InternalNetwork: - {%- endif %} + {%- set network_name = network.compat_name|default(network.name) %} + {{network_name}}Network: type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -23,15 +19,9 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- if network.name != 'InternalApi' %} - {{network.name_lower}}: - yaql: - data: {get_attr: [{{network.name}}Network, subnet_cidr]} - expression: str($.data).replace('null', 'disabled') - {%- else %} + {%- set network_name = network.compat_name|default(network.name) %} {{network.name_lower}}: yaql: - data: {get_attr: [InternalNetwork, subnet_cidr]} + data: {get_attr: [{{network_name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') - {%- endif %} {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index bb54ca62..f874c30d 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -9,8 +9,8 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: - description: # Here for compatibility with isolated networks + NetworkName: # Here for compatibility with isolated networks + description: Name of the network where the VIP will be created default: ctlplane type: string PortName: diff --git a/network/ports/external.yaml b/network/ports/external.yaml index a02cc284..72922093 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index d2610c69..a14aa90b 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index e5fe8d71..2aa51267 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 12d61cce..5a1b5ae3 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index f258080a..e9eb7875 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index cb87fd54..31c72daf 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 12a0731b..657310ed 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 46e6e187..6a9e7083 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/management.yaml b/network/ports/management.yaml index dd62033b..417d0612 100644 --- a/network/ports/management.yaml +++ b/network/ports/management.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index 188be68c..4815d163 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index b5d44259..2a7d3b1d 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml index 977502a8..9de06d9c 100644 --- a/network/ports/management_v6.yaml +++ b/network/ports/management_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index a6971b0f..ce58e96f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -14,6 +14,7 @@ parameters: ExternalIpSubnet: default: '' type: string + description: IP address/subnet on the external network ExternalIpUri: default: '' type: string @@ -24,6 +25,7 @@ parameters: InternalApiIpSubnet: default: '' type: string + description: IP address/subnet on the internal API network InternalApiIpUri: default: '' type: string @@ -34,6 +36,7 @@ parameters: StorageIpSubnet: default: '' type: string + description: IP address/subnet on the storage network StorageIpUri: default: '' type: string @@ -44,6 +47,7 @@ parameters: StorageMgmtIpSubnet: default: '' type: string + description: IP address/subnet on the storage mgmt network StorageMgmtIpUri: default: '' type: string @@ -54,6 +58,7 @@ parameters: TenantIpSubnet: default: '' type: string + description: IP address/subnet on the tenant network TenantIpUri: default: '' type: string diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index 018bf2bb..d0847882 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index aa40cf17..72e60cb2 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 8030bfc0..9f39c4ff 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -12,19 +12,21 @@ parameters: description: IP address on the control plane type: string ControlPlaneNetwork: - description: Name of the control plane network + description: The name of the undercloud Neutron control plane default: ctlplane type: string PortName: description: Name of the port default: '' type: string - NetworkName: - description: # Here for compatibility with vip.yaml - default: '' + NetworkName: # Here for compatibility with vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane type: string FixedIPs: - description: # Here for compatibility with vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] default: [] type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml new file mode 100644 index 00000000..ded3e798 --- /dev/null +++ b/network/ports/port.network.j2.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network. The IP address will be chosen + automatically if FixedIPs is empty. + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name_lower}} neutron network + default: {{network.name_lower|default(network.name|lower)}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json + IPPool: # Here for compatibility with from_pool.yaml + default: {} + type: json + NodeIndex: # Here for compatibility with from_pool.yaml + default: 0 + type: number + +resources: + + {{network.name}}Port: + type: OS::Neutron::Port + properties: + network: {get_param: {{network.name}}NetName} + name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} + replacement_policy: AUTO + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - '/' + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml new file mode 100644 index 00000000..9c08ec76 --- /dev/null +++ b/network/ports/port_from_pool.network.j2.yaml @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name}} neutron network + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index 5c1aba1a..13e51ccf 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index ca5993fc..11aa20c7 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index ec7cd2f0..2d2c3055 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 94b058a2..c06c58ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 63b2e154..07308a70 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -26,7 +26,7 @@ parameters: type: number StorageMgmtNetCidr: default: '172.16.3.0/24' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 6d0b8794..1b30f0ce 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -27,7 +27,7 @@ parameters: type: number StorageMgmtNetCidr: default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 3d70c690..c10b1393 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 6137d241..c7d47c54 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index a56b0f43..6c5eee38 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index 03ff6d11..94c419df 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index d45faf06..cc2b619a 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index d23e91f7..47d52d8a 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 70b4482c..f47760c8 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 09f646a6..90525a31 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/storage.yaml b/network/storage.yaml index 00316c51..9729044d 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index bc4347c2..fc005573 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index 0d6614f9..cef87de9 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index bf796b2b..51edd4b3 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/tenant.yaml b/network/tenant.yaml index 2104f0bd..67c4abbc 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index 9993eec9..9f139cb1 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network_data.yaml b/network_data.yaml index 23c231f9..6ad37dfe 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -5,30 +5,62 @@ # name: Name of the network (mandatory) # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) -# vlan: vlan for the network (optional) -# gateway: gateway for the network (optional) # enabled: Is the network enabled (optional, defaults to true) +# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) +# (optional, may use parameter defaults in environment to set) +# vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support -# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104 +# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, +# to support VIPs on non-default networks. +# See https://bugs.launchpad.net/tripleo/+bug/1667104 +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# gateway_ip: gateway for the network (optional, may use parameter defaults) +# NOTE: IP-related values set parameter defaults in templates, may be overridden. +# compat_name: for existing stack you may need to override the default transformation +# for the resource's name. +# +# Example: +# - name Example +# vip: false +# ip_subnet: '10.0.2.0/24' +# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] +# gateway_ip: '10.0.2.254' # +# TODO (dsneddon) remove existing templates from j2_excludes.yaml +# and generate all templates dynamically. + - name: External vip: true name_lower: external + ip_subnet: '10.0.0.0/24' + allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] + gateway_ip: '10.0.0.1' - name: InternalApi name_lower: internal_api vip: true + ip_subnet: '172.16.2.0/24' + allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] + compat_name: Internal - name: Storage vip: true name_lower: storage + ip_subnet: '172.16.1.0/24' + allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - name: StorageMgmt name_lower: storage_mgmt vip: true + ip_subnet: '172.16.3.0/24' + allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant + ip_subnet: '172.16.0.0/24' + allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs name_lower: management + ip_subnet: '10.0.1.0/24' + allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2dcc7f00..63868b54 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -1,8 +1,8 @@ resource_registry: OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::PostDeploySteps: puppet/post.yaml - OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml + OS::TripleO::PostDeploySteps: common/post.yaml + OS::TripleO::PostUpgradeSteps: common/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml @@ -17,7 +17,7 @@ resource_registry: {% for role in roles %} OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None - OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml + OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None @@ -109,6 +109,8 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: OS::Heat::None + OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup + # services OS::TripleO::Services: common/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml @@ -154,8 +156,10 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::OVNController: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index ddf2701a..a7a4fe25 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -46,8 +46,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string ControlFixedIPs: default: [] @@ -89,7 +89,7 @@ parameters: description: Neutron ID or name for ctlplane network. NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string PublicVirtualFixedIPs: default: [] @@ -186,11 +186,12 @@ parameters: {% if role.name != 'Compute' %} {{role.name}}SchedulerHints: + description: Optional scheduler hints to pass to nova {% else %} NovaComputeSchedulerHints: + description: DEPRECATED - use ComputeSchedulerHints instead {% endif %} type: json - description: Optional scheduler hints to pass to nova default: {} {{role.name}}Parameters: @@ -224,13 +225,6 @@ parameters: description: > List of server hostnames to blacklist from any triggered deployments. -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - - NovaComputeExtraConfig - conditions: add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} @@ -935,6 +929,9 @@ outputs: - {get_attr: [{{role.name}}ServiceChainRoleData, value]} - {get_attr: [{{role.name}}MergedConfigSettings, value]} {% endfor %} + RoleConfig: + description: The configuration workflows associated with each role + value: {get_attr: [AllNodesDeploySteps, RoleConfig]} RoleNetIpMap: description: Mapping of each network to a list of IPs for each role value: diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml deleted file mode 100644 index 7d58d1da..00000000 --- a/puppet/blockstorage-role.yaml +++ /dev/null @@ -1,704 +0,0 @@ -heat_template_version: pike -description: 'OpenStack cinder storage configured by Puppet' -parameters: - BlockStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that BlockStorageExtraConfig takes precedence over ExtraConfig. - type: json - BlockStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - BlockStorageIPs: - default: {} - type: json - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - default: baremetal - constraints: - - custom_constraint: nova.flavor - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - BlockStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - BlockStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Role Specific Parameters - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - BlockStorage: - type: OS::TripleO::BlockStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: - {get_param: BlockStorageImage} - flavor: {get_param: OvercloudBlockStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: BlockStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: BlockStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::BlockStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::BlockStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::BlockStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::BlockStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::BlockStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::BlockStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::BlockStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::BlockStorage::PreNetworkConfig - properties: - server: {get_resource: BlockStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: BlockStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - BlockStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - BlockStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: BlockStorageUpgradeInitDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: BlockStorageUpgradeInitDeployment - properties: - name: BlockStorageDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Map heat metadata into hiera datafiles - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: {get_param: BlockStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - volume: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: BlockStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: BlockStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: BlockStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - config: {get_resource: UpdateConfig} - server: {get_resource: BlockStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: BlockStorageDeployment - properties: - server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [BlockStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [BlockStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the block storage server - value: - {get_resource: BlockStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [BlockStorage, os_collect_config]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml deleted file mode 100644 index 48e5b97a..00000000 --- a/puppet/cephstorage-role.yaml +++ /dev/null @@ -1,718 +0,0 @@ -heat_template_version: pike -description: 'OpenStack ceph storage node configured by Puppet' -parameters: - OvercloudCephStorageFlavor: - description: Flavor for the Ceph Storage node. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - CephStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - CephStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Role Specific Parameters - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - CephStorage: - type: OS::TripleO::CephStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: CephStorageImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudCephStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: CephStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: CephStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::CephStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::CephStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::CephStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::CephStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::CephStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::CephStorage::PreNetworkConfig - properties: - server: {get_resource: CephStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - CephStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - CephStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: CephStorageUpgradeInitDeployment - server: {get_resource: CephStorage} - config: {get_resource: CephStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: CephStorageUpgradeInitDeployment - properties: - name: CephStorageDeployment - config: {get_resource: CephStorageConfig} - server: {get_resource: CephStorage} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: {get_param: CephStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - ceph: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: CephStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - CephStorageExtraConfigPre: - depends_on: CephStorageDeployment - type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: CephStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: CephStorageDeployment - properties: - server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [CephStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [CephStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the ceph storage server - value: - {get_resource: CephStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml deleted file mode 100644 index 3ad6f745..00000000 --- a/puppet/compute-role.yaml +++ /dev/null @@ -1,744 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack hypervisor node configured via Puppet. - -parameters: - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that NovaComputeExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudComputeFlavor: - description: Flavor for the nova compute node - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - NovaImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - NodeIndex: - type: number - default: 0 - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeIPs: - default: {} - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - NovaComputeServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - NovaComputeSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Role Specific Parameters - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - -resources: - - NovaCompute: - type: OS::TripleO::ComputeServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: NovaImage} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: OvercloudComputeFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: NovaComputeServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: NovaComputeSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Compute::NodeUserData - - ExternalPort: - type: OS::TripleO::Compute::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::Compute::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::Compute::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::Compute::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::Compute::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::Compute::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Compute::PreNetworkConfig - properties: - server: {get_resource: NovaCompute} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Compute::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - config: {get_resource: NetworkConfig} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - NovaComputeUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - NovaComputeUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: NovaComputeUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: NovaCompute} - config: {get_resource: NovaComputeUpgradeInitConfig} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: {get_param: NovaComputeExtraConfig} - extraconfig: {get_param: ExtraConfig} - compute: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: NovaComputeUpgradeInitDeployment - properties: - name: NovaComputeDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NovaComputeDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ComputeExtraConfigPre: - depends_on: NovaComputeDeployment - type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ComputeExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: NovaCompute} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: NovaComputeDeployment - properties: - server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} - condition: server_not_blacklisted - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [NovaCompute, os_collect_config]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml deleted file mode 100644 index 933b5e60..00000000 --- a/puppet/controller-role.yaml +++ /dev/null @@ -1,782 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack controller node configured by Puppet. - -parameters: - controllerExtraConfig: - default: {} - description: | - Deprecated. Use ControllerExtraConfig via parameter_defaults instead. - type: json - ControllerExtraConfig: - default: {} - description: | - Controller specific hiera configuration data to inject into the cluster. - type: json - ControllerIPs: - default: {} - description: > - A network mapped list of IPs to assign to Controllers in the following form: - { - "internal_api": ["a.b.c.d", "e.f.g.h"], - ... - } - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional hieradata to inject into the cluster, note that - ControllerExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - controllerImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - NodeIndex: - type: number - default: 0 - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - ControllerServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ControllerSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Role Specific Parameters - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - Controller: - type: OS::TripleO::ControllerServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: controllerImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudControlFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: ControllerServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ControllerSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Controller::NodeUserData - - ExternalPort: - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - InternalApiPort: - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Controller::Ports::StoragePort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Controller::Ports::TenantPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - ManagementPort: - type: OS::TripleO::Controller::Ports::ManagementPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Controller::PreNetworkConfig - properties: - server: {get_resource: Controller} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Controller::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: Controller} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NetworkDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: Controller} - - # Resource for site-specific passing of private keys/certificates - NodeTLSData: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeTLSData - properties: - server: {get_resource: Controller} - NodeIndex: {get_param: NodeIndex} - - ControllerUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - ControllerUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: ControllerUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: Controller} - config: {get_resource: ControllerUpgradeInitConfig} - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: ControllerUpgradeInitDeployment - properties: - name: ControllerDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Map heat metadata into hiera datafiles - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: {get_param: ExtraConfig} - controller: - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ControllerExtraConfigPre: - depends_on: ControllerDeployment - type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ControllerExtraConfigPre, NodeTLSData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: Controller} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: ControllerDeployment - properties: - server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [Controller, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - condition: server_not_blacklisted - tls_key_modulus_md5: - description: MD5 checksum of the TLS Key Modulus - value: {get_attr: [NodeTLSData, key_modulus_md5]} - tls_cert_modulus_md5: - description: MD5 checksum of the TLS Certificate Modulus - value: {get_attr: [NodeTLSData, cert_modulus_md5]} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [Controller, os_collect_config]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 8cba4351..e81b1142 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -7,6 +7,7 @@ description: > parameters: # Can be overridden via parameter_defaults in the environment SSLCertificate: + default: '' description: > The content of the SSL certificate (without Key) in PEM format. type: string diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml deleted file mode 100644 index a03a9da5..00000000 --- a/puppet/objectstorage-role.yaml +++ /dev/null @@ -1,703 +0,0 @@ -heat_template_version: pike -description: 'OpenStack swift storage node configured by Puppet' -parameters: - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that ObjectStorageExtraConfig takes precedence over ExtraConfig. - type: json - ObjectStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - SwiftStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - SwiftStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ObjectStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Role Specific Parameters - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - SwiftStorage: - type: OS::TripleO::ObjectStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: SwiftStorageImage} - flavor: {get_param: OvercloudSwiftStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: SwiftStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ObjectStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::ObjectStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::SwiftStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::SwiftStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::SwiftStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::SwiftStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::SwiftStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::ObjectStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::ObjectStorage::PreNetworkConfig - properties: - server: {get_resource: SwiftStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: SwiftStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - - SwiftStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - SwiftStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: SwiftStorageUpgradeInitDeployment - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SwiftStorageHieraConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: {get_param: ObjectStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - object: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - SwiftStorageHieraDeploy: - type: OS::Heat::StructuredDeployment - depends_on: SwiftStorageUpgradeInitDeployment - properties: - name: SwiftStorageHieraDeploy - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageHieraConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: SwiftStorageHieraDeploy - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: SwiftStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: SwiftStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: SwiftStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: SwiftStorageHieraDeploy - properties: - server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [SwiftStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [SwiftStorage, os_collect_config]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml deleted file mode 100644 index bdd1e613..00000000 --- a/puppet/post-upgrade.j2.yaml +++ /dev/null @@ -1,30 +0,0 @@ -heat_template_version: pike - -description: > - Post-upgrade configuration steps via puppet for all roles - where upgrade is not disabled as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -resources: -# Note the include here is the same as post.j2.yaml but the data used at -# the time of rendering is different if any roles disable upgrades -{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'puppet-steps.j2' %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml deleted file mode 100644 index 67e1ecfd..00000000 --- a/puppet/post.j2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -heat_template_version: pike - -description: > - Post-deploy configuration steps via puppet for all roles, - as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -{% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 deleted file mode 100644 index f7651a57..00000000 --- a/puppet/puppet-steps.j2 +++ /dev/null @@ -1,156 +0,0 @@ -{% set deploy_steps_max = 6 %} -conditions: -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}_Enabled: - or: - {%- for role in roles %} - - not: - equals: - - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] - - '' - - False - {%- endfor %} -{% endfor %} - -resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number -{% for role in roles %} - # {{role.name}} Role post-deploy steps - {{role.name}}ArtifactsConfig: - type: deploy-artifacts.yaml - - {{role.name}}ArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - name: {{role.name}}ArtifactsDeploy - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ArtifactsConfig} - - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - - # Step through a series of configuration steps -{% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - WorkflowTasks_Step{{step}}_Execution - # TODO(gfidente): the following if/else condition - # replicates what is already defined for the - # WorkflowTasks_StepX resource and can be remove - # if https://bugs.launchpad.net/heat/+bug/1700569 - # is fixed. - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {{role.name}}Deployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: {{step}} - update_identifier: {get_param: DeployIdentifier} -{% endfor %} - - # Note, this should be the last step to execute configuration changes. - # Ensure that all {{role.name}}ExtraConfigPost steps are executed - # after all the previous deployment steps. - {{role.name}}ExtraConfigPost: - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step5 - {%- endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} - - # The {{role.name}}PostConfig steps are in charge of - # quiescing all services, i.e. in the Controller case, - # we should run a full service reload. - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig - depends_on: - {%- for dep in roles %} - - {{dep.name}}ExtraConfigPost - {%- endfor %} - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - -{% endfor %} - -# BEGIN service_workflow_tasks handling -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}: - type: OS::Mistral::Workflow - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} - type: direct - tasks: - yaql: - expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() - data: - {%- for role in roles %} - - get_param: [role_data, {{role.name}}, service_workflow_tasks] - {%- endfor %} - - WorkflowTasks_Step{{step}}_Execution: - type: OS::Mistral::ExternalResource - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: WorkflowTasks_Step{{step}} - properties: - actions: - CREATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - UPDATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - always_update: true -{% endfor %} -# END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 18707b9a..5453e65c 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,27 +1,40 @@ -{# ## Some variables are set to enable rendering backwards compatible templates #} -{# ## where a few parameter/resource names don't match the expected pattern #} -{# ## FIXME: we need some way to deprecate the old inconsistent parameters #} -{%- if role.name == 'Controller' -%} - {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%} -{% endif %} +{#- ## Some variables are set to enable rendering backwards compatible templates #} +{#- ## where a few parameter/resource names don't match the expected pattern #} +{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #} +{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%} heat_template_version: pike description: 'OpenStack {{role.name}} node configured by Puppet' parameters: +{%- set default_flavor_name = 'baremetal' %} +{%- if role.deprecated_param_flavor is defined %} + {{role.deprecated_param_flavor}}: + description: DEPRECATED Use Overcloud{{role.name}}Flavor instead. + default: {{default_flavor_name}} + type: string +{%- endif %} Overcloud{{role.name}}Flavor: description: Flavor for the {{role.name}} node. - default: baremetal + default: {{default_flavor_name}} type: string -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor -{% endif %} +{%- endif %} +{%- set default_image_name = 'overcloud-full' %} +{%- if role.deprecated_param_image is defined %} + {{role.deprecated_param_image}}: + type: string + default: {{default_image_name}} + description: DEPRECATED Use {{role.name}}Image instead +{%- endif %} {{role.name}}Image: type: string - default: overcloud-full -{% if role.disable_constraints is not defined %} + default: {{default_image_name}} + description: The disk image file to use for the role. +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: glance.image -{% endif %} +{%- endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -30,13 +43,13 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair -{% endif %} +{%- endif %} NeutronPhysicalBridge: default: 'br-ex' - description: An OVS bridge to create for accessing tenant networks. + description: An OVS bridge to create for accessing external networks. type: string NeutronPublicInterface: default: nic1 @@ -76,8 +89,8 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json -{%- if deprecated_extraconfig_param is defined %} - {{deprecated_extraconfig_param}}: +{%- if role.deprecated_param_extraconfig is defined %} + {{role.deprecated_param_extraconfig}}: default: {} description: | DEPRECATED use {{role.name}}ExtraConfig instead @@ -86,6 +99,12 @@ parameters: {{role.name}}IPs: default: {} type: json +{%- if role.deprecated_param_ips is defined %} + {{role.deprecated_param_ips}}: + default: {} + description: DEPRECATED - use {{role.name}}IPs instead + type: json +{%- endif %} NetworkDeploymentActions: type: comma_delimited_list description: > @@ -112,6 +131,12 @@ parameters: role-specific and is merged with the values given to the ServerMetadata parameter. type: json +{%- if role.deprecated_param_metadata is defined %} + {{role.deprecated_param_metadata}}: + default: {} + description: DEPRECATED - use {{role.name}}ServerMetadata instead + type: json +{%- endif %} ServerMetadata: default: {} description: > @@ -123,6 +148,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} +{%- if role.deprecated_param_scheduler_hints is defined %} + {{role.deprecated_param_scheduler_hints}}: + type: json + description: DEPRECATED - use {{role.name}}SchedulerHints instead + default: {} +{%- endif %} NodeIndex: type: number default: 0 @@ -180,7 +211,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json @@ -202,12 +233,16 @@ parameters: object: 0 default: {} -{% if deprecated_extraconfig_param is defined %} +{% if role.uses_deprecated_params is defined %} parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - - {{deprecated_extraconfig_param}} +{%- for property in role %} +{%- if property.startswith('deprecated_param_') %} + - {{role[property]}} +{%- endif %} +{%- endfor %} {%- endif %} conditions: @@ -222,18 +257,48 @@ conditions: - DeploymentSwiftDataMap - {get_param: Hostname} - "" +{%- if role.deprecated_param_image is defined %} + deprecated_param_image_set: + not: + equals: + - {get_param: {{role.deprecated_param_image}}} + - {{default_image_name}} +{%- endif %} +{%- if role.deprecated_param_flavor is defined %} + deprecated_param_flavor_set: + not: + equals: + - {get_param: {{role.deprecated_param_flavor}}} + - {{default_flavor_name}} +{%- endif %} resources: - {{role.name}}: + {{server_resource_name}}: type: OS::TripleO::{{role.name}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} splay: {get_param: ConfigCollectSplay} properties: - image: {get_param: {{role.name}}Image} + image: +{%- if role.deprecated_param_image is defined %} + if: + - deprecated_param_image_set + - {get_param: {{role.deprecated_param_image}}} + - {get_param: {{role.name}}Image} +{%- else %} + get_param: {{role.name}}Image +{%- endif %} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Overcloud{{role.name}}Flavor} + flavor: +{%- if role.deprecated_param_flavor is defined %} + if: + - deprecated_param_flavor_set + - {get_param: {{role.deprecated_param_flavor}}} + - {get_param: Overcloud{{role.name}}Flavor} +{%- else %} + get_param: Overcloud{{role.name}}Flavor +{%- endif %} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -247,9 +312,17 @@ resources: metadata: map_merge: - {get_param: ServerMetadata} +{%- if role.deprecated_param_metadata is defined %} + - {get_param: {{role.deprecated_param_metadata}}} +{%- endif %} - {get_param: {{role.name}}ServerMetadata} - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: {{role.name}}SchedulerHints} + scheduler_hints: + map_merge: +{%- if role.deprecated_param_scheduler_hints is defined %} + - {get_param: {{role.deprecated_param_scheduler_hints}}} +{%- endif %} + - {get_param: {{role.name}}SchedulerHints} deployment_swift_data: if: - deployment_swift_data_map_unset @@ -288,15 +361,20 @@ resources: {{network.name}}Port: type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port properties: - ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role.name}}IPs} + ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} + IPPool: + map_merge: +{%- if role.deprecated_param_ips is defined %} + - {get_param: {{role.deprecated_param_ips}}} +{%- endif %} + - {get_param: {{role.name}}IPs} NodeIndex: {get_param: NodeIndex} {%- endfor %} NetworkConfig: type: OS::TripleO::{{role.name}}::Net::SoftwareConfig properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} {%- endfor %} @@ -304,7 +382,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} @@ -320,91 +398,91 @@ resources: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external internal_api: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi storage: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage storage_mgmt: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt tenant: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant management: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management ctlplane: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane PreNetworkConfig: type: OS::TripleO::{{role.name}}::PreNetworkConfig properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} RoleParameters: {get_param: RoleParameters} ServiceNames: {get_param: ServiceNames} deployment_actions: {get_attr: [DeploymentActions, value]} @@ -415,7 +493,7 @@ resources: properties: name: NetworkDeployment config: {get_resource: NetworkConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} @@ -426,7 +504,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] - {{role.name}}UpgradeInitConfig: + {{server_resource_name}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig properties: group: script @@ -440,26 +518,26 @@ resources: # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - {{role.name}}UpgradeInitDeployment: + {{server_resource_name}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment properties: - name: {{role.name}}UpgradeInitDeployment - server: {get_resource: {{role.name}}} - config: {get_resource: {{role.name}}UpgradeInitConfig} + name: {{server_resource_name}}UpgradeInitDeployment + server: {get_resource: {{server_resource_name}}} + config: {get_resource: {{server_resource_name}}UpgradeInitConfig} actions: if: - server_not_blacklisted - ['CREATE', 'UPDATE'] - [] - {{role.name}}Deployment: + {{server_resource_name}}Deployment: type: OS::Heat::StructuredDeployment - depends_on: {{role.name}}UpgradeInitDeployment + depends_on: {{server_resource_name}}UpgradeInitDeployment properties: - name: {{role.name}}Deployment - config: {get_resource: {{role.name}}Config} - server: {get_resource: {{role.name}}} + name: {{server_resource_name}}Deployment + config: {get_resource: {{server_resource_name}}Config} + server: {get_resource: {{server_resource_name}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} actions: @@ -468,7 +546,7 @@ resources: - ['CREATE', 'UPDATE'] - [] - {{role.name}}Config: + {{server_resource_name}}Config: type: OS::Heat::StructuredConfig properties: group: hiera @@ -486,6 +564,13 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' + # The following are required for compatibility with the Controller role + # where some vendor integrations added hieradata via ExtraConfigPre + - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre + - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre merge_behavior: deeper datafiles: service_names: @@ -497,10 +582,10 @@ resources: - values: {get_attr: [NetIpMap, net_ip_map]} {{role.name.lower()}}_extraconfig: map_merge: -{%- if deprecated_extraconfig_param is defined %} - - {get_param: {{deprecated_extraconfig_param}}} +{%- if role.deprecated_param_extraconfig is defined %} + - {get_param: {{role.deprecated_param_extraconfig}}} {%- endif %} - - {get_param: {{role.name}}ExtraConfig} + - {get_param: {{server_resource_name}}ExtraConfig} extraconfig: {get_param: ExtraConfig} {{role.name.lower()}}: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -513,16 +598,13 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - {%- if 'primary' in role.tags and 'controller' in role.tags %} - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} {%- if 'primary' in role.tags and 'controller' in role.tags %} # Resource for site-specific passing of private keys/certificates @@ -530,19 +612,19 @@ resources: depends_on: NodeTLSCAData type: OS::TripleO::NodeTLSData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} NodeIndex: {get_param: NodeIndex} {%- endif -%} # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment type: OS::TripleO::{{role.name}}ExtraConfigPre # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration @@ -559,7 +641,7 @@ resources: # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -570,7 +652,7 @@ resources: properties: name: UpdateDeployment config: {get_resource: UpdateConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} input_values: update_identifier: get_param: UpdateIdentifier @@ -591,18 +673,18 @@ resources: SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: description: IP address of the server in the ctlplane network - value: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} hostname: description: Hostname of the server - value: {get_attr: [{{role.name}}, name]} + value: {get_attr: [{{server_resource_name}}, name]} hostname_map: description: Mapping of network names to hostnames value: @@ -622,12 +704,12 @@ outputs: params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} known_hosts_entry: description: Entry for ssh known hosts @@ -641,18 +723,18 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} nova_server_resource: description: Heat resource handle for {{role.name}} server value: - {get_resource: {{role.name}}} + {get_resource: {{server_resource_name}}} condition: server_not_blacklisted deployed_server_port_map: description: | @@ -664,7 +746,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" map_replace: - hostname: fixed_ips: - - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} - keys: hostname: list_join: @@ -682,14 +764,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" container: str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 5 object: str_split: - '?' - str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 6 - 0 - keys: {hostname: {get_param: Hostname}} @@ -703,7 +785,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource - value: {get_attr: [{{role.name}}, os_collect_config]} + value: {get_attr: [{{server_resource_name}}, os_collect_config]} {%- for network in networks %} {{network.name_lower|default(network.name.lower())}}_ip_address: description: IP address of the server in the {{network.name}} network diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d55414b7..a593d55e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc. - Steps/tages correlate to the following: + Steps/tags correlate to the following: 1) Stop all control-plane services. @@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services. +Update Steps +------------ + +Each service template may optionally define a `update_tasks` key, which is a +list of ansible tasks to be performed during the minor update process. + +Similar to the upgrade_tasks, we allow a series of steps for the per-service +update sequence, but note update_task selects the steps via a conditional +referencing the step variable e.g when: step == 2, which is different to the +tags based approach used for upgrade_tasks (the two may be aligned in future). + + Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 04f34e24..dcead0f7 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -47,6 +47,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -98,6 +103,7 @@ outputs: generate_service_certificates: true mongodb::server::ssl: true mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb::server::ssl_ca: {get_param: InternalTLSCAFile} mongodb_certificate_specs: service_pem: '/etc/pki/tls/certs/mongodb.pem' service_certificate: '/etc/pki/tls/certs/mongodb.crt' diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bd96823b..bdcc4fcd 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -77,3 +77,6 @@ outputs: tags: step3 yum: name=redis state=latest when: redis_enabled.rc != 0 + - name: Start redis service + tags: step4 + service: name=redis state=started diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..642685a8 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -55,14 +61,30 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..b2766c44 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string outputs: role_data: @@ -38,12 +44,32 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml index 9510df3b..222977e9 100644 --- a/puppet/services/iscsid.yaml +++ b/puppet/services/iscsid.yaml @@ -36,6 +36,6 @@ outputs: description: Role data for iscsid value: service_name: iscsid - config_setting: {} + config_settings: {} step_config: | include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8796209b..218ba740 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -178,10 +178,10 @@ parameters: Cron to purge expired tokens - Week Day default: '*' KeystoneCronTokenFlushMaxDelay: - type: string + type: number description: > Cron to purge expired tokens - Max Delay - default: '0' + default: 0 KeystoneCronTokenFlushDestination: type: string description: > diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml index 1f331894..65b2a2a1 100644 --- a/puppet/services/network/contrail-dpdk.yaml +++ b/puppet/services/network/contrail-dpdk.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 058b9dc9..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string + hidden: true ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 981fe2fb..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b9556890..b6980045 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,12 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + NeutronDBSyncExtraParams: + default: '' + description: | + String of extra command line parameters to append to the neutron-db-manage + upgrade head command. + type: string ServiceData: default: {} description: Dictionary packing service data @@ -134,6 +140,7 @@ outputs: neutron::db::database_max_retries: -1 neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} - if: - dhcp_agents_zero - {} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml new file mode 100644 index 00000000..a7dc2e8b --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -0,0 +1,99 @@ +heat_template_version: pike + +description: > + OpenStack Neutron ML2/Nuage plugin configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronML2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron ML2/Nuage plugin + value: + service_name: neutron_plugin_ml2_nuage + config_settings: + map_merge: + - get_attr: [NeutronML2Base, role_data, config_settings] + - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index cc4cd8f4..68bba110 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -33,7 +33,7 @@ parameters: OpenDaylightPortBindingController: description: OpenDaylight port binding controller type: string - default: 'network-topology' + default: 'pseudo-agentdb-binding' resources: diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index dd757b5d..bc91374a 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -72,6 +72,10 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: 'openvswitch' resources: NeutronBase: @@ -100,6 +104,7 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} + neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index a12bfd0f..36866a3a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -97,7 +97,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > @@ -170,6 +170,11 @@ outputs: tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index e2ae7260..04936c33 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -139,6 +139,11 @@ outputs: # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::nova::migration::client::libvirt_enabled: true diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 2027292c..139ab7c7 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -33,6 +33,28 @@ parameters: Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" + HostAllowedNetworkTypes: + description: Allowed tenant network types for this OVS host. Note this can + vary per host or role to constrain which hosts nova instances + and networks are scheduled to. + type: comma_delimited_list + default: ['local', 'vlan', 'vxlan', 'gre'] + OvsEnableDpdk: + description: Whether or not to configure enable DPDK in OVS + default: false + type: boolean + OvsVhostuserMode: + description: Specify the mode for OVS with vhostuser port creation. In + client mode, the hypervisor will be responsible for creating + vhostuser sockets. In server mode, OVS will create them. + type: string + default: "client" + constraints: + - allowed_values: [ 'client', 'server' ] + VhostuserSocketDir: + description: Specify the directory to use for vhostuser sockets + type: string + default: "/var/run/openvswitch" EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -71,6 +93,28 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes + neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk + neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir + neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode + neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings + - values: {get_param: [RoleParameters]} + - values: + HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} + OvsEnableDpdk: {get_param: OvsEnableDpdk} + VhostuserSocketDir: {get_param: VhostuserSocketDir} + OvsVhostuserMode: {get_param: OvsVhostuserMode} + OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} + outputs: role_data: description: Role data for the OpenDaylight service. @@ -86,7 +130,6 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' @@ -94,6 +137,7 @@ outputs: '136 neutron gre networks': proto: 'gre' - get_attr: [Ovs, role_data, config_settings] + - get_attr: [RoleParametersValue, value] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml index dfd87eda..30720448 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/ovn-controller.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - OpenStack Neutron Compute OVN agent + OpenStack OVN Controller agent parameters: EndpointMap: @@ -45,23 +45,23 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" outputs: role_data: - description: Role data for the Neutron Compute OVN agent + description: Role data for the OVN Controller agent value: - service_name: neutron_compute_plugin_ovn + service_name: ovn_controller config_settings: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} nova::compute::force_config_drive: true - tripleo.neutron_compute_plugin_ovn.firewall_rules: + tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 @@ -70,3 +70,17 @@ outputs: dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn + upgrade_tasks: + - name: Check if ovn_controller is deployed + command: systemctl is-enabled ovn-controller + tags: common + ignore_errors: True + register: ovn_controller_enabled + - name: "PreUpgrade step0,validation: Check service ovn-controller is running" + shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b' + when: ovn_controller_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-controller service + tags: step1 + when: ovn_controller_enabled.rc == 0 + service: name=ovn-controller state=stopped diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f6f3e3c8..2b98008b 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -57,3 +57,17 @@ outputs: - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd + upgrade_tasks: + - name: Check if ovn_northd is deployed + command: systemctl is-enabled ovn-northd + tags: common + ignore_errors: True + register: ovn_northd_enabled + - name: "PreUpgrade step0,validation: Check service ovn-northd is running" + shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b' + when: ovn_northd_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-northd service + tags: step1 + when: ovn_northd_enabled.rc == 0 + service: name=ovn-northd state=stopped diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 76511784..47ca6142 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -35,6 +35,11 @@ parameters: description: The authkey for the pacemaker remote service. hidden: true default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string @@ -103,5 +108,13 @@ outputs: tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + pacemaker::corosync::manage_fw: false + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e471c2a6..2a8620c8 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -56,3 +56,7 @@ outputs: - name: Update all packages tags: step3 yum: name=* state=latest + update_tasks: + - name: Update all packages + yum: name=* state=latest + when: step == "3" diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 21857423..4a1ad179 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -105,7 +105,7 @@ outputs: - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::unreliable: true @@ -178,6 +178,8 @@ outputs: - {} step_config: | include ::tripleo::profile::base::zaqar + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: yaql: expression: $.data.apache_upgrade + $.data.zaqar_upgrade diff --git a/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml new file mode 100644 index 00000000..523377c2 --- /dev/null +++ b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml @@ -0,0 +1,4 @@ +--- +features: + - Adds new environment file for deploying SRIOV + with OpenDaylight. diff --git a/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml b/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml new file mode 100644 index 00000000..dd01e36f --- /dev/null +++ b/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - | + The following parameters are deprecated for the Compute role: + NovaComputeSchedulerHints - use ComputeSchedulerHints instead + NovaComputeServerMetadata - use ComputeServerMetadata instead + NovaComputeExtraConfig - use ComputeExtraConfig instead + NovaComputeIPs - use ComputeIPs instead + NovaImage - Use OvercloudComputeImage instead diff --git a/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml b/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml new file mode 100644 index 00000000..02f596d3 --- /dev/null +++ b/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml @@ -0,0 +1,8 @@ +--- +deprecations: + - | + The following parameters are deprecated for the Controller role: + controllerExtraConfig - Use ControllerExtraConfig instead, + OvercloudControlFlavor - Use OvercloudControllerFlavor instead, + controllerImage - use ControllerImage instead. + diff --git a/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml new file mode 100644 index 00000000..764686f4 --- /dev/null +++ b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + Both environments/network-management.yaml and environments/network-management-v6.yaml + are now deprecated in favor of specifying the needed networks on each role. diff --git a/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml new file mode 100644 index 00000000..e417f5f2 --- /dev/null +++ b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fix Heat condition for RHEL registration yum update + There were 2 problems with this condition making the + rhel-registration.yaml template broken: "conditions" should be "condition" + and the condition should refer to just a condition name defined in the + "conditions:" section of the template. See + https://bugs.launchpad.net/tripleo/+bug/1709916 diff --git a/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml b/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml new file mode 100644 index 00000000..8fa77fcb --- /dev/null +++ b/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml @@ -0,0 +1,8 @@ +--- +deprecations: + - | + The following parameters are deprecated for the ObjectStorage role: + SwiftStorageServerMetadata - use ObjectStorageServerMetadata instead + SwiftStorageIPs - use ObjectStorageIPs instead + SwiftStorageImage - Use ObjectStorageImage instead + OvercloudSwiftStorageFlavor - Use OvercloudObjectStorageFlavor instead diff --git a/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml new file mode 100644 index 00000000..645f3c79 --- /dev/null +++ b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - Setting the port-binding to be pseudo-agentdb-binding. + Networking-odl no longer supports network-topology +features: + - Enables per role configuration of per host + configuration which allows an operator to dedicate + different compute roles to different network or + port types in OpenDaylight deployments. diff --git a/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml new file mode 100644 index 00000000..23f482a1 --- /dev/null +++ b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for DPDK with OvS2.7, which requires huge page + configuration (with reboot) to be available before enabling DPDK. + diff --git a/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml b/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml new file mode 100644 index 00000000..a9563223 --- /dev/null +++ b/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml @@ -0,0 +1,21 @@ +--- +deprecations: + - | + The static role definitions contained a number of conflicting parameters + which require special handling to convert to dynamic template generation. + In the future, these parameters will be removed. If a role requires one + of these deprecated parameters, then it will be defined in the role + definition in a property named "deprecated_param_<name>". If the role has one + or more deprecated parameters, then "uses_deprecated_params" should be + set to True as well. This will enable creation of a parameter_group + containing the deprecated parameters in the role definition, which will enable + warning users if they use deprecated parameters on deployment. +upgrade: + - | + For deployments where a custom roles_data file is used, it should be rebased + against the default roles_data.yaml, as several additional items, e.g to + specify deprecated parameter names for some of the default roles, have been + added. Alternatively you can regenerate your roles_data using the new + overcloud roles generate command, so that the updated role definitions in + /usr/share/openstack-tripleo-heat-templates/roles are used, which include + the necessary additional data. diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ec9e3698..ce5ab742 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -10,6 +10,15 @@ - Tenant - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_image: 'NovaImage' + deprecated_param_extraconfig: 'NovaComputeExtraConfig' + deprecated_param_metadata: 'NovaComputeServerMetadata' + deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints' + deprecated_param_ips: 'NovaComputeIPs' + deprecated_server_resource_name: 'NovaCompute' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -45,3 +54,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index a1342dc6..0e8a90b7 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -45,3 +45,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/Controller.yaml b/roles/Controller.yaml index c97f7a78..224d1356 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -16,6 +16,12 @@ - StorageMgmt - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_extraconfig: 'controllerExtraConfig' + deprecated_param_flavor: 'OvercloudControlFlavor' + deprecated_param_image: 'controllerImage' ServicesDefault: - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator @@ -109,6 +115,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 398736ae..10d76dd7 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -86,6 +86,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Redis diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index 81bedbd1..ad372be6 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -8,6 +8,13 @@ - InternalApi - Storage - StorageMgmt + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_metadata: 'SwiftStorageServerMetadata' + deprecated_param_ips: 'SwiftStorageIPs' + deprecated_param_image: 'SwiftStorageImage' + deprecated_param_flavor: 'OvercloudSwiftStorageFlavor' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/roles_data.yaml b/roles_data.yaml index 59187183..8f670994 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -19,6 +19,12 @@ - StorageMgmt - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_extraconfig: 'controllerExtraConfig' + deprecated_param_flavor: 'OvercloudControlFlavor' + deprecated_param_image: 'controllerImage' ServicesDefault: - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator @@ -112,6 +118,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ @@ -144,6 +151,15 @@ - Tenant - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_image: 'NovaImage' + deprecated_param_extraconfig: 'NovaComputeExtraConfig' + deprecated_param_metadata: 'NovaComputeServerMetadata' + deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints' + deprecated_param_ips: 'NovaComputeIPs' + deprecated_server_resource_name: 'NovaCompute' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -179,6 +195,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController ############################################################################### # Role: BlockStorage # ############################################################################### @@ -220,6 +237,13 @@ - InternalApi - Storage - StorageMgmt + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_metadata: 'SwiftStorageServerMetadata' + deprecated_param_ips: 'SwiftStorageIPs' + deprecated_param_image: 'SwiftStorageImage' + deprecated_param_flavor: 'OvercloudSwiftStorageFlavor' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/sample-env-generator/predictable-placement.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..3a971fbd 100644 --- a/sample-env-generator/predictable-placement.yaml +++ b/sample-env-generator/predictable-placement.yaml @@ -15,3 +15,18 @@ environments: Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with OS::stack_name in the template below. If you want to use the heat generated names, pass '' (empty string). + - + name: predictable-placement/custom-domain + title: Custom Domain Name + files: + overcloud.yaml: + parameters: + - CloudDomain + - CloudName + - CloudNameInternal + - CloudNameStorage + - CloudNameStorageManagement + - CloudNameCtlplane + description: | + This environment contains the parameters that need to be set in order to + use a custom domain name and have all of the various FQDNs reflect it. diff --git a/tools/process-templates.py b/tools/process-templates.py index badc1426..07c27bad 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -96,6 +96,16 @@ def process_templates(template_path, role_data_path, output_dir, r_map = {} for r in role_data: r_map[r.get('name')] = r + + n_map = {} + for n in network_data: + if (n.get('enabled') is not False): + n_map[n.get('name')] = n + if not n.get('name_lower'): + n_map[n.get('name')]['name_lower'] = n.get('name').lower() + else: + print("skipping %s network: network is disabled" % n.get('name')) + excl_templates = ['%s/%s' % (template_path, e) for e in j2_excludes.get('name')] @@ -126,10 +136,13 @@ def process_templates(template_path, role_data_path, output_dir, for f in files: file_path = os.path.join(subdir, f) - # We do two templating passes here: + # We do three templating passes here: # 1. *.role.j2.yaml - we template just the role name # and create multiple files (one per role) - # 2. *.j2.yaml - we template with all roles_data, + # 2 *.network.j2.yaml - we template the network name and + # data and create multiple files for networks and + # network ports (one per network) + # 3. *.j2.yaml - we template with all roles_data, # and create one file common to all roles if f.endswith('.role.j2.yaml'): print("jinja2 rendering role template %s" % f) @@ -167,6 +180,30 @@ def process_templates(template_path, role_data_path, output_dir, else: print('skipping rendering of %s' % out_f_path) + + elif f.endswith('.network.j2.yaml'): + print("jinja2 rendering network template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering networks %s" % ",".join(n_map)) + for network in n_map: + j2_data = {'network': n_map[network]} + # Output file names in "<name>.yaml" format + out_f = os.path.basename(f).replace('.network.j2.yaml', + '.yaml') + if os.path.dirname(file_path).endswith('ports'): + out_f = out_f.replace('port', + n_map[network]['name_lower']) + else: + out_f = out_f.replace('network', + n_map[network]['name_lower']) + out_f_path = os.path.join(out_dir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): print("jinja2 rendering normal template %s" % f) with open(file_path) as j2_template: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 374cd6e3..a096d69a 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -50,83 +50,57 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'ExternalAllocationPools': ['default'], 'StorageNetCidr': ['default'], 'StorageAllocationPools': ['default'], - 'StorageMgmtNetCidr': ['default', - # FIXME - 'description'], + 'StorageMgmtNetCidr': ['default'], 'StorageMgmtAllocationPools': ['default'], 'TenantNetCidr': ['default'], 'TenantAllocationPools': ['default'], 'InternalApiNetCidr': ['default'], + 'InternalApiAllocationPools': ['default'], 'UpdateIdentifier': ['description'], + 'key_name': ['default'], + # There's one template that defines this + # differently, and I'm not sure if we can + # safely change it. + 'EC2MetadataIp': ['default'], + # Same as EC2MetadataIp + 'ControlPlaneDefaultRoute': ['default'], # TODO(bnemec): Address these existing # inconsistencies. - 'NeutronMetadataProxySharedSecret': [ - 'description', 'hidden'], 'ServiceNetMap': ['description', 'default'], - 'EC2MetadataIp': ['default'], 'network': ['default'], 'ControlPlaneIP': ['default', 'description'], 'ControlPlaneIp': ['default', 'description'], 'NeutronBigswitchLLDPEnabled': ['default'], - 'NeutronEnableL2Pop': ['description'], 'NeutronWorkers': ['description'], - 'TenantIpSubnet': ['description'], - 'ExternalNetName': ['description'], - 'ControlPlaneDefaultRoute': ['default'], - 'StorageMgmtNetName': ['description'], 'ServerMetadata': ['description'], - 'InternalApiIpUri': ['description'], - 'UpgradeLevelNovaCompute': ['default'], - 'StorageMgmtIpUri': ['description'], 'server': ['description'], 'servers': ['description'], - 'FixedIPs': ['description'], - 'ExternalIpSubnet': ['description'], - 'NeutronBridgeMappings': ['description'], 'ExtraConfig': ['description'], - 'InternalApiIpSubnet': ['description'], 'DefaultPasswords': ['description', 'default'], 'BondInterfaceOvsOptions': ['description', 'default', 'constraints'], 'KeyName': ['constraints'], - 'TenantNetName': ['description'], - 'StorageIpSubnet': ['description'], 'OVNSouthboundServerPort': ['description'], 'ExternalInterfaceDefaultRoute': ['description', 'default'], - 'ExternalIpUri': ['description'], 'IPPool': ['description'], - 'ControlPlaneNetwork': ['description'], 'SSLCertificate': ['description', 'default', 'hidden'], 'HostCpusList': ['default', 'constraints'], - 'InternalApiAllocationPools': ['default'], 'NodeIndex': ['description'], 'name': ['description', 'default'], - 'StorageNetName': ['description'], - 'ManagementNetName': ['description'], - 'NeutronPublicInterface': ['description'], - 'RoleParameters': ['description'], - 'ManagementInterfaceDefaultRoute': - ['default'], 'image': ['description', 'default'], 'NeutronBigswitchAgentEnabled': ['default'], 'EndpointMap': ['description', 'default'], 'DockerManilaConfigImage': ['description', 'default'], - 'NetworkName': ['default', 'description'], - 'StorageIpUri': ['description'], - 'InternalApiNetName': ['description'], - 'NeutronTunnelTypes': ['description'], 'replacement_policy': ['default'], - 'StorageMgmtIpSubnet': ['description'], 'CloudDomain': ['description', 'default'], - 'key_name': ['default', 'description'], 'EnableLoadBalancer': ['description'], 'ControllerExtraConfig': ['description'], 'NovaComputeExtraConfig': ['description'], @@ -207,6 +181,22 @@ def validate_hci_computehci_role(hci_role_filename, hci_role_tpl): return 0 +def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -228,25 +218,69 @@ def validate_mysql_connection(settings): error_status[0] = 1 return False - def search(item, check_item, check_key): - if check_item(item): - return True - elif isinstance(item, list): - for i in item: - if search(i, check_item, check_key): - return True - elif isinstance(item, dict): - for k in item.keys(): - if check_key(k, item[k]): - return True - elif search(item[k], check_item, check_key): - return True - return False - search(settings, no_op, validate_mysql_uri) return error_status[0] +def validate_docker_service_mysql_usage(filename, tpl): + no_op = lambda *args: False + included_res = [] + + def match_included_res(item): + is_config_setting = isinstance(item, list) and len(item) > 1 and \ + item[1:] == ['role_data', 'config_settings'] + if is_config_setting: + included_res.append(item[0]) + return is_config_setting + + def match_use_mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + all_content = [] + + def read_all(incfile, inctpl): + # search for included content + content = inctpl['outputs']['role_data']['value'].get('config_settings',{}) + all_content.append(content) + included_res[:] = [] + if search(content, match_included_res, no_op): + files = [inctpl['resources'][x]['type'] for x in included_res] + # parse included content + for r, f in zip(included_res, files): + # disregard class names, only consider file names + if 'OS::' in f: + continue + newfile = os.path.normpath(os.path.dirname(incfile)+'/'+f) + newtmp = yaml.load(open(newfile).read()) + read_all(newfile, newtmp) + + read_all(filename, tpl) + if search(all_content, match_use_mysql_protocol, no_op): + # ensure this service includes the mysqlclient service + resources = tpl['resources'] + mysqlclient = [x for x in resources + if resources[x]['type'].endswith('mysql-client.yaml')] + if len(mysqlclient) == 0: + print("ERROR: containerized service %s uses mysql but " + "resource mysql-client.yaml is not used" + % filename) + return 1 + + # and that mysql::client puppet module is included in puppet-config + match_mysqlclient = \ + lambda x: x == [mysqlclient[0], 'role_data', 'step_config'] + role_data = tpl['outputs']['role_data'] + puppet_config = role_data['value']['puppet_config']['step_config'] + if not search(puppet_config, match_mysqlclient, no_op): + print("ERROR: containerized service %s uses mysql but " + "puppet_config section does not include " + "::tripleo::profile::base::database::mysql::client" + % filename) + return 1 + + return 0 + + def validate_docker_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -275,6 +309,10 @@ def validate_docker_service(filename, tpl): return 1 if 'puppet_config' in role_data: + if validate_docker_service_mysql_usage(filename, tpl): + print('ERROR: could not validate use of mysql service for %s.' + % filename) + return 1 puppet_config = role_data['puppet_config'] for key in puppet_config: if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS: |