diff options
26 files changed, 251 insertions, 178 deletions
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index 8307db96..56013adf 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -24,6 +24,7 @@ - OS::TripleO::Services::CACerts - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -62,6 +63,7 @@ - OS::TripleO::Services::CACerts - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index c946ec8a..d0d6ba99 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -18,6 +18,7 @@ parameter_defaults: - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 2251cc0c..c97080fb 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -14,6 +14,7 @@ resource_registry: parameter_defaults: ControllerServices: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 5dd1f0f6..0282c385 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -23,6 +23,7 @@ resource_registry: parameter_defaults: ControllerServices: + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index cbcfa9b3..38d24ee1 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -17,6 +17,7 @@ resource_registry: parameter_defaults: ControllerServices: + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 6e926f74..5472b494 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -17,6 +17,7 @@ resource_registry: parameter_defaults: ControllerServices: + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 7428d426..25fad4bb 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -31,6 +31,7 @@ parameter_defaults: - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 5c68b08d..909a2c8a 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -61,7 +61,10 @@ def rm_container(name): stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() print(cmd_stdout) - print(cmd_stderr) + if cmd_stderr and \ + cmd_stderr != 'Error response from daemon: ' \ + 'No such container: {}\n'.format(name): + print(cmd_stderr) process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 301d838f..f0af8e25 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -1,7 +1,14 @@ # certain initialization steps (run in a container) will occur -# on the first role listed in the roles file -{% set primary_role_name = roles[0].name -%} - +# on the role marked as primary controller or the first role listed +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# primary role is: {{primary_role_name}} heat_template_version: ocata description: > diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 08f4b56b..659785aa 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -96,3 +96,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable httpd service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6b41eaa3..78494d66 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -71,3 +71,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-metricd service + tags: step2 + service: name=openstack-gnocchi-metricd.service state=stopped enabled=no diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 93b616c4..7f439846 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -71,3 +71,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-statsd service + tags: step2 + service: name=openstack-gnocchi-statsd.service state=stopped enabled=no diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 21aff31a..1160031f 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -56,7 +56,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: - command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf + command: /usr/sbin/httpd -DFOREGROUND /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf docker_config: @@ -66,9 +66,13 @@ outputs: net: host privileged: false restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root volumes: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/lib/config-data/zaqar/etc/httpd:/etc/httpd/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: @@ -88,5 +92,4 @@ outputs: upgrade_tasks: - name: Stop and disable zaqar service tags: step2 - service: name=openstack-zaqar.service state=stopped enabled=no - + service: name=httpd state=stopped enabled=no diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml index b9a84342..dfd15893 100644 --- a/environments/cinder-netapp-config.yaml +++ b/environments/cinder-netapp-config.yaml @@ -1,7 +1,7 @@ # A Heat environment file which can be used to enable a # a Cinder NetApp backend, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml + OS::TripleO::Services::CinderBackendNetApp: ../puppet/services/cinder-backend-netapp.yaml parameter_defaults: CinderEnableNetappBackend: true diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index ad368278..20a5b658 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -40,9 +40,17 @@ touch "$timestamp_file" command_arguments=${command_arguments:-} -list_updates=$(yum list updates) - -if [[ "$list_updates" == "" ]]; then +# yum check-update exits 100 if updates are available +set +e +check_update=$(yum check-update 2>&1) +check_update_exit=$? +set -e + +if [[ "$check_update_exit" == "1" ]]; then + echo "Failed to check for package updates" + echo "$check_update" + exit 1 +elif [[ "$check_update_exit" != "100" ]]; then echo "No packages require updating" exit 0 fi diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index c0f5f7e5..b1780680 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -239,6 +239,10 @@ resource_registry: OS::TripleO::Services::Zaqar: OS::Heat::None OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None + OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None + OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None + OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None + OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::Ec2Api: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index a322a445..35cf7da8 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -1,4 +1,12 @@ -{% set primary_role_name = roles[0].name -%} +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# primary role is: {{primary_role_name}} heat_template_version: ocata description: > diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 2f4f583c..3d32add2 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -467,7 +467,6 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml deleted file mode 100644 index 378f7f98..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ /dev/null @@ -1,157 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Netapp configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableNetappBackend: - type: boolean - default: true - CinderNetappBackendName: - type: string - default: 'tripleo_netapp' - CinderNetappLogin: - type: string - CinderNetappPassword: - type: string - hidden: true - CinderNetappServerHostname: - type: string - CinderNetappServerPort: - type: string - default: '80' - CinderNetappSizeMultiplier: - type: string - default: '1.2' - CinderNetappStorageFamily: - type: string - default: 'ontap_cluster' - CinderNetappStorageProtocol: - type: string - default: 'nfs' - CinderNetappTransportType: - type: string - default: 'http' - CinderNetappVfiler: - type: string - default: '' - CinderNetappVolumeList: - type: string - default: '' - CinderNetappVserver: - type: string - default: '' - CinderNetappPartnerBackendName: - type: string - default: '' - CinderNetappNfsShares: - type: string - default: '' - CinderNetappNfsSharesConfig: - type: string - default: '/etc/cinder/shares.conf' - CinderNetappNfsMountOptions: - type: string - default: '' - CinderNetappCopyOffloadToolPath: - type: string - default: '' - CinderNetappControllerIps: - type: string - default: '' - CinderNetappSaPassword: - type: string - default: '' - hidden: true - CinderNetappStoragePools: - type: string - default: '' - CinderNetappHostType: - type: string - default: '' - CinderNetappWebservicePath: - type: string - default: '/devmgr/v2' - # DEPRECATED options for compatibility with older versions - CinderNetappEseriesHostType: - type: string - default: 'linux_dm_mp' - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - CinderNetappEseriesHostType - -resources: - CinderNetappConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - datafiles: - cinder_netapp_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} - cinder::backend::netapp::title: {get_input: NetappBackendName} - cinder::backend::netapp::netapp_login: {get_input: NetappLogin} - cinder::backend::netapp::netapp_password: {get_input: NetappPassword} - cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname} - cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort} - cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier} - cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily} - cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol} - cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType} - cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler} - cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList} - cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver} - cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName} - cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares} - cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig} - cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions} - cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath} - cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} - cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} - cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} - cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} - - CinderNetappDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: CinderNetappDeployment - config: {get_resource: CinderNetappConfig} - server: {get_param: server} - input_values: - EnableNetappBackend: {get_param: CinderEnableNetappBackend} - NetappBackendName: {get_param: CinderNetappBackendName} - NetappLogin: {get_param: CinderNetappLogin} - NetappPassword: {get_param: CinderNetappPassword} - NetappServerHostname: {get_param: CinderNetappServerHostname} - NetappServerPort: {get_param: CinderNetappServerPort} - NetappSizeMultiplier: {get_param: CinderNetappSizeMultiplier} - NetappStorageFamily: {get_param: CinderNetappStorageFamily} - NetappStorageProtocol: {get_param: CinderNetappStorageProtocol} - NetappTransportType: {get_param: CinderNetappTransportType} - NetappVfiler: {get_param: CinderNetappVfiler} - NetappVolumeList: {get_param: CinderNetappVolumeList} - NetappVserver: {get_param: CinderNetappVserver} - NetappPartnerBackendName: {get_param: CinderNetappPartnerBackendName} - NetappNfsShares: {get_param: CinderNetappNfsShares} - NetappNfsSharesConfig: {get_param: CinderNetappNfsSharesConfig} - NetappNfsMountOptions: {get_param: CinderNetappNfsMountOptions} - NetappCopyOffloadToolPath: {get_param: CinderNetappCopyOffloadToolPath} - NetappControllerIps: {get_param: CinderNetappControllerIps} - NetappSaPassword: {get_param: CinderNetappSaPassword} - NetappStoragePools: {get_param: CinderNetappStoragePools} - NetappHostType: {get_param: CinderNetappHostType} - NetappWebservicePath: {get_param: CinderNetappWebservicePath} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderNetappDeployment, deploy_stdout]} diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml new file mode 100644 index 00000000..29a0ce1b --- /dev/null +++ b/puppet/services/cinder-backend-netapp.yaml @@ -0,0 +1,129 @@ +heat_template_version: ocata + +description: Openstack Cinder Netapp backend + +parameters: + CinderEnableNetappBackend: + type: boolean + default: true + CinderNetappBackendName: + type: string + default: 'tripleo_netapp' + CinderNetappLogin: + type: string + CinderNetappPassword: + type: string + hidden: true + CinderNetappServerHostname: + type: string + CinderNetappServerPort: + type: string + default: '80' + CinderNetappSizeMultiplier: + type: string + default: '1.2' + CinderNetappStorageFamily: + type: string + default: 'ontap_cluster' + CinderNetappStorageProtocol: + type: string + default: 'nfs' + CinderNetappTransportType: + type: string + default: 'http' + CinderNetappVfiler: + type: string + default: '' + CinderNetappVolumeList: + type: string + default: '' + CinderNetappVserver: + type: string + default: '' + CinderNetappPartnerBackendName: + type: string + default: '' + CinderNetappNfsShares: + type: string + default: '' + CinderNetappNfsSharesConfig: + type: string + default: '/etc/cinder/shares.conf' + CinderNetappNfsMountOptions: + type: string + default: '' + CinderNetappCopyOffloadToolPath: + type: string + default: '' + CinderNetappControllerIps: + type: string + default: '' + CinderNetappSaPassword: + type: string + default: '' + hidden: true + CinderNetappStoragePools: + type: string + default: '' + CinderNetappHostType: + type: string + default: '' + CinderNetappWebservicePath: + type: string + default: '/devmgr/v2' + # DEPRECATED options for compatibility with older versions + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - CinderNetappEseriesHostType + +outputs: + role_data: + description: Role data for the Cinder NetApp backend. + value: + service_name: cinder_backend_netapp + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_param: CinderEnableNetappBackend} + cinder::backend::netapp::title: {get_param: CinderNetappBackendName} + cinder::backend::netapp::netapp_login: {get_param: CinderNetappLogin} + cinder::backend::netapp::netapp_password: {get_param: CinderNetappPassword} + cinder::backend::netapp::netapp_server_hostname: {get_param: CinderNetappServerHostname} + cinder::backend::netapp::netapp_server_port: {get_param: CinderNetappServerPort} + cinder::backend::netapp::netapp_size_multiplier: {get_param: CinderNetappSizeMultiplier} + cinder::backend::netapp::netapp_storage_family: {get_param: CinderNetappStorageFamily} + cinder::backend::netapp::netapp_storage_protocol: {get_param: CinderNetappStorageProtocol} + cinder::backend::netapp::netapp_transport_type: {get_param: CinderNetappTransportType} + cinder::backend::netapp::netapp_vfiler: {get_param: CinderNetappVfiler} + cinder::backend::netapp::netapp_volume_list: {get_param: CinderNetappVolumeList} + cinder::backend::netapp::netapp_vserver: {get_param: CinderNetappVserver} + cinder::backend::netapp::netapp_partner_backend_name: {get_param: CinderNetappPartnerBackendName} + cinder::backend::netapp::nfs_shares: {get_param: CinderNetappNfsShares} + cinder::backend::netapp::nfs_shares_config: {get_param: CinderNetappNfsSharesConfig} + cinder::backend::netapp::nfs_mount_options: {get_param: CinderNetappNfsMountOptions} + cinder::backend::netapp::netapp_copyoffload_tool_path: {get_param: CinderNetappCopyOffloadToolPath} + cinder::backend::netapp::netapp_controller_ips: {get_param: CinderNetappControllerIps} + cinder::backend::netapp::netapp_sa_password: {get_param: CinderNetappSaPassword} + cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools} + cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType} + cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 94b15d4b..2a335b67 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -22,6 +22,10 @@ parameters: default: 1048576 description: Configures sysctl kernel.pid_max key type: number + KernelDisableIPv6: + default: 0 + description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys + type: number outputs: role_data: @@ -57,6 +61,10 @@ outputs: value: 500000 net.netfilter.nf_conntrack_max: value: 500000 + net.ipv6.conf.default.disable_ipv6: + value: {get_param: KernelDisableIPv6} + net.ipv6.conf.all.disable_ipv6: + value: {get_param: KernelDisableIPv6} # prevent neutron bridges from autoconfiguring ipv6 addresses net.ipv6.conf.all.accept_ra: value: 0 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 632d9b0b..7cf638b2 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -119,27 +119,27 @@ parameters: Cron to purge expired tokens - Ensure default: 'present' KeystoneCronTokenFlushMinute: - type: string + type: comma_delimited_list description: > Cron to purge expired tokens - Minute default: '1' KeystoneCronTokenFlushHour: - type: string + type: comma_delimited_list description: > Cron to purge expired tokens - Hour default: '0' KeystoneCronTokenFlushMonthday: - type: string + type: comma_delimited_list description: > Cron to purge expired tokens - Month Day default: '*' KeystoneCronTokenFlushMonth: - type: string + type: comma_delimited_list description: > Cron to purge expired tokens - Month default: '*' KeystoneCronTokenFlushWeekday: - type: string + type: comma_delimited_list description: > Cron to purge expired tokens - Week Day default: '*' diff --git a/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml new file mode 100644 index 00000000..8b57f587 --- /dev/null +++ b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + Add IPv6 disable option and make it configurable for user to disable IPv6 + when it's not used, this will descrease the risk of ipv6 attack. + Both net.ipv6.conf.default.disable_ipv6 & net.ipv6.conf.all.disable_ipv6 + will be explicitly set to the default value (0) which is enabled. diff --git a/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml new file mode 100644 index 00000000..dadbfa4b --- /dev/null +++ b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml @@ -0,0 +1,18 @@ +--- +features: + - | + Adds tags to roles that allow an operator to specify custom tags to use + when trying to find functionality available from a role. Currently a role + with both the 'primary' and 'controller' tag is consider to be the primary + role. Historically the role named 'Controller' was the 'primary' role and + this primary designation is used to determine items like memcache ip + addresses. If no roles have the both the 'primary' and 'controller' tags, + the first role specified in the roles_data.yaml is used as the primary + role. +upgrade: + - | + If using custom roles data, the logic was changed to leverage the first + role listed in the roles_data.yaml file to be the primary role. This can + be worked around by adding the 'primary' and 'controller' tags to the + custom controller role in your roles_data.yaml to ensure that the defined + custom controller role is still considered the primary role. diff --git a/roles_data.yaml b/roles_data.yaml index 48859473..98061c0a 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -28,9 +28,18 @@ # ServicesDefault: (list) optional default list of services to be deployed # on the role, defaults to an empty list. Sets the default for the # {{role.name}}Services parameter in overcloud.yaml - -- name: Controller # the 'primary' role goes first +# +# tags: (list) list of tags used by other parts of the deployment process to +# find the role for a specific type of functionality. Currently a role +# with both 'primary' and 'controller' is used as the primary role for the +# deployment process. If no roles have have 'primary' and 'controller', the +# first role in this file is used as the primary role. +# +- name: Controller CountDefault: 1 + tags: + - primary + - controller ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser @@ -43,6 +52,10 @@ - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::Congress - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 8e830711..df2e196b 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -1,6 +1,9 @@ -- name: Undercloud # the 'primary' role goes first +- name: Undercloud CountDefault: 1 disable_constraints: True + tags: + - primary + - controller ServicesDefault: - OS::TripleO::Services::Ntp - OS::TripleO::Services::MySQL |