diff options
59 files changed, 769 insertions, 212 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 14d50f19..ae747621 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -41,17 +41,17 @@ root_template: overcloud.yaml root_environment: overcloud-resource-registry-puppet.yaml topics: - - title: Basic Configuration + - title: Base Resources Configuration description: environment_groups: - title: - description: Enable basic configuration required for OpenStack Deployment + description: Enable base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml - title: Default Configuration + title: Base resources configuration description: - - title: Deployment options + - title: Deployment Options description: environment_groups: - title: High Availability @@ -62,6 +62,15 @@ topics: description: Enable configuration of an Overcloud controller with Pacemaker requires: - overcloud-resource-registry-puppet.yaml + - title: Pacemaker options + description: + environments: + - file: environments/puppet-pacemaker-no-restart.yaml + title: Pacemaker No Restart + description: + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml - title: Docker RDO description: > Docker container with heat agents for containerized compute node @@ -71,26 +80,114 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Enable TLS + description: > + environments: + - file: environments/enable-tls.yaml + title: TLS + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + environments must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: > + environments: + - file: environments/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - title: External load balancer + description: > + Enable external load balancer + environments: + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Additional Services + description: Deploy additional Overcloud services + environment_groups: + - title: Manila + description: + environments: + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - title: Sahara + description: + environments: + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Ironic + description: + environments: + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Mistral + description: + environments: + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: # environment_groups: - - title: Overlay network Configuration + - title: Overlay Network Configuration description: environment_groups: - title: Network Isolation - description: > - Enable the creation of Neutron networks for - isolated Overcloud traffic and configure each role to assign ports - (related to that role) on these networks. + description: environments: - file: environments/network-isolation.yaml title: Network Isolation - description: Enable Network Isolation + description: > + Enable the creation of Neutron networks for + isolated Overcloud traffic and configure each role to assign ports + (related to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single nic or Bonding + - file: environments/network-isolation-v6.yaml + title: Network Isolation IPv6 + description: > + Enable the creation of IPv6 Neutron networks for isolated Overcloud + traffic and configure each role to assign ports (related + to that role) on these networks. + requires: + - overcloud-resource-registry-puppet.yaml + - title: Single NIC or Bonding description: > Configure roles to use pair of bonded nics or to use Vlans on a single nic. This option assumes use of Network Isolation. @@ -104,23 +201,105 @@ topics: requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-no-external.yaml + title: Bond with Vlans No External Ports + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-v6.yaml + title: Bond with Vlans IPv6 + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role, with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics.yaml + title: Multiple NICs + description: > + Configures each role to use a separate NIC for + each isolated network. + This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics-v6.yaml + title: Multiple NICs IPv6 + description: > + Configure each role to use a separate NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml - title: Single nic with Vlans + title: Single NIC with Vlans description: > - Configure each role to use Vlans on a single nic for + Configure each role to use Vlans on a single NIC for each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-no-external.yaml + title: Single NIC with Vlans No External Ports + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-linux-bridge-with-vlans.yaml + title: Single NIC with Linux Bridge Vlans + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-v6.yaml + title: Single NIC with Vlans IPv6 + description: > + Configures each role to use Vlans on a single NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6 + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - title: Management Network + description: > + Enable the creation of a system management network. This + creates a Neutron network for isolated Overcloud + system management traffic and configures each role to + assign a port (related to that role) on that network. + environments: + - file: environments/network-management.yaml + title: Management Network + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/network-management-v6.yaml + title: Management Network IPv6 + description: + requires: + - overcloud-resource-registry-puppet.yaml - title: Neutron Plugin Configuration description: environment_groups: - - title: BigSwitch extensions or Cisco N1KV backend - description: + - title: Neutron Plugins + description: > + Enable various Neutron plugins and backends environments: - file: environments/neutron-ml2-bigswitch.yaml - title: BigSwitch extensions + title: BigSwitch Extensions description: > Enable Big Switch extensions, configured via puppet requires: @@ -131,28 +310,101 @@ topics: Enable a Cisco N1KV backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Cisco Neutron plugin - description: > - Enable a Cisco Neutron plugin - environments: - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml title: Cisco Neutron plugin description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-midonet.yaml + title: Deploy MidoNet Services + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-nuage-config.yaml + title: Neutron Nuage backend + description: Enables Neutron Nuage backend on the controller + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opencontrail.yaml + title: OpenContrail Extensions + description: Enables OpenContrail extensions + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight.yaml + title: OpenDaylight + description: Enables OpenDaylight + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight-l3.yaml + title: OpenDaylight with L3 DVR + description: Enables OpenDaylight with L3 DVR + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dpdk.yaml + title: DPDK with OVS + description: Deploy DPDK with OVS + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dvr.yaml + title: DVR + description: Enables DVR in the Overcloud + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-plumgrid.yaml + title: PLUMgrid extensions + description: Enables PLUMgrid extensions + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Storage description: environment_groups: - - title: Cinder NetApp backend + - title: Cinder backup service + description: + environments: + - file: environments/cinder-backup.yaml + title: Cinder backup service + description: > + OpenStack Cinder Backup service with Pacemaker configured + with Puppet + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml + - title: Cinder backend description: > - Enable a Cinder NetApp backend, configured via puppet + Enable various Cinder backends environments: - file: environments/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellsc-config.yaml + title: Cinder Dell Storage Center ISCSI backend + description: > + Enables a Cinder Dell Storage Center ISCSI backend, configured + via puppet + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-eqlx-config.yaml + title: Cinder EQLX backend + description: > + Enables a Cinder EQLX backend, configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Externally managed Ceph description: > Enable the use of an externally managed Ceph cluster @@ -224,6 +476,14 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Manage Firewall + description: + environments: + - file: environments/manage-firewall.yaml + title: Manage Firewall + description: + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 87ebb1d7..cee4ae4a 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -1,9 +1,8 @@ -# If using an isolated StorageMgmt network, this will have to be uncommented to -# plug the network on the compute nodes as well. -#resource_registry: -# OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml +# If not using an isolated StorageMgmt network, the following regitry mapping +# should be commented. +resource_registry: + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml -# Should match the default list of services for the compute node plus CephOSD parameter_defaults: ComputeServices: - OS::TripleO::Services::CephOSD diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml new file mode 100644 index 00000000..ad428686 --- /dev/null +++ b/environments/low-memory-usage.yaml @@ -0,0 +1,15 @@ +# Lower the memory usage of overcloud. +parameter_defaults: + CeilometerWorkers: 1 + CinderWorkers: 1 + GlanceWorkers: 1 + HeatWorkers: 1 + KeystoneWorkers: 1 + NeutronWorkers: 1 + NovaWorkers: 1 + SaharaWorkers: 1 + SwiftWorkers: 1 + GnocchiMetricdWorkers: 1 + + ApacheMaxRequestWorkers: 32 + ApacheServerLimit: 32 diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml index c1dbde42..9d6ce73e 100644 --- a/environments/major-upgrade-aodh-migration.yaml +++ b/environments/major-upgrade-aodh-migration.yaml @@ -3,8 +3,4 @@ resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml # no-op the rest - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index d97f8fc1..f4f361df 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 95f09666..9fb51a4d 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml new file mode 100644 index 00000000..4115d8b2 --- /dev/null +++ b/environments/manila-cephfsnative-config.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeEnableBackend: true + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/extraconfig/all_nodes/mac_hostname.j2.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml index af6aa7f7..75ffc9e6 100644 --- a/extraconfig/all_nodes/mac_hostname.j2.yaml +++ b/extraconfig/all_nodes/mac_hostname.j2.yaml @@ -34,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE {% endfor %} @@ -63,7 +63,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: DistributeMacDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: DistributeMacConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these diff --git a/extraconfig/all_nodes/random_string.j2.yaml b/extraconfig/all_nodes/random_string.j2.yaml index 1c42cb85..9ce2ca8a 100644 --- a/extraconfig/all_nodes/random_string.j2.yaml +++ b/extraconfig/all_nodes/random_string.j2.yaml @@ -34,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: @@ -44,7 +44,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsCompute - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml index 014a96a1..36076b0c 100644 --- a/extraconfig/all_nodes/swap-partition.j2.yaml +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -37,7 +37,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup properties: config: {get_resource: SwapConfig} - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} input_values: swap_partition_label: {get_param: swap_partition_label} actions: ["CREATE"] diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml index 97149080..ce65dacb 100644 --- a/extraconfig/all_nodes/swap.j2.yaml +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -50,7 +50,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup properties: config: {get_resource: SwapConfig} - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} input_values: swap_size_megabytes: {get_param: swap_size_megabytes} swap_path: {get_param: swap_path} diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh index 21a2b5bc..b633e658 100755 --- a/extraconfig/tasks/major_upgrade_ceph_mon.sh +++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh @@ -24,7 +24,7 @@ if [ ${CEPH_STATUS} = HEALTH_ERR ]; then fi # Useful when upgrading with OSDs num < replica size -if [ ${ignore_ceph_upgrade_warnings:-false} != "true" ]; then +if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK; sleep 30; diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index 78628c8c..a1df695f 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -12,6 +12,8 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the compute nodes as part of the ### tripleo upgrades workflow +set -eu + # pin nova to kilo (messaging +-1) for the nova-compute service crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 2490ce27..cdf3fa70 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -19,7 +19,7 @@ STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk pcs property set stonith-enabled=false # Migrate to HA NG -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then migrate_full_to_ng_ha fi @@ -29,9 +29,26 @@ fi # is going to take a long time because rabbit is down. By having the service stopped # systemctl try-restart is a noop -for $service in $(services_to_migrate); do +for service in $(services_to_migrate); do manage_systemd_service stop "${service%%-clone}" - check_resource_systemd "${service%%-clone}" stopped 600 + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + + done done # In case the mysql package is updated, the database on disk must be @@ -46,7 +63,7 @@ done # on mysql package versionning, but this can be overriden manually # to support specific upgrade scenario -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then if [ $DO_MYSQL_UPGRADE -eq 1 ]; then mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" @@ -58,6 +75,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) check_resource rabbitmq stopped 600 pcs resource disable galera check_resource galera stopped 600 + pcs resource disable openstack-cinder-volume + check_resource openstack-cinder-volume stopped 600 # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do @@ -68,7 +87,7 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) fi -# Swift isn't controled by pacemaker +# Swift isn't controlled by pacemaker systemctl_swift stop tstart=$(date +%s) @@ -151,5 +170,15 @@ fi # Pin messages sent to compute nodes to kilo, these will be upgraded later crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" +# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 +# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 +crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit +# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 +# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists +crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" +# LP: 1615035, required only for M/N upgrade. +crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager +# LP: 1627450, required only for M/N upgrade +crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 6bb2fa73..4dc2b168 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -32,6 +32,13 @@ fi start_or_enable_service galera check_resource galera started 600 +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 if [[ -n $(is_bootstrap_node) ]]; then tstart=$(date +%s) @@ -53,6 +60,7 @@ if [[ -n $(is_bootstrap_node) ]]; then keystone-manage db_sync neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head nova-manage db sync + nova-manage api_db sync #TODO(marios):someone from sahara needs to check this: # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi @@ -61,6 +69,9 @@ start_or_enable_service rabbitmq check_resource rabbitmq started 600 start_or_enable_service redis check_resource redis started 600 +start_or_enable_service openstack-cinder-volume +check_resource openstack-cinder-volume started 600 + # Swift isn't controled by pacemaker systemctl_swift start @@ -68,7 +79,7 @@ systemctl_swift start # We need to start the systemd services we explicitely stopped at step _1.sh # FIXME: Should we let puppet during the convergence step do the service enabling or # should we add it here? -for $service in $(services_to_migrate); do - manage_systemd_service stop "${service%%-clone}" +for service in $(services_to_migrate); do + manage_systemd_service start "${service%%-clone}" check_resource_systemd "${service%%-clone}" started 600 done diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 931f4f42..f82457ce 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -12,6 +12,7 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the swift-storage nodes as part of the ### tripleo upgrades workflow +set -eu function systemctl_swift { action=\$1 diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 7244f949..a2a1bb5d 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -46,7 +46,7 @@ resources: CephMonUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: CephMonUpgradeConfig} input_values: {get_param: input_values} update_policy: @@ -83,7 +83,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: CephMonUpgradeDeployment properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} @@ -97,7 +97,7 @@ resources: BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, BlockStorage} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: BlockStorageUpgradeConfig} input_values: {get_param: input_values} @@ -116,7 +116,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: BlockStorageUpgradeDeployment properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index b8c5321b..d974bb79 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -109,10 +109,11 @@ function services_to_migrate { # during the conversion # 2. Remove all the colocation constraints and then the ordering constraints, except the # ones related to haproxy/VIPs which exist in Newton as well -# 3. Remove all the resources that won't be managed by pacemaker in newton. Note that they -# will show up as ORPHANED but they will keep running normally via systemd. They will be -# enabled to start at boot by puppet during the converge step -# 4. Take the cluster out of maintenance-mode and do a resource cleanup +# 3. Take the cluster out of maintenance-mode and do a resource cleanup +# 4. Remove all the resources that won't be managed by pacemaker in newton. The +# outcome will be +# that they are stopped and removed from pacemakers control +# 5. Do a resource cleanup to make sure the cluster is in a clean state function migrate_full_to_ng_ha { if [[ -n $(pcmk_running) ]]; then pcs property set maintenance-mode=true @@ -135,32 +136,35 @@ function migrate_full_to_ng_ha { log_debug "Deleting ordering constraint $constraint from CIB" pcs constraint remove "$constraint" done + # At this stage all the pacemaker resources are removed from the CIB. + # Once we remove the maintenance-mode those systemd resources will keep + # on running. They shall be systemd enabled via the puppet converge + # step later on + pcs property set maintenance-mode=false # At this stage there are no constraints whatsoever except the haproxy/ip ones - # which we want to keep. We now delete each resource that will move to systemd - # Note that the corresponding systemd resource will stay running, which means that - # later when we do the "yum update", things will be a bit slower because each - # "systemctl try-restart <service>" is not a no-op any longer because the service is up - # and running and it will be restarted with rabbitmq being down. + # which we want to keep. We now disable and then delete each resource + # that will move to systemd. + # We want the systemd resources be stopped before doing "yum update", + # that way "systemctl try-restart <service>" is no-op because the + # service was down already PCS_STATUS_OUTPUT="$(pcs status)" for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then log_debug "Deleting $resource from the CIB" - - # We need to add --force because the cluster is in maintenance mode and the resource - # is unmanaged. The if serves to make this idempotent + if ! pcs resource disable "$resource" --wait=600; then + echo_error "ERROR: resource $resource failed to be disabled" + exit 1 + fi pcs resource delete --force "$resource" else log_debug "Service $service not found as a pacemaker resource, not trying to delete." fi done - # At this stage all the pacemaker resources are removed from the CIB. Once we remove the - # maintenance-mode those systemd resources will keep on running. They shall be systemd enabled - # via the puppet converge step later on - pcs property set maintenance-mode=false - # We need to do a pcs resource cleanup here + crm_resource --wait to make sure the - # cluster is in a clean state before we stop everything, upgrade and restart everything + # We need to do a pcs resource cleanup here + crm_resource --wait to + # make sure the cluster is in a clean state before we stop everything, + # upgrade and restart everything pcs resource cleanup # We are making sure here that the cluster is stable before proceeding if ! timeout -k 10 600 crm_resource --wait; then diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml index 91406fba..b9a87d33 100644 --- a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml +++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml @@ -20,6 +20,6 @@ resources: AodhMysqlMigrationScriptDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: AodhMysqlMigrationScriptConfig} input_values: {get_param: input_values} diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 3d61910e..782b6b07 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml index 2dd0a0ee..80060b57 100644 --- a/network/ports/from_service_v6.yaml +++ b/network/ports/from_service_v6.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 505f033d..f0a6035a 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -220,6 +220,7 @@ resource_registry: OS::Tripleo::Services::ManilaShare: OS::Heat::None OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None + OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index aad1af62..e2ff4c14 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -261,6 +261,21 @@ resources: {% for r in roles %} - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] {% endfor %} + # This next step combines two yaql passes: + # - The inner one does a deep merge on the service_config_settings for all roles + # - The outer one filters the map based on the services enabled for the role + # then merges the result into one map. + - yaql: + expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + data: + map: + yaql: + expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) + data: + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings] + {% endfor %} + services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} @@ -536,8 +551,6 @@ outputs: EnabledServices: description: The services enabled on each role value: - Controller: {get_attr: [ControllerServiceChain, role_data, service_names]} - Compute: {get_attr: [ComputeServiceChain, role_data, service_names]} - BlockStorage: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - CephStorage: {get_attr: [CephStorageServiceChain, role_data, service_names]} +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml index 9b31b448..e455c4cb 100644 --- a/puppet/blockstorage-config.yaml +++ b/puppet/blockstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml index 4bad4a16..3f428609 100644 --- a/puppet/cephstorage-config.yaml +++ b/puppet/cephstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml index 9e128d3a..2314c47d 100644 --- a/puppet/compute-config.yaml +++ b/puppet/compute-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index 811c544d..99c7b26e 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -26,6 +26,9 @@ resources: modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules outputs: - name: result + inputs: + - name: step + type: Number config: list_join: - '' diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 5dea044e..6a2ea4d5 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -94,10 +94,10 @@ resources: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} NetworkMidonetDeploymentComputes: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 728c7ccc..7bda0cd5 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -132,7 +132,7 @@ resources: properties: name: NetworkCiscoDeployment config: {get_resource: NetworkCiscoConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} input_values: UCSM_ip: {get_param: NetworkUCSMIp} UCSM_username: {get_param: NetworkUCSMUsername} @@ -179,7 +179,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -187,7 +187,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCompute - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -195,7 +195,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsBlockStorage - servers: {get_param: servers, BlockStorage} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -203,7 +203,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsObjectStorage - servers: {get_param: servers, ObjectStorage} + servers: {get_param: [servers, ObjectStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -211,7 +211,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCephStorage - servers: {get_param: servers, CephStorage} + servers: {get_param: [servers, CephStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml index 1dee8e60..33480544 100644 --- a/puppet/objectstorage-config.yaml +++ b/puppet/objectstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index c84614ba..d3d9b5ad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -53,6 +53,12 @@ outputs: - get_attr: [AodhBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' tripleo.aodh_api.firewall_rules: '128 aodh-api': @@ -68,5 +74,7 @@ outputs: aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} + service_config_settings: + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 187345ad..5314b837 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -87,12 +87,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} - aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} - aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} - aodh::keystone::auth::password: {get_param: AodhPassword} - aodh::keystone::auth::region: {get_param: KeystoneRegion} - aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -102,3 +96,11 @@ outputs: - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 7595e4c3..c9792019 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -5,6 +5,14 @@ description: > automatically via other services which run via Apache. parameters: + ApacheMaxRequestWorkers: + default: 256 + description: Maximum number of simultaneously processed requests. + type: number + ApacheServerLimit: + default: 256 + description: Maximum number of Apache processes. + type: number ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,5 +46,7 @@ outputs: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } + apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index c6e36502..50431e3d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -71,5 +71,13 @@ outputs: ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::ssl: false + ceilometer::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 62fdd5c1..25fccd9e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -107,12 +107,6 @@ outputs: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer::keystone::auth::password: {get_param: CeilometerPassword} - ceilometer::keystone::auth::region: {get_param: KeystoneRegion} - ceilometer::keystone::auth::tenant: 'service' ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -127,3 +121,11 @@ outputs: ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} + service_config_settings: + keystone: + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 6bb4f6d1..18a4b780 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -67,11 +67,13 @@ outputs: tripleo.ceph_rgw.firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} - ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} - ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} - ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} - ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} - ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} - ceph::rgw::keystone::auth::tenant: 'service' step_config: | include ::tripleo::profile::base::ceph::rgw + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 1dae9f15..875a3aa1 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -65,19 +65,8 @@ outputs: cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} cinder::keystone::authtoken::project_name: 'service' - cinder::keystone::auth::tenant: 'service' - cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} - cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} - cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} - cinder::keystone::auth::password: {get_param: CinderPassword} - cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder cinder::config: @@ -98,3 +87,17 @@ outputs: cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} step_config: | include ::tripleo::profile::base::cinder::api + service_config_settings: + keystone: + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index b0eea481..094a7c9f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -74,5 +74,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index f0ec8230..c399bf4e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -45,9 +45,16 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of API worker processes for Glance. If left unset (empty string), the + default value will result in the configuration being left unset and a + system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of + processes on systems with a large number of CPUs resulting in excess + memory consumption. It is recommended that a suitable non-default value + be selected on such systems. + type: string GlanceRbdPoolName: default: images type: string @@ -128,11 +135,6 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } - glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: @@ -140,7 +142,6 @@ outputs: dport: - 9292 - 13292 - glance::keystone::auth::tenant: 'service' glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true @@ -153,3 +154,11 @@ outputs: glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 864e970f..2b7b4345 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -27,9 +27,16 @@ parameters: type: string hidden: true GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of worker processes for glance registry. If left unset (empty + string), the default value will result in the configuration being left + unset and a system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of processes + on systems with a large number of CPUs resulting in excess memory + consumption. It is recommended that a suitable non-default value be + selected on such systems. + type: string MonitoringSubscriptionGlanceRegistry: default: 'overcloud-glance-registry' type: string diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index e8f25bb1..481a44cb 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -78,17 +78,17 @@ outputs: - 13041 gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} - gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples @@ -104,3 +104,11 @@ outputs: gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} step_config: | include ::tripleo::profile::base::gnocchi::api + service_config_settings: + keystone: + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index ebdebd1e..1400bc98 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -21,6 +21,10 @@ parameters: MonitoringSubscriptionGnocchiMetricd: default: 'overcloud-gnocchi-metricd' type: string + GnocchiMetricdWorkers: + default: '' + description: Number of workers for Gnocchi MetricD + type: string resources: GnocchiServiceBase: @@ -39,5 +43,6 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers} step_config: | include ::tripleo::profile::base::gnocchi::metricd diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 4e9c45e6..a47fec5a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -60,12 +60,6 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api_cfn.firewall_rules: '125 heat_cfn': dport: @@ -80,3 +74,11 @@ outputs: heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn + service_config_settings: + keystone: + heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index edaff77a..2ea96fc0 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -60,12 +60,6 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api.firewall_rules: '125 heat_api': dport: @@ -80,3 +74,11 @@ outputs: heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api + service_config_settings: + keystone: + heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 5c3f370e..19e54f5b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -58,12 +58,6 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::auth_name: 'ironic' - ironic::keystone::auth::password: {get_param: IronicPassword } - ironic::keystone::auth::tenant: 'service' tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -71,3 +65,11 @@ outputs: - 13385 step_config: | include ::tripleo::profile::base::ironic::api + service_config_settings: + keystone: + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::keystone::auth::auth_name: 'ironic' + ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b488fb44..b7a807fa 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -118,7 +118,6 @@ outputs: logging_groups: - keystone config_settings: - config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - keystone::database_connection: @@ -172,7 +171,18 @@ outputs: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' keystone::wsgi::apache::ssl: false - + keystone::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::servername_admin: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml index 583dca33..c8f67556 100644 --- a/puppet/services/logging/fluentd-base.yaml +++ b/puppet/services/logging/fluentd-base.yaml @@ -33,4 +33,5 @@ outputs: fluentd::config_group: fluentd fluentd::config_path: /etc/fluentd/config.d fluentd::plugin_provider: yum + fluentd::service_provider: systemd fluentd::repo_install: false diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 1513ab31..9882adc4 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,14 +51,6 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword } - manila::keystone::auth::region: {get_param: KeystoneRegion } # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -69,4 +61,14 @@ outputs: manila::api::enable_proxy_headers_parsing: true step_config: | include ::tripleo::profile::base::manila::api - + service_config_settings: + keystone: + manila::keystone::auth::tenant: 'service' + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml new file mode 100644 index 00000000..89a36d21 --- /dev/null +++ b/puppet/services/manila-backend-cephfs.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila Cephfs backend + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # CephFS Native backend params: + ManilaCephFSNativeEnableBackend: + type: boolean + default: false + ManilaCephFSNativeBackendName: + type: string + default: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: + type: boolean + default: false + ManilaCephFSNativeShareBackendName: + type: string + default: 'cephfs' + ManilaCephFSNativeCephFSConfPath: + type: string + default: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + ManilaCephFSNativeCephFSClusterName: + type: string + default: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: + type: boolean + default: true + +outputs: + role_data: + description: Role data for the Manila Cephfs backend. + value: + service_name: manila_backend_cephfs + config_settings: + manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend} + manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} + manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} + manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} + manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath} + manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} + manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} + manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + step_config: diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b1734713..dca82bc0 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -130,12 +130,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - neutron::keystone::auth::tenant: 'service' - neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} - neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron::keystone::auth::password: {get_param: NeutronPassword} - neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -177,3 +171,11 @@ outputs: neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server + service_config_settings: + keystone: + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index a124d4a1..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -23,9 +23,16 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 9d42fe65..25ae0176 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -94,12 +94,6 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true - nova::keystone::auth::tenant: 'service' - nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova::keystone::auth::password: {get_param: NovaPassword} - nova::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -113,3 +107,11 @@ outputs: step_config: | include tripleo::profile::base::nova::api + service_config_settings: + keystone: + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d555ed0a..7deaf0ca 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -35,6 +35,21 @@ outputs: value: service_name: mysql config_settings: - get_attr: [MysqlBase, role_data, config_settings] + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: + get_param: [ServiceNetMap, MysqlNetwork] step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 8085d546..4f139b5f 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -61,11 +61,6 @@ outputs: - get_attr: [SaharaBase, role_data, config_settings] - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} sahara::service::api::api_workers: {get_param: SaharaWorkers} - sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara::keystone::auth::password: {get_param: SaharaPassword } - sahara::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -79,3 +74,11 @@ outputs: - 13386 step_config: | include ::tripleo::profile::base::sahara::api + service_config_settings: + keystone: + sahara::keystone::auth::tenant: 'service' + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c1ab8e8b..c3986b77 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -85,6 +85,5 @@ outputs: - storm sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' - sahara::keystone::auth::tenant: 'service' sahara::db::database_db_max_retries: -1 sahara::db::database_max_retries: -1 diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index c8d5642c..7b5fa40c 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -54,8 +54,8 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.subscriptions.where($ != null)) - data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} + expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} logging_sources: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some @@ -77,7 +77,9 @@ outputs: data: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - - {get_attr: [ServiceChain, role_data, logging_source]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} @@ -90,12 +92,18 @@ outputs: data: groups: - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] - - {get_attr: [ServiceChain, role_data, logging_groups]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.configs.where($ != null)) - data: {configs: {get_attr: [ServiceChain, role_data, global_config_settings]}} + expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + service_config_settings: + yaql: + expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {get_attr: [ServiceChain, role_data]} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index d7b0cd7c..8b990bcd 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -66,25 +66,11 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} - swift::keystone::auth::password: {get_param: SwiftPassword} - swift::keystone::auth::region: {get_param: KeystoneRegion} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: - 8080 - 13808 - swift::keystone::auth::tenant: 'service' - swift::keystone::auth::configure_s3_endpoint: false - swift::keystone::auth::operator_roles: - - admin - - swiftoperator - - ResellerAdmin swift::proxy::keystone::operator_roles: - admin - swiftoperator @@ -113,3 +99,19 @@ outputs: swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 7aa3706f..eb5237fe 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -32,7 +32,7 @@ outputs: value: service_name: ntp config_settings: - ntp::ntpservers: {get_param: NtpServer} + ntp::servers: {get_param: NtpServer} tripleo.ntp.firewall_rules: '105 ntp': dport: 123 diff --git a/roles_data.yaml b/roles_data.yaml index e052aeef..fe98d827 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -77,6 +77,7 @@ - OS::Tripleo::Services::ManilaScheduler - OS::Tripleo::Services::ManilaBackendGeneric - OS::Tripleo::Services::ManilaBackendNetapp + - OS::Tripleo::Services::ManilaBackendCephFs - OS::Tripleo::Services::ManilaShare - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator |