diff options
108 files changed, 1367 insertions, 1715 deletions
@@ -68,7 +68,7 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | glance | file | swift | file | file | swift | +----------------+-------------+-------------+-------------+-------------+-----------------+ -| cinder | | iscsi | | | iscsi | +| cinder | rbd | iscsi | | | iscsi | +----------------+-------------+-------------+-------------+-------------+-----------------+ | heat | X | X | X | X | X | +----------------+-------------+-------------+-------------+-------------+-----------------+ @@ -78,7 +78,7 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | rabbitmq | X | X | X | X | X | +----------------+-------------+-------------+-------------+-------------+-----------------+ -| mongodb | X | | | | | +| mongodb | X | X | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ | redis | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ @@ -100,6 +100,8 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | sahara | | | X | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ +| mistral | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ | swift | | X | | | X | +----------------+-------------+-------------+-------------+-------------+-----------------+ | aodh | X | | | | | @@ -108,6 +110,8 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | gnocchi | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ +| panko | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ | barbican | | X | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+ | zaqar | | X | | | | diff --git a/capabilities-map.yaml b/capabilities-map.yaml index ae747621..330832e5 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -355,6 +355,11 @@ topics: description: Enables PLUMgrid extensions requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ml2-fujitsu-cfab.yaml + title: Fujitsu Neutron plugin for C-Fabric + description: Enable C-Fabric in the overcloud + requires: + - overcloud-resource-registry-puppet.yaml - title: Nova Extensions description: diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index ee5bd648..0e9c1c7a 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -4,6 +4,7 @@ resource_registry: OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::PankoApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/panko-api.yaml parameter_defaults: ControllerServices: @@ -50,6 +51,7 @@ parameter_defaults: - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CephClient diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh new file mode 100644 index 00000000..9f5f2dc6 --- /dev/null +++ b/ci/scripts/freeipa_setup.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# +# Used environment variables: +# +# - Hostname +# - FreeIPAIP +# - DirectoryManagerPassword +# - AdminPassword +# - UndercloudFQDN +# - HostsSecret +# +set -eux + +if [ -f "~/freeipa-setup.env" ]; then + source ~/freeipa-setup.env +elif [ -f "/tmp/freeipa-setup.env" ]; then + source /tmp/freeipa-setup.env +fi + +# Set DNS servers +echo "nameserver 8.8.8.8" >> /etc/resolv.conf +echo "nameserver 8.8.4.4" >> /etc/resolv.conf + +yum -q -y remove openstack-dashboard + +# Install the needed packages +yum -q install -y ipa-server ipa-server-dns epel-release rng-tools mod_nss +yum -q install -y haveged + +# Prepare hostname +hostnamectl set-hostname --static $Hostname + +echo $FreeIPAIP `hostname` | tee -a /etc/hosts + +# Set iptables rules +cat << EOF > freeipa-iptables-rules.txt +# Firewall configuration written by system-config-firewall +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT +#TCP ports for FreeIPA +-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT +#UDP ports for FreeIPA +-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT +EOF + +iptables-restore < freeipa-iptables-rules.txt + +# Entropy generation; otherwise, ipa-server-install will lag. +chkconfig haveged on +systemctl start haveged + +# Remove conflicting httpd configuration +rm -f /etc/httpd/conf.d/ssl.conf + +# Set up FreeIPA +ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \ + -p $DirectoryManagerPassword -a $AdminPassword \ + --hostname `hostname -f` + +# Authenticate +echo $AdminPassword | kinit admin + +# Verify we have TGT +klist + +if [ "$?" = '1' ]; then + exit 1 +fi + +# Create undercloud host +ipa host-add $UndercloudFQDN --password=$HostsSecret --force + +# Create overcloud nodes and services +git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git +cd freeipa-tripleo-incubator +python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ + --controller-count 1 --compute-count 1 diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml new file mode 100644 index 00000000..40a15189 --- /dev/null +++ b/deployed-server/deployed-server-roles-data.yaml @@ -0,0 +1,173 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# disable_constraints: (boolean) optional, whether to disable Nova and Glance +# constraints for each role specified in the templates. +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + +- name: Controller + CountDefault: 1 + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Core + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs + +- name: Compute + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: BlockStorage + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: ObjectStorage + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: CephStorage + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 2dfeed59..a40a21fd 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -55,6 +55,11 @@ outputs: volumes: - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + # NOTE(mandre) Ideally the qemu.conf file is mounted in + # /var/lib/kolla/config_files and copied to the right place but + # copy-json.py doesn't allow us to do that without appending the + # file as an additional config on the CLI + - /var/lib/etc-data/libvirt/qemu.conf:/etc/libvirt/qemu.conf:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml new file mode 100644 index 00000000..fe1302b5 --- /dev/null +++ b/environments/host-config-pre-network.j2.yaml @@ -0,0 +1,16 @@ +resource_registry: +# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc., +{% for role in roles %} +{% if "Compute" in role.name %} + OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml +{% endif %} +{% endfor %} + +parameter_defaults: + # Sample parameters for Compute and ComputeOvsDpdk roles + #ComputeKernelArgs: "" + #ComputeTunedProfileName: "" + #ComputeHostCpuList: "" + #ComputeOvsDpdkKernelArgs: "" + #ComputeOvsDpdkTunedProfileName: "" + #ComputeOvsDpdkHostCpuList: "" diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml index 5d2a915b..ff1d7887 100644 --- a/environments/network-isolation-no-tunneling.yaml +++ b/environments/network-isolation-no-tunneling.yaml @@ -8,30 +8,54 @@ resource_registry: OS::TripleO::Network::InternalApi: ../network/internal_api.yaml OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml OS::TripleO::Network::Storage: ../network/storage.yaml + OS::TripleO::Network::Tenant: ../network/noop.yaml + # Management network is optional and disabled by default. + # To enable it, include environments/network-management.yaml + #OS::TripleO::Network::Management: ../network/management.yaml + + # Port assignments for the VIPs + OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml + OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml + OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml + OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the compute role + OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml + OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml + OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml index 737d7d36..a6b4b8ae 100644 --- a/environments/network-isolation.yaml +++ b/environments/network-isolation.yaml @@ -18,8 +18,6 @@ resource_registry: OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml @@ -59,4 +57,3 @@ resource_registry: OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml - diff --git a/environments/neutron-ml2-fujitsu-cfab.yaml b/environments/neutron-ml2-fujitsu-cfab.yaml new file mode 100644 index 00000000..f14f7ee2 --- /dev/null +++ b/environments/neutron-ml2-fujitsu-cfab.yaml @@ -0,0 +1,21 @@ +# A Heat environment file which can be used to enable Fujitsu C-Fabric +# plugin, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronML2FujitsuCfab: ../puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml + +parameter_defaults: + # Fixed + NeutronMechanismDrivers: ['openvswitch','fujitsu_cfab'] + NeutronTypeDrivers: 'vlan' + NeutronNetworkType: 'vlan' + + # Required + NeutronFujitsuCfabAddress: '192.168.0.1' + NeutronFujitsuCfabUserName: 'admin' + NeutronFujitsuCfabPassword: + + # Optional + #NeutronFujitsuCfabPhysicalNetworks: + #NeutronFujitsuCfabSharePprofile: + #NeutronFujitsuCfabPprofilePrefix: + #NeutronFujitsuCfabSaveConfig: diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml index 00be3048..6d5c7404 100644 --- a/environments/neutron-opendaylight-l3.yaml +++ b/environments/neutron-opendaylight-l3.yaml @@ -9,6 +9,6 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true - NeutronMechanismDrivers: 'opendaylight' - NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin" + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' OpenDaylightEnableL3: "'yes'" diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 35c90aab..e08b2b27 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -1,11 +1,13 @@ -# A Heat environment that can be used to deploy OpenDaylight +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None parameter_defaults: NeutronEnableForceMetadata: true - NeutronMechanismDrivers: 'opendaylight' + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' diff --git a/environments/services/ceph-mds.yaml b/environments/services/ceph-mds.yaml new file mode 100644 index 00000000..2b51374c --- /dev/null +++ b/environments/services/ceph-mds.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
\ No newline at end of file diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml new file mode 100644 index 00000000..0fd01920 --- /dev/null +++ b/environments/undercloud.yaml @@ -0,0 +1,18 @@ +resource_registry: + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml + OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml + OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml + +parameter_defaults: + StackAction: CREATE + SoftwareConfigTransport: POLL_SERVER_HEAT + NeutronTunnelTypes: [] + NeutronBridgeMappings: ctlplane:br-ctlplane + NeutronAgentExtensions: [] + NeutronFlatNetworks: '*' + NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters' + NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] + NeutronDhcpAgentsPerNetwork: 2 + HeatConvergenceEngine: false + HeatMaxResourcesPerStack: -1 diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml index a5075300..97687c6a 100644 --- a/environments/updates/update-from-keystone-admin-internal-api.yaml +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -2,32 +2,5 @@ # Keystone Admin API service is running on the Internal API network parameter_defaults: - ServiceNetMapDefaults: - NeutronTenantNetwork: tenant - CeilometerApiNetwork: internal_api - MongodbNetwork: internal_api - CinderApiNetwork: internal_api - CinderIscsiNetwork: storage - GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api + ServiceNetMap: KeystoneAdminApiNetwork: internal_api - KeystonePublicApiNetwork: internal_api - NeutronApiNetwork: internal_api - HeatApiNetwork: internal_api - NovaApiNetwork: internal_api - NovaMetadataNetwork: internal_api - NovaVncProxyNetwork: internal_api - SwiftMgmtNetwork: storage_mgmt - SwiftProxyNetwork: storage - HorizonNetwork: internal_api - MemcachedNetwork: internal_api - RabbitmqNetwork: internal_api - RedisNetwork: internal_api - MysqlNetwork: internal_api - CephClusterNetwork: storage_mgmt - CephPublicNetwork: storage - ControllerHostnameResolveNetwork: internal_api - ComputeHostnameResolveNetwork: internal_api - BlockStorageHostnameResolveNetwork: internal_api - ObjectStorageHostnameResolveNetwork: internal_api - CephStorageHostnameResolveNetwork: storage diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh new file mode 100755 index 00000000..8bcae1d3 --- /dev/null +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -0,0 +1,126 @@ +#!/bin/bash +set -eux + +ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml + + +# WRITE OUT STACKRC +if [ ! -e /root/stackrc ]; then + touch /root/stackrc + chmod 0600 /root/stackrc + +cat >> /root/stackrc <<-EOF_CAT +export OS_PASSWORD=$admin_password +export OS_AUTH_URL=$auth_url +export OS_USERNAME=admin +export OS_TENANT_NAME=admin +export COMPUTE_API_VERSION=1.1 +export NOVA_VERSION=1.1 +export OS_BAREMETAL_API_VERSION=1.15 +export OS_NO_CACHE=True +export OS_CLOUDNAME=undercloud +EOF_CAT + + if [ -n "$ssl_certificate" ]; then +cat >> /root/stackrc <<-EOF_CAT +export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available" +EOF_CAT + fi +fi + +source /root/stackrc + +if [ ! -f /root/.ssh/authorized_keys ]; then + sudo mkdir -p /root/.ssh + sudo chmod 7000 /root/.ssh/ + sudo touch /root/.ssh/authorized_keys + sudo chmod 600 /root/.ssh/authorized_keys +fi + +if [ ! -f /root/.ssh/id_rsa ]; then + ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa +fi + +if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then + cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys +fi + +PHYSICAL_NETWORK=ctlplane + +ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) +subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) +subnet_id= + +for subnet_id in $subnet_ids; do + network_id=$(openstack subnet show -f value -c network_id $subnet_id) + if [ "$network_id" = "$ctlplane_id" ]; then + break + fi +done + +net_create=1 +if [ -n "$subnet_id" ]; then + cidr=$(openstack subnet show $subnet_id -f value -c cidr) + if [ "$cidr" = "$undercloud_network_cidr" ]; then + net_create=0 + else + echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" + echo "Will attempt to delete and recreate subnet $subnet_id" + fi +fi + +if [ "$net_create" -eq "1" ]; then + # Delete the subnet and network to make sure it doesn't already exist + if openstack subnet list | grep start; then + openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') + fi + if openstack network show ctlplane; then + openstack network delete ctlplane + fi + + + NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') + + NAMESERVER_ARG="" + if [ -n "${undercloud_nameserver:-}" ]; then + NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" + fi + + openstack subnet create --network=$NETWORK_ID \ + --gateway=$undercloud_network_gateway \ + --subnet-range=$undercloud_network_cidr \ + --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ + --host-route destination=169.254.169.254/32,gateway=$local_ip \ + $NAMESERVER_ARG ctlplane +fi + +# Disable nova quotas +openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') + +# MISTRAL WORKFLOW CONFIGURATION +if [ "$(hiera mistral_api_enabled)" = "true" ]; then + # load workflows + for workbook in $(openstack workbook list | grep tripleo | cut -f 2 -d ' '); do + openstack workbook delete $workbook + done + for workflow in $(openstack workflow list | grep tripleo | cut -f 2 -d ' '); do + openstack workflow delete $workflow + done + for workbook in $(ls /usr/share/openstack-tripleo-common/workbooks/*); do + openstack workbook create $workbook + done + + # Store the SNMP password in a mistral environment + if ! openstack workflow env show tripleo.undercloud-config &>/dev/null; then + TMP_MISTRAL_ENV=$(mktemp) + echo "{\"name\": \"tripleo.undercloud-config\", \"variables\": {\"undercloud_ceilometer_snmpd_password\": \"$snmp_readonly_user_password\"}}" > $TMP_MISTRAL_ENV + openstack workflow env create $TMP_MISTRAL_ENV + fi + +fi + +# IP forwarding is needed to allow the overcloud nodes access to the outside +# internet in cases where they are on an isolated network. +sysctl -w net.ipv4.ip_forward=1 +# Make it persistent +echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml new file mode 100644 index 00000000..38a9181e --- /dev/null +++ b/extraconfig/post_deploy/undercloud_post.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + Post-deployment for the TripleO undercloud + +parameters: + servers: + type: json + DeployedServerPortMap: + default: {} + type: json + UndercloudDhcpRangeStart: + type: string + default: '192.168.24.5' + UndercloudDhcpRangeEnd: + type: string + default: '192.168.24.24' + UndercloudNetworkCidr: + type: string + default: '192.168.24.0/24' + UndercloudNetworkGateway: + type: string + default: '192.168.24.1' + UndercloudNameserver: + type: string + default: '' + AdminPassword: #supplied by tripleo-undercloud-passwords.yaml + type: string + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + hidden: True + SSLCertificate: + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + default: "" + hidden: True + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +conditions: + + ssl_disabled: {equals : [{get_param: SSLCertificate}, ""]} + +resources: + + UndercloudPostConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: deploy_identifier + - name: local_ip + - name: undercloud_dhcp_start + - name: undercloud_dhcp_end + - name: undercloud_network_cidr + - name: undercloud_network_gateway + - name: undercloud_nameserver + - name: admin_password + - name: auth_url + - name: snmp_readonly_user_password + config: {get_file: ./undercloud_post.sh} + + UndercloudPostDeployment: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: servers} + config: {get_resource: UndercloudPostConfig} + input_values: + local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} + undercloud_dhcp_start: {get_param: UndercloudDhcpRangeStart} + undercloud_dhcp_end: {get_param: UndercloudDhcpRangeEnd} + undercloud_network_cidr: {get_param: UndercloudNetworkCidr} + undercloud_network_gateway: {get_param: UndercloudNetworkGateway} + undercloud_nameserver: {get_param: UndercloudNameserver} + ssl_certificate: {get_param: SSLCertificate} + admin_password: {get_param: AdminPassword} + snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + # if SSL is enabled we use the public virtual ip as the stackrc endpoint + auth_url: + if: + - ssl_disabled + - list_join: + - '' + - - 'http://' + - {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} + - ':5000/v2.0' + - list_join: + - '' + - - 'https://' + - {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} + - ':13000/v2.0' diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 71ab0767..2650a967 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -11,6 +11,7 @@ if [ -e $OK ] ; then exit 0 fi +retryCount=0 opts= attach_opts= sat5_opts= @@ -96,12 +97,28 @@ if [ -n "${REG_TYPE:-}" ]; then opts="$opts --type=$REG_TYPE" fi +function retry() { + if [[ $retryCount < 3 ]]; then + $@ + if ! [[ $? == 0 ]]; then + retryCount=$(echo $retryCount + 1 | bc) + echo "WARN: Failed to connect when running '$@', retrying..." + retry $@ + else + retryCount=0 + fi + else + echo "ERROR: Failed to connect after 3 attempts when running '$@'" + exit 1 + fi +} + function detect_satellite_version { ping_api=$REG_SAT_URL/katello/api/ping - if curl -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then + if curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then echo Satellite 6 detected at $REG_SAT_URL satellite_version=6 - elif curl -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 detected at $REG_SAT_URL satellite_version=5 else @@ -112,29 +129,29 @@ function detect_satellite_version { case "${REG_METHOD:-}" in portal) - subscription-manager register $opts + retry subscription-manager register $opts if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then - subscription-manager attach $attach_opts + retry subscription-manager attach $attach_opts fi - subscription-manager repos --disable '*' - subscription-manager $repos + retry subscription-manager repos --disable '*' + retry subscription-manager $repos ;; satellite) detect_satellite_version if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" - curl -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl --retry 3 --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true - subscription-manager register $opts - subscription-manager $repos - yum install -y katello-agent || true # needed for errata reporting to satellite6 + retry subscription-manager register $opts + retry subscription-manager $repos + retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload - subscription-manager repos --disable ${satellite_repo} + retry subscription-manager repos --disable ${satellite_repo} else pushd /usr/share/rhn/ - curl -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl --retry 3 --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd - rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts + retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi ;; disable) diff --git a/extraconfig/pre_network/ansible_host_config.ansible b/extraconfig/pre_network/ansible_host_config.ansible new file mode 100644 index 00000000..c126c1a1 --- /dev/null +++ b/extraconfig/pre_network/ansible_host_config.ansible @@ -0,0 +1,58 @@ +--- +- name: Configuration to be applied before rebooting the node + connection: local + hosts: localhost + + tasks: + # Kernel Args Configuration + - block: + - name: Ensure the kernel args ( {{ _KERNEL_ARGS_ }} ) is present as TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS + lineinfile: + dest: /etc/default/grub + regexp: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' + insertafter: '^GRUB_CMDLINE_LINUX.*' + line: 'TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" {{ _KERNEL_ARGS_ }} "' + - name: Add TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS to the GRUB_CMDLINE_LINUX parameter + lineinfile: + dest: /etc/default/grub + line: 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX:+$GRUB_CMDLINE_LINUX }${TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS}"' + insertafter: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' + - name: Generate grub config file + command: grub2-mkconfig -o /boot/grub2/grub.cfg + become: true + when: _KERNEL_ARGS_|default("") != "" + + # Tune-d Configuration + - block: + - name: Tune-d Configuration + lineinfile: + dest: /etc/tuned/cpu-partitioning-variables.conf + regexp: '^isolated_cores=.*' + line: 'isolated_cores={{ _HOST_CPUS_LIST_ }}' + when: _HOST_CPUS_LIST_|default("") != "" + + - name: Tune-d provile activation + shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }} + become: true + when: _TUNED_PROFILE_NAME_|default("") != "" + + # Provisioning Network workaround + # The script will be executed before os-net-config, in which case, only Provisioning network will have IP + # BOOTPROTO of all interface config files (except provisioning), will be set to "none" to avoid reboot failing to acquire IP on other networks + - block: + - find: + paths: /etc/sysconfig/network-scripts/ + patterns: ifcfg-* + register: ifcfg_files + + - replace: + dest: "{{ item.path }}" + regexp: '^BOOTPROTO=.*' + replace: 'BOOTPROTO=none' + when: + - item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo" + # This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage) + # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4']['address'] is undefined + - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4']['address'] is undefined + with_items: + - "{{ ifcfg_files.files }}" diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml new file mode 100644 index 00000000..ec4d2761 --- /dev/null +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2014-10-16 + +description: > + Do some configuration, then reboot - sometimes needed for early-boot + changes such as modifying kernel configuration + +parameters: + server: + type: string + +resources: + + SomeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + echo "did some config before reboot" > /root/pre-reboot-config + + SomeDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: SomeDeployment + server: {get_param: server} + config: {get_resource: SomeConfig} + actions: ['CREATE'] # Only do this on CREATE + + RebootConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: SomeDeployment + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml new file mode 100644 index 00000000..bba16a66 --- /dev/null +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -0,0 +1,100 @@ +heat_template_version: 2016-10-14 + +description: > + Do some configuration, then reboot - sometimes needed for early-boot + changes such as modifying kernel configuration + +parameters: + server: + type: string + {{role}}KernelArgs: + type: string + default: "" + {{role}}TunedProfileName: + type: string + default: "" + {{role}}HostCpusList: + type: string + default: "" + +conditions: + param_exists: + or: + - not: + equals: + - get_param: {{role}}KernelArgs + - "" + - not: + equals: + - get_param: {{role}}TunedProfileName + - "" + +resources: + + HostParametersConfig: + type: OS::Heat::SoftwareConfig + condition: param_exists + properties: + group: ansible + inputs: + - name: _KERNEL_ARGS_ + - name: _TUNED_PROFILE_NAME_ + - name: _HOST_CPUS_LIST_ + outputs: + - name: result + config: + get_file: ansible_host_config.ansible + + HostParametersDeployment: + type: OS::Heat::SoftwareDeployment + condition: param_exists + properties: + name: HostParametersDeployment + server: {get_param: server} + config: {get_resource: HostParametersConfig} + actions: ['CREATE'] # Only do this on CREATE + input_values: + _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} + _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} + _HOST_CPUS_LIST_: {get_param: {{role}}HostCpusList} + + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: param_exists + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + condition: param_exists + depends_on: HostParametersDeployment + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + +outputs: + result: + value: + get_attr: [HostParametersDeployment, result] + condition: param_exists + stdout: + value: + get_attr: [HostParametersDeployment, deploy_stdout] + condition: param_exists + stderr: + value: + get_attr: [HostParametersDeployment, deploy_stderr] + condition: param_exists + status_code: + value: + get_attr: [HostParametersDeployment, deploy_status_code] + condition: param_exists diff --git a/firstboot/userdata_root_password.yaml b/firstboot/userdata_root_password.yaml new file mode 100644 index 00000000..63dd5a9c --- /dev/null +++ b/firstboot/userdata_root_password.yaml @@ -0,0 +1,38 @@ +heat_template_version: ocata + +description: > + Uses cloud-init to enable root logins and set the root password. + Note this is less secure than the default configuration and may not be + appropriate for production environments, it's intended for illustration + and development/debugging only. + +parameters: + NodeRootPassword: + description: Root password for the nodes + hidden: true + type: string + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: root_config} + + root_config: + type: OS::Heat::CloudConfig + properties: + cloud_config: + ssh_pwauth: true + disable_root: false + chpasswd: + list: + str_replace: + template: "root:PASSWORD" + params: + PASSWORD: {get_param: NodeRootPassword} + expire: False + +outputs: + OS::stack_id: + value: {get_resource: userdata} diff --git a/net-config-noop.yaml b/net-config-noop.yaml index ad580cf9..be05cc11 100644 --- a/net-config-noop.yaml +++ b/net-config-noop.yaml @@ -38,8 +38,8 @@ resources: OsNetConfigImpl: type: OS::Heat::StructuredConfig properties: - group: os-apply-config - config: + group: apply-config + config: {} outputs: OS::stack_id: diff --git a/net-config-undercloud.yaml b/net-config-undercloud.yaml new file mode 100644 index 00000000..9be51c0f --- /dev/null +++ b/net-config-undercloud.yaml @@ -0,0 +1,77 @@ +heat_template_version: ocata +description: > + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: disable_configure_safe_defaults + default: true + config: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-ctlplane + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + members: + - type: interface + name: eth1 + # force the MAC address of the bridge to this interface + primary: true +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py index 964f58f7..7e8088be 100755 --- a/network/endpoints/build_endpoint_map.py +++ b/network/endpoints/build_endpoint_map.py @@ -191,7 +191,7 @@ def template_endpoint_items(config): def generate_endpoint_map_template(config): return collections.OrderedDict([ - ('heat_template_version', '2015-04-30'), + ('heat_template_version', 'ocata'), ('description', 'A map of OpenStack endpoints. Since the endpoints ' 'are URLs, we need to have brackets around IPv6 IP addresses. The ' 'inputs to these parameters come from net_ip_uri_map, which will ' diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 0178c4dd..9975df22 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -294,3 +294,4 @@ ZaqarWebSocket: Admin: net_param: ZaqarApi port: 9000 + protocol: ws diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index e65f922a..a7dbedc7 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -108,7 +108,9 @@ EOF_CAT } if [ -n '$network_config' ]; then - trap configure_safe_defaults EXIT + if [ -z "${disable_configure_safe_defaults:-''}" ]; then + trap configure_safe_defaults EXIT + fi mkdir -p /etc/os-net-config # Note these variables come from the calling heat SoftwareConfig diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 1a73b7fc..fcc2dd2f 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -11,6 +11,7 @@ resource_registry: OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml {% for role in roles %} + OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml @@ -116,6 +117,7 @@ resource_registry: OS::TripleO::Services::Apache: puppet/services/apache.yaml OS::TripleO::Services::ApacheTLS: OS::Heat::None OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml + OS::TripleO::Services::CephMds: OS::Heat::None OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None @@ -126,7 +128,6 @@ resource_registry: OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml - OS::TripleO::Services::Core: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml @@ -229,6 +230,7 @@ resource_registry: OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml OS::TripleO::Services::Zaqar: OS::Heat::None + OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index d38bba2d..4a3e4cd0 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -1,3 +1,4 @@ +{% set primary_role_name = roles[0].name -%} heat_template_version: ocata description: > @@ -415,8 +416,8 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} {% endfor %} - controller_ips: {get_attr: [Controller, ip_address]} - controller_names: {get_attr: [Controller, hostname]} + controller_ips: {get_attr: [{{primary_role_name}}, ip_address]} + controller_names: {get_attr: [{{primary_role_name}}, hostname]} service_ips: # Note (shardy) this somewhat complex yaql may be replaced # with a map_deep_merge function in ocata. It merges the @@ -454,7 +455,7 @@ resources: - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} {% endfor %} # FIXME(shardy): These require further work to move into service_ips - memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} + memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} @@ -560,12 +561,12 @@ resources: PingTestIps: list_join: - ' ' - - - {get_attr: [Controller, resource.0.external_ip_address]} - - {get_attr: [Controller, resource.0.internal_api_ip_address]} - - {get_attr: [Controller, resource.0.storage_ip_address]} - - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} - - {get_attr: [Controller, resource.0.tenant_ip_address]} - - {get_attr: [Controller, resource.0.management_ip_address]} + - - {get_attr: [{{primary_role_name}}, resource.0.external_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.internal_api_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.storage_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.storage_mgmt_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.tenant_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.management_ip_address]} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index dd2d193d..e92de45f 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -336,8 +336,14 @@ resources: - - {get_attr: [BlockStorage, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::BlockStorage::PreNetworkConfig + properties: + server: {get_resource: BlockStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index ed585b68..892f91ef 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -342,8 +342,14 @@ resources: - - {get_attr: [CephStorage, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::CephStorage::PreNetworkConfig + properties: + server: {get_resource: CephStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index fb18fac9..62adcd33 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -345,6 +345,11 @@ resources: - - {get_attr: [NovaCompute, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::Compute::PreNetworkConfig + properties: + server: {get_resource: NovaCompute} + NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig properties: @@ -358,6 +363,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index a06b7b47..9e35af5f 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -364,6 +364,11 @@ resources: - - {get_attr: [Controller, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::Controller::PreNetworkConfig + properties: + server: {get_resource: Controller} + NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: @@ -377,6 +382,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 9bcd0ada..1633134d 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -336,8 +336,14 @@ resources: - - {get_attr: [SwiftStorage, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::ObjectStorage::PreNetworkConfig + properties: + server: {get_resource: SwiftStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index ffd33078..2f070da2 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -359,8 +359,14 @@ resources: - - {get_attr: [{{role}}, name]} - ctlplane + PreNetworkConfig: + type: OS::TripleO::{{role}}::PreNetworkConfig + properties: + server: {get_resource: {{role}}} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index e2b4d78c..8648a971 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,6 +69,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index b0ef6f7c..000a744c 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -105,6 +105,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 69c2fb70..0528368e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -101,6 +101,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/ceph-mds.yaml index 87e525ad..b68567fb 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/ceph-mds.yaml @@ -1,7 +1,7 @@ heat_template_version: ocata description: > - Gnocchi service configured with Puppet + Ceph MDS service. parameters: ServiceNetMap: @@ -18,13 +18,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MonitoringSubscriptionGnocchiApi: - default: 'overcloud-gnocchi-api' + CephMdsKey: + description: The cephx key for the MDS service. Can be created + with ceph-authtool --gen-print-key. type: string + hidden: true resources: - GnocchiServiceBase: - type: ../gnocchi-api.yaml + CephBase: + type: ./ceph-base.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -32,14 +34,16 @@ resources: outputs: role_data: - description: Role data for the Gnocchi role. + description: Role data for the Ceph MDS service. value: - service_name: gnocchi_api - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + service_name: ceph_mds config_settings: map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::metricd::manage_service: false - gnocchi::metricd::enabled: false + - get_attr: [CephBase, role_data, config_settings] + - ceph::profile::params::mds_key: {get_param: CephMdsKey} + tripleo.ceph_mds.firewall_rules: + '112 ceph_mds': + dport: + - '6800-7300' step_config: | - include ::tripleo::profile::pacemaker::gnocchi::api + include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 928d2425..be4b4af2 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index c62c628d..5eefe6bd 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -90,6 +90,8 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client_bind_address: + {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql upgrade_tasks: diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 7b220776..0a7c90e1 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -75,6 +75,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } @@ -107,3 +109,13 @@ outputs: include ::tripleo::profile::base::glance::api service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] + upgrade_tasks: + - name: Stop glance_api service + tags: step2 + service: name=openstack-glance-api state=stopped + - name: Sync glance_api DB + tags: step5 + command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync + - name: Start glance_api service + tags: step6 + service: name=openstack-glance-api state=started diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 43ebd518..914c1584 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -76,6 +76,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::registry::authtoken::password: {get_param: GlancePassword} glance::registry::authtoken::project_name: 'service' glance::registry::pipeline: 'keystone' @@ -98,3 +100,10 @@ outputs: include ::tripleo::profile::base::glance::registry service_config_settings: get_attr: [GlanceBase, role_data, config_settings] + upgrade_tasks: + - name: Stop glance_registry service + tags: step2 + service: name=openstack-glance-registry state=stopped + - name: Start glance_registry service + tags: step6 + service: name=openstack-glance-registry state=started diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index be80774d..d92b1766 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 3f6dba60..a933a94b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -57,6 +57,7 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + heat::rpc_response_timeout: 600 # We need this because the default heat policy.json no longer works on TripleO # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 heat::policy::policies: @@ -77,6 +78,8 @@ outputs: heat::cron::purge_deleted::destination: '/dev/null' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 + heat::yaql_memory_quota: 100000 + heat::yaql_limit_iterators: 1000 service_config_settings: keystone: tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 12c131b9..8faccd2b 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -48,6 +48,15 @@ parameters: default: tag: openstack.heat.engine path: /var/log/heat/heat-engine.log + HeatConvergenceEngine: + type: boolean + default: true + description: Enables the heat engine with the convergence architecture. + HeatMaxResourcesPerStack: + type: number + default: 1000 + description: Maximum resources allowed per top-level stack. -1 stands for unlimited. + resources: HeatBase: @@ -72,6 +81,26 @@ outputs: - heat::engine::num_engine_workers: {get_param: HeatWorkers} heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] + heat::engine::max_nested_stack_depth: 6 + heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} + heat::engine::heat_metadata_server_url: + list_join: + - '' + - - {get_param: [EndpointMap, HeatCfnPublic, protocol]} + - '://' + - {get_param: [EndpointMap, HeatCfnPublic, host]} + - ':' + - {get_param: [EndpointMap, HeatCfnPublic, port]} + heat::engine::heat_waitcondition_server_url: + list_join: + - '' + - - {get_param: [EndpointMap, HeatCfnPublic, protocol]} + - '://' + - {get_param: [EndpointMap, HeatCfnPublic, host]} + - ':' + - {get_param: [EndpointMap, HeatCfnPublic, port]} + - '/v1/waitcondition' + heat::engine::convergence_engine: {get_param: HeatConvergenceEngine} tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: list_join: @@ -82,6 +111,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 28c5f161..ad7ef6ea 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 48e81e74..f69e20b4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -148,6 +148,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 90ff0667..2a9745a2 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index b4d20ce9..e678b14f 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,6 +65,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index c3552534..bbb79bba 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -112,6 +112,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -158,3 +160,14 @@ outputs: neutron::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop neutron_api service + tags: step2 + service: name=neutron-server state=stopped + - name: Sync neutron_api DB + tags: step5 + command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + - name: Start neutron_api service + tags: step6 + service: name=neutron-server state=started + diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index ad46c90f..c7965a64 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -74,3 +74,10 @@ outputs: dport: 68 step_config: | include tripleo::profile::base::neutron::dhcp + upgrade_tasks: + - name: Stop neutron_dhcp service + tags: step2 + service: name=neutron-dhcp-agent state=stopped + - name: Start neutron_dhcp service + tags: step6 + service: name=neutron-dhcp-agent state=started diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index f8c839d0..b3d7b3bf 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -72,10 +72,17 @@ outputs: tripleo.neutron_l3.firewall_rules: '106 neutron_l3 vrrp': proto: vrrp - - + - if: - external_network_bridge_empty - {} - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 + upgrade_tasks: + - name: Stop neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped + - name: Start neutron_l3 service + tags: step6 + service: name=neutron-l3-agent state=started diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 73b767d8..68d7110a 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -75,3 +75,10 @@ outputs: neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata + upgrade_tasks: + - name: Stop neutron_metadata service + tags: step2 + service: name=neutron-metadata-agent state=stopped + - name: Start neutron_metadata service + tags: step6 + service: name=neutron-metadata-agent state=started diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 5fa04867..0eb16e6a 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -113,3 +113,11 @@ outputs: proto: 'gre' step_config: | include ::tripleo::profile::base::neutron::ovs + upgrade_tasks: + - name: Stop neutron_ovs_agent service + tags: step2 + service: name=neutron-openvswitch-agent state=stopped + - name: Start neutron_ovs_agent service + tags: step6 + service: name=neutron-openvswitch-agent state=started + diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml new file mode 100644 index 00000000..afb8cf44 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2017-02-24 + +description: > + Configure hieradata for Fujitsu C-Fabric plugin configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronFujitsuCfabAddress: + description: 'The address of the C-Fabric to telnet to.' + type: string + NeutronFujitsuCfabUserName: + description: 'The C-Fabric username to use.' + type: string + NeutronFujitsuCfabPassword: + description: 'The C-Fabric password to use.' + type: string + hidden: true + NeutronFujitsuCfabPhysicalNetworks: + description: 'List of <physical_network>:<vfab_id> tuples specifying physical_network names and corresponding vfab ids.' + type: comma_delimited_list + default: '' + NeutronFujitsuCfabSharePprofile: + description: '"Whether to share a C-Fabric pprofile among Neutron ports using the same VLAN ID.' + type: boolean + default: false + NeutronFujitsuCfabPprofilePrefix: + description: 'The prefix string for pprofile name.' + type: string + default: '' + NeutronFujitsuCfabSaveConfig: + description: 'Whether to save configuration.' + type: boolean + default: true + +resources: + + NeutronMl2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Fujitsu Cfab ML2 Driver + value: + service_name: neutron_plugin_ml2_fujitsu_cfab + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::plugins::ml2::fujitsu::cfab::address: {get_param: NeutronFujitsuCfabAddress} + neutron::plugins::ml2::fujitsu::cfab::username: {get_param: NeutronFujitsuCfabUserName} + neutron::plugins::ml2::fujitsu::cfab::password: {get_param: NeutronFujitsuCfabPassword} + neutron::plugins::ml2::fujitsu::cfab::physical_networks: {get_param: NeutronFujitsuCfabPhysicalNetworks} + neutron::plugins::ml2::fujitsu::cfab::share_pprofile: {get_param: NeutronFujitsuCfabSharePprofile} + neutron::plugins::ml2::fujitsu::cfab::pprofile_prefix: {get_param: NeutronFujitsuCfabPprofilePrefix} + neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig} + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index b7fe0a15..bd078074 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,6 +100,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index a4a487cc..d2ca841f 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -112,14 +112,14 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::service_name: 'httpd' - nova::wsgi::apache::ssl: {get_param: EnableInternalTLS} + nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::wsgi::apache::servername: + nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" @@ -133,10 +133,27 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - nova::wsgi::apache::workers: {get_param: NovaWorkers} + nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: + mysql: + map_merge: + - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} + - nova::db::mysql::password: {get_param: NovaPassword} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_param: NovaPassword} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" keystone: nova::keystone::auth::tenant: 'service' nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} @@ -144,18 +161,3 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - mysql: - nova::db::mysql::password: {get_param: NovaPassword} - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_param: NovaPassword} - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 9793c8e1..dabb1355 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -90,6 +90,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::api_database_connection: list_join: - '' @@ -99,6 +101,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 922a30f0..a9b2b3f9 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -21,6 +21,14 @@ parameters: NovaComputeLibvirtType: type: string default: kvm + LibvirtEnabledPerfEvents: + type: comma_delimited_list + default: [] + description: This is a performance event list which could be used as monitor. + For example - ``enabled_perf_events = cmt, mbml, mbmt`` + The supported events list can be found in + https://libvirt.org/html/libvirt-libvirt-domain.html , + which you may need to search key words ``VIR_PERF_PARAM_*`` MonitoringSubscriptionNovaLibvirt: default: 'overcloud-nova-libvirt' type: string @@ -50,6 +58,7 @@ outputs: tripleo::profile::base::nova::libvirt_enabled: true nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} nova::compute::libvirt::qemu::configure_qemu: true nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 47b3b3fa..0ed9d206 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -17,10 +17,6 @@ parameters: type: string description: The password for the opendaylight server. hidden: true - OpenDaylightEnableL3: - description: Knob to enable/disable ODL L3 - type: string - default: 'no' OpenDaylightEnableDHCP: description: Knob to enable/disable ODL DHCP Server type: boolean @@ -56,9 +52,14 @@ outputs: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} - opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} + tripleo.opendaylight_api.firewall_rules: + '137 opendaylight api': + dport: + - {get_param: OpenDaylightPort} + - 6640 + - 6653 step_config: | include tripleo::profile::base::neutron::opendaylight diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml deleted file mode 100644 index 87bbf0c5..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerCentral: - default: 'overcloud-ceilometer-agent-central' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-agent-central.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Central Agent pacemaker role. - value: - service_name: ceilometer_agent_central - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::manage_service: false - ceilometer::agent::central::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml deleted file mode 100644 index a013cf4f..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerNotification: - default: 'overcloud-ceilometer-agent-notification' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-agent-notification.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Notification Agent pacemaker role. - value: - service_name: ceilometer_agent_notification - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::notification::manage_service: false - ceilometer::agent::notification::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml deleted file mode 100644 index 95e791d1..00000000 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Ceilometer API service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerApi: - default: 'overcloud-ceilometer-api' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer API pacemaker role. - value: - service_name: ceilometer_api - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::api::manage_service: false - ceilometer::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml deleted file mode 100644 index 0ddd72c3..00000000 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Ceilometer Collector service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerCollector: - default: 'overcloud-ceilometer-collector' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-collector.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Collector pacemaker role. - value: - service_name: ceilometer_collector - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::collector::manage_service: false - ceilometer::collector::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml deleted file mode 100644 index 472b45f8..00000000 --- a/puppet/services/pacemaker/cinder-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Cinder API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - CinderApiBase: - type: ../cinder-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Cinder API role. - value: - service_name: cinder_api - monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [CinderApiBase, role_data, logging_source]} - logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [CinderApiBase, role_data, config_settings] - - cinder::api::manage_service: false - cinder::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::cinder::api diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml deleted file mode 100644 index 19785fab..00000000 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Cinder Scheduler service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - CinderSchedulerBase: - type: ../cinder-scheduler.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Cinder Scheduler role. - value: - service_name: cinder_scheduler - monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]} - logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [CinderSchedulerBase, role_data, config_settings] - - cinder::scheduler::manage_service: false - cinder::scheduler::enabled: false - step_config: - include ::tripleo::profile::pacemaker::cinder::scheduler diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml deleted file mode 100644 index f7e3d984..00000000 --- a/puppet/services/pacemaker/core.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Core (fake) service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: Role data for the Core role. - value: - service_name: core - config_settings: {} - step_config: | - include ::tripleo::profile::pacemaker::core
\ No newline at end of file diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml deleted file mode 100644 index fb29f4f4..00000000 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: ocata - -description: > - MongoDb service deployment using puppet - -parameters: - #Parameters not used EndpointMap - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - MongoDbBase: - type: ../../database/mongodb.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Service mongodb using composable services. - value: - service_name: mongodb - config_settings: - map_merge: - - get_attr: [MongoDbBase, role_data, config_settings] - - tripleo::profile::pacemaker::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} - mongodb::server::service_manage: False - step_config: | - include ::tripleo::profile::pacemaker::database::mongodb diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml deleted file mode 100644 index 00213cba..00000000 --- a/puppet/services/pacemaker/glance-api.yaml +++ /dev/null @@ -1,74 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Glance API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: - default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - -resources: - - GlanceApiBase: - type: ../glance-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance role. - value: - service_name: glance_api - monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]} - logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [GlanceApiBase, role_data, config_settings] - - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_file_pcmk_directory: '/var/lib/glance/images' - glance::api::manage_service: false - glance::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml deleted file mode 100644 index eaf0266c..00000000 --- a/puppet/services/pacemaker/glance-registry.yaml +++ /dev/null @@ -1,47 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Glance Registry service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - GlanceRegistryBase: - type: ../glance-registry.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance role. - value: - service_name: glance_registry - monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]} - logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [GlanceRegistryBase, role_data, config_settings] - - glance::registry::manage_service: false - glance::registry::enabled: false - # No puppet manifests since glance-registry is included in - # ::tripleo::profile::pacemaker::glance which is maintained alongside of - # pacemaker/glance-api.yaml. - step_config: diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml deleted file mode 100644 index f83c3cd6..00000000 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ /dev/null @@ -1,47 +0,0 @@ -heat_template_version: ocata - -description: > - Gnocchi service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionGnocchiMetricd: - default: 'overcloud-gnocchi-metricd' - type: string - -resources: - GnocchiServiceBase: - type: ../gnocchi-metricd.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Gnocchi role. - value: - service_name: gnocchi_metricd - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} - config_settings: - map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::metricd::manage_service: false - gnocchi::metricd::enabled: false - tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} - - step_config: | - include ::tripleo::profile::pacemaker::gnocchi::metricd diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml deleted file mode 100644 index 8c224497..00000000 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: ocata - -description: > - Gnocchi service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionGnocchiStatsd: - default: 'overcloud-gnocchi-statsd' - type: string - -resources: - GnocchiServiceBase: - type: ../gnocchi-statsd.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Gnocchi role. - value: - service_name: gnocchi_statsd - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} - config_settings: - map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::statsd::manage_service: false - gnocchi::statsd::enabled: false - tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} - step_config: | - include ::tripleo::profile::pacemaker::gnocchi::statsd diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml deleted file mode 100644 index da856d5a..00000000 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: ocata - -description: > - Openstack Heat CloudFormation API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiCfnBase: - type: ../heat-api-cfn.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat CloudFormation API role. - value: - service_name: heat_api_cfn - monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiCfnBase, role_data, config_settings] - - heat::api_cfn::manage_service: false - heat::api_cfn::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api_cfn diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml deleted file mode 100644 index a1a66cf6..00000000 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: ocata - -description: > - Openstack Heat CloudWatch API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiCloudwatchBase: - type: ../heat-api-cloudwatch.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat Cloudwatch API role. - value: - service_name: heat_api_cloudwatch - monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] - - heat::api_cloudwatch::manage_service: false - heat::api_cloudwatch::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api_cloudwatch diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml deleted file mode 100644 index c9a14373..00000000 --- a/puppet/services/pacemaker/heat-api.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: ocata - -description: > - Openstack Heat API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiBase: - type: ../heat-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat API role. - value: - service_name: heat_api - monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiBase, role_data, config_settings] - - heat::api::manage_service: false - heat::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml deleted file mode 100644 index 42eb0045..00000000 --- a/puppet/services/pacemaker/heat-engine.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - Openstack Heat Engine service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatEngineBase: - type: ../heat-engine.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - - -outputs: - role_data: - description: Role data for the Heat engine role. - value: - service_name: heat_engine - monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatEngineBase, role_data, config_settings] - - heat::engine::manage_service: false - heat::engine::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::engine diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml deleted file mode 100644 index 04b2d4c1..00000000 --- a/puppet/services/pacemaker/horizon.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: ocata - -description: > - Horizon service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - HorizonBase: - type: ../horizon.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Horizon role. - value: - service_name: horizon - monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]} - config_settings: - get_attr: [HorizonBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::horizon - include ::tripleo::profile::pacemaker::apache diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml deleted file mode 100644 index 97015484..00000000 --- a/puppet/services/pacemaker/keystone.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Keystone service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - KeystoneServiceBase: - type: ../keystone.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Keystone pacemaker role. - value: - service_name: keystone - monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]} - logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [KeystoneServiceBase, role_data, config_settings] - - keystone::manage_service: false - keystone::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml deleted file mode 100644 index 7e0007ce..00000000 --- a/puppet/services/pacemaker/memcached.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: ocata - -description: > - Mecached service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - MemcachedServiceBase: - type: ../memcached.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Memcached pacemaker role. - value: - service_name: memcached - monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [MemcachedServiceBase, role_data, config_settings] - - memcached::service_manage: false - step_config: | - include ::tripleo::profile::pacemaker::memcached diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml deleted file mode 100644 index 84a4f8ad..00000000 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron DHCP service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronDhcpBase: - type: ../neutron-dhcp.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron DHCP role. - value: - service_name: neutron_dhcp - monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronDhcpBase, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_dhcp: True - neutron::agents::dhcp::enabled: false - neutron::agents::dhcp::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::dhcp diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml deleted file mode 100644 index 6a99cf98..00000000 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron L3 service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronL3Base: - type: ../neutron-l3.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron L3 role. - value: - service_name: neutron_l3 - monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]} - logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronL3Base, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_l3: True - neutron::agents::l3::enabled: false - neutron::agents::l3::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::l3 diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml deleted file mode 100644 index 2c3dd374..00000000 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Metadata service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMetadataBase: - type: ../neutron-metadata.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Metadata role. - value: - service_name: neutron_metadata - monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronMetadataBase, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_metadata: True - step_config: | - include ::tripleo::profile::pacemaker::neutron::metadata diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml deleted file mode 100644 index b7f77697..00000000 --- a/puppet/services/pacemaker/neutron-midonet.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Midonet with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMidonetBase: - type: ../neutron-midonet.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Midonet plugin. - value: - service_name: neutron_midonet - monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [NeutronMidonetBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::midonet diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml deleted file mode 100644 index 67d5e274..00000000 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron OVS agent with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronOvsBase: - type: ../neutron-ovs-agent.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron OVS agent service. - value: - service_name: neutron_ovs_agent - monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]} - config_settings: - get_attr: [NeutronOvsBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::ovs diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml deleted file mode 100644 index 3b2bba04..00000000 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMl2Base: - type: ../neutron-plugin-ml2.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron ML2 plugin. - value: - service_name: neutron_plugin_ml2 - config_settings: - map_merge: - - get_attr: [NeutronMl2Base, role_data, config_settings] - - neutron::agents::ml2::ovs::enabled: false - neutron::agents::ml2::ovs::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml deleted file mode 100644 index 0302b1c5..00000000 --- a/puppet/services/pacemaker/neutron-plugin-nuage.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginNuageBase: - type: ../neutron-plugin-nuage.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Nuage plugin. - value: - service_name: neutron_plugin_nuage - config_settings: - map_merge: - - get_attr: [NeutronPluginNuageBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::nuage diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml deleted file mode 100644 index d3b7e76e..00000000 --- a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginOpenContrail: - type: ../neutron-plugin-nuage.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron OpenContrail plugin. - value: - service_name: neutron_plugin_opencontrail - config_settings: - map_merge: - - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml deleted file mode 100644 index bc0ecac0..00000000 --- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginPlumgridBase: - type: ../neutron-plugin-ml2.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron PLUMgrid plugin. - value: - service_name: neutron_plugin_plumgrid - config_settings: - map_merge: - - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml deleted file mode 100644 index 015cd9fb..00000000 --- a/puppet/services/pacemaker/neutron-server.yaml +++ /dev/null @@ -1,48 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Server with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NeutronL3HA: - default: true - description: Whether to enable HA for virtual routers - type: boolean - -resources: - - NeutronServerBase: - type: ../neutron-server.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Server. - value: - service_name: neutron_server - monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [NeutronServerBase, role_data, config_settings] - - neutron::server::enabled: false - neutron::server::manage_service: false - neutron::server::l3_ha: {get_param: NeutronL3HA} - step_config: | - include ::tripleo::profile::pacemaker::neutron::server diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml deleted file mode 100644 index c9411900..00000000 --- a/puppet/services/pacemaker/nova-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Nova API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaApiBase: - type: ../nova-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova API role. - value: - service_name: nova_api - monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaApiBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaApiBase, role_data, config_settings] - - nova::api::manage_service: false - nova::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::api diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml deleted file mode 100644 index 31b4c406..00000000 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Nova Conductor service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaConductorBase: - type: ../nova-conductor.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Conductor role. - value: - service_name: nova_conductor - monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaConductorBase, role_data, config_settings] - - nova::conductor::manage_service: false - nova::conductor::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::conductor diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml deleted file mode 100644 index 8c4be5a8..00000000 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Nova Consoleauth service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaConsoleauthBase: - type: ../nova-consoleauth.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Consoleauth role. - value: - service_name: nova_consoleauth - monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaConsoleauthBase, role_data, config_settings] - - nova::consoleauth::manage_service: false - nova::consoleauth::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::consoleauth diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml deleted file mode 100644 index afcf5d5c..00000000 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Nova Scheduler service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaSchedulerBase: - type: ../nova-scheduler.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Scheduler role. - value: - service_name: nova_scheduler - monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaSchedulerBase, role_data, config_settings] - - nova::scheduler::manage_service: false - nova::scheduler::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::scheduler diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml deleted file mode 100644 index 22eeb261..00000000 --- a/puppet/services/pacemaker/nova-vnc-proxy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Nova Vncproxy service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaVncproxyBase: - type: ../nova-vnc-proxy.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Vncproxy role. - value: - service_name: nova_vnc_proxy - monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaVncproxyBase, role_data, config_settings] - - nova::vncproxy::manage_service: false - nova::vncproxy::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::vncproxy diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml deleted file mode 100644 index 4ff93f9a..00000000 --- a/puppet/services/pacemaker/sahara-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Sahara API service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - SaharaApiBase: - type: ../sahara-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Sahara API role. - value: - service_name: sahara_api - monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]} - logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [SaharaApiBase, role_data, config_settings] - - sahara::service::api::manage_service: false - sahara::service::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml deleted file mode 100644 index 18f2ffe1..00000000 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Sahara Engine service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - SaharaEngineBase: - type: ../sahara-engine.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Sahara Engine role. - value: - service_name: sahara_engine - monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]} - logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [SaharaEngineBase, role_data, config_settings] - - sahara::service::engine::manage_service: false - sahara::service::engine::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 68283137..6e25d796 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,6 +46,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index a32dec1e..ab9dad46 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -69,6 +69,7 @@ outputs: rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::port: '5672' + rabbitmq::package_provider: yum rabbitmq::package_source: undef rabbitmq::repos_ensure: false rabbitmq::tcp_keepalive: true @@ -106,6 +107,6 @@ outputs: tags: step2 service: name=rabbitmq-server state=stopped - name: Start rabbitmq service - tags: step6 + tags: step4 service: name=rabbitmq-server state=started diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 90e2af67..b4307053 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,6 +64,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index 499160e5..e892d813 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -35,6 +35,7 @@ resources: template: "stepSTEP" params: STEP: {get_param: step} + modulepath: /usr/share/ansible-modules inputs: - name: role config: {get_attr: [AnsibleConfig, value]} diff --git a/requirements.txt b/requirements.txt index 9c4a708a..555b240d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,6 @@ -pbr>=0.5.21,<1.0 +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +pbr>=1.8 # Apache-2.0 Jinja2>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT diff --git a/roles_data.yaml b/roles_data.yaml index e96bd78d..8b820665 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -14,14 +14,18 @@ # defaults to '%stackname%-{{role.name.lower()}}-%index%' # sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml # +# disable_constraints: (boolean) optional, whether to disable Nova and Glance +# constraints for each role specified in the templates. +# # ServicesDefault: (list) optional default list of services to be deployed # on the role, defaults to an empty list. Sets the default for the # {{role.name}}Services parameter in overcloud.yaml -- name: Controller +- name: Controller # the 'primary' role goes first CountDefault: 1 ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRgw @@ -29,7 +33,6 @@ - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -98,6 +101,7 @@ - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Zaqar - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::NeutronML2FujitsuCfab - name: Compute CountDefault: 1 diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml new file mode 100644 index 00000000..08213b68 --- /dev/null +++ b/roles_data_undercloud.yaml @@ -0,0 +1,35 @@ +- name: Undercloud # the 'primary' role goes first + CountDefault: 1 + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Apache + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronDhcpAgent @@ -1,4 +1,3 @@ -#!/usr/bin/env python # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,6 +16,14 @@ # THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT import setuptools +# In python < 2.7.4, a lazy loading of package `pbr` will break +# setuptools if some other modules registered functions in `atexit`. +# solution from: http://bugs.python.org/issue15881#msg170215 +try: + import multiprocessing # noqa +except ImportError: + pass + setuptools.setup( - setup_requires=['pbr'], + setup_requires=['pbr>=1.8'], pbr=True) diff --git a/test-requirements.txt b/test-requirements.txt index c3726e8b..faf4893f 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1 +1,6 @@ -pyyaml +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +PyYAML>=3.10.0 # MIT +Jinja2>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT diff --git a/tools/process-templates.py b/tools/process-templates.py index a15b00e2..9a06812b 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -14,6 +14,7 @@ import argparse import jinja2 import os +import six import sys import yaml diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 95c7d025..fd1f47de 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -24,6 +24,45 @@ def exit_usage(): sys.exit(1) +def validate_mysql_connection(settings): + no_op = lambda *args: False + error_status = [0] + + def mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + def client_bind_address(item): + return 'bind_address' in item + + def validate_mysql_uri(key, items): + # Only consider a connection if it targets mysql + if key.endswith('connection') and \ + search(items, mysql_protocol, no_op): + # Assume the "bind_address" option is one of + # the token that made up the uri + if not search(items, client_bind_address, no_op): + error_status[0] = 1 + return False + + def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + search(settings, no_op, validate_mysql_uri) + return error_status[0] + + def validate_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -41,6 +80,12 @@ def validate_service(filename, tpl): print('ERROR: service_name should match file name for service: %s.' % filename) return 1 + # if service connects to mysql, the uri should use option + # bind_address to avoid issues with VIP failover + if 'config_settings' in role_data and \ + validate_mysql_connection(role_data['config_settings']): + print('ERROR: mysql connection uri should use option bind_address') + return 1 if 'parameters' in tpl: for param in required_params: if param not in tpl['parameters']: |