diff options
61 files changed, 546 insertions, 53 deletions
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index a5c85aa6..437d7c37 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -19,8 +19,8 @@ resource_registry: OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml - OS::TripleO::Services::FluentdClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/logging/fluentd-client.yaml - OS::TripleO::Services::SensuClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/monitoring/sensu-client.yaml + OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml + OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml parameter_defaults: ControllerServices: diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index f1594d2d..49dd00cd 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -253,7 +253,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume log.debug(cmd_stderr) if subproc.returncode != 0: log.error('Failed running docker-puppet.py for %s' % config_volume) - rm_container('docker-puppet-%s' % config_volume) + else: + # only delete successful runs, for debugging + rm_container('docker-puppet-%s' % config_volume) return subproc.returncode # Holds all the information for each process to consume. diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 9ba0ec03..8a02d8fd 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index b4036c00..9d514d0c 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 61153089..dac61087 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index 11ca12f9..a22ae85e 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml new file mode 100644 index 00000000..94caded8 --- /dev/null +++ b/docker/services/ceilometer-agent-central.yaml @@ -0,0 +1,113 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Central service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerCentralImage: + description: image + default: 'centos-binary-ceilometer-central:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentCentralBase: + type: ../../puppet/services/ceilometer-agent-central.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Central role. + value: + service_name: {get_attr: [CeilometerAgentCentralBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentCentralBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_central_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-central.json: + command: /usr/bin/ceilometer-polling --polling-namespaces central + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: *ceilometer_agent_central_image + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent_central: + image: *ceilometer_agent_central_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + ceilometer_gnocchi_upgrade: + start_order: 1 + image: *ceilometer_agent_central_image + net: host + detach: false + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/log/containers/ceilometer:/var/log/ceilometer + command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + upgrade_tasks: + - name: Stop and disable ceilometer agent central service + tags: step2 + service: name=openstack-ceilometer-agent-central state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml new file mode 100644 index 00000000..9033cf4a --- /dev/null +++ b/docker/services/ceilometer-agent-compute.yaml @@ -0,0 +1,91 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerComputeImage: + description: image + default: 'centos-binary-ceilometer-compute:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentComputeBase: + type: ../../puppet/services/ceilometer-agent-compute.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Compute role. + value: + service_name: {get_attr: [CeilometerAgentComputeBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentComputeBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-compute.json: + command: /usr/bin/ceilometer-polling --polling-namespaces compute + docker_config: + step_4: + ceilometer_agent-compute: + image: *ceilometer_agent_compute_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable ceilometer-agent-compute service + tags: step2 + service: name=openstack-ceilometer-agent-compute state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..79df3306 --- /dev/null +++ b/docker/services/ceilometer-agent-notification.yaml @@ -0,0 +1,113 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Notification service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerNotificationImage: + description: image + default: 'centos-binary-ceilometer-notification:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentNotificationBase: + type: ../../puppet/services/ceilometer-agent-notification.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Notification role. + value: + service_name: {get_attr: [CeilometerAgentNotificationBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentNotificationBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_notification_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-notification.json: + command: /usr/bin/ceilometer-agent-notification + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: *ceilometer_agent_notification_image + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent-notification: + image: *ceilometer_agent_notification_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + ceilometer_gnocchi_upgrade: + start_order: 1 + image: *ceilometer_agent_notification_image + net: host + detach: false + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/log/containers/ceilometer:/var/log/ceilometer + command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + upgrade_tasks: + - name: Stop and disable ceilometer agent notification service + tags: step2 + service: name=openstack-ceilometer-notification state=stopped enabled=no diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 437e6c82..ed4e3177 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index cc9f6eab..3a4de24f 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json MysqlRootPassword: type: string hidden: true diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index fbf53cb9..86c44900 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index c474131d..ef1e00ed 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 4770533b..9b474731 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 9ddc3afb..2724805b 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 99a94960..305971f1 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 6cfc8ecc..2631928f 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -38,6 +38,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 9c0ec23c..b2f4eb64 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -38,6 +38,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 02f7febe..8c554a50 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 8d2f6221..300aa0bd 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 70367615..360eb669 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index baf03c0f..bc828e65 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 86ef094c..ca643749 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json AdminPassword: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index 38a75d2d..d85a0878 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index e5e2ff0b..3b256fdd 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index feef9c81..d60d847b 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 90415874..76ae052b 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 485b02e6..748371d5 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -15,7 +15,7 @@ parameters: # we configure all neutron services in the same neutron DockerNeutronConfigImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' + default: 'centos-binary-neutron-server:latest' type: string EndpointMap: default: {} @@ -38,6 +38,14 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -80,6 +88,8 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + /var/lib/kolla/config_files/neutron_server_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config step_3: @@ -112,20 +122,39 @@ outputs: - /var/log/containers/neutron:/var/log/neutron command: ['neutron-db-manage', 'upgrade', 'heads'] step_4: - neutron_api: - image: *neutron_api_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /var/log/containers/neutron:/var/log/neutron - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - neutron_api: + image: *neutron_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/log/containers/neutron:/var/log/neutron + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - neutron_server_tls_proxy: + image: *neutron_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index 68d9994e..d14f5251 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -15,7 +15,7 @@ parameters: # we configure all neutron services in the same neutron DockerNeutronConfigImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' + default: 'centos-binary-neutron-server:latest' type: string EndpointMap: default: {} @@ -38,6 +38,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 83dae627..97901bc8 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -15,7 +15,7 @@ parameters: # we configure all neutron services in the same neutron DockerNeutronConfigImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' + default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: default: {} @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index ac52b378..89bf8663 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-neutron-openvswitch-agent:latest' type: string + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-server:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,6 +32,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -60,10 +65,10 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 step_config: *step_config - config_image: &neutron_ovs_agent_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron-openvswitch-agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini @@ -74,7 +79,10 @@ outputs: docker_config: step_4: neutronovsagent: - image: *neutron_ovs_agent_image + image: &neutron_ovs_agent_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] net: host pid: host privileged: true diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index 66a1397c..2e5384ea 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -21,7 +21,7 @@ parameters: type: string DockerNeutronConfigImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' + default: 'centos-binary-neutron-server:latest' type: string DefaultPasswords: default: {} @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 627d1b48..d571b21b 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 540e831a..4f10a1a3 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -28,6 +28,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 1a0e8641..131355d7 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 668cbf00..be0dd111 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -32,6 +32,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index cc0640de..ebf0da7d 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -34,6 +34,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index 95d781c7..2aebbb2f 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -25,7 +25,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role - + type: json resources: diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 528a20ea..ae4ccf68 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index bcd9f7b5..6285e98e 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -37,6 +37,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index b2abc068..46cfa5ab 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -35,6 +35,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 92c8d9f6..e2f8228e 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json RabbitCookie: type: string default: '' diff --git a/docker/services/services.yaml b/docker/services/services.yaml index 31def7f3..15f1bf02 100644 --- a/docker/services/services.yaml +++ b/docker/services/services.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 988bb399..60972f91 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EnableInternalTLS: type: boolean default: false diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index f98e23fd..9ced8f27 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -28,6 +28,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index f99eb068..017fb123 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -39,6 +39,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 744a0c1e..594df693 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -33,6 +33,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json resources: diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 33afbc66..e37f2515 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -12,6 +12,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml @@ -20,6 +21,12 @@ resource_registry: OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml + OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 0c6028d0..991e991c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -41,6 +41,9 @@ resource_registry: OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml @@ -58,3 +61,4 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker + - OS::TripleO::Services::CeilometerAgentCompute diff --git a/environments/neutron-ml2-cisco-nexus-ucsm.yaml b/environments/neutron-ml2-cisco-nexus-ucsm.yaml index ad111757..f5a0a399 100644 --- a/environments/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/environments/neutron-ml2-cisco-nexus-ucsm.yaml @@ -2,6 +2,8 @@ # a Cisco Neutron plugin. resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NetworkUCSMIp: '127.0.0.1' diff --git a/environments/services-docker/undercloud-ceilometer.yaml b/environments/services-docker/undercloud-ceilometer.yaml new file mode 100644 index 00000000..07a61c20 --- /dev/null +++ b/environments/services-docker/undercloud-ceilometer.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::Services::UndercloudCeilometerAgentCentral: ../../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::UndercloudCeilometerAgentNotification: ../../docker/services/ceilometer-agent-notification.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 74776e7a..450e6116 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -195,6 +195,10 @@ resource_registry: OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentIpmi: puppet/services/ceilometer-agent-ipmi.yaml OS::TripleO::Services::Horizon: puppet/services/horizon.yaml + # Undercloud Telemetry services + OS::TripleO::Services::UndercloudCeilometerAgentCentral: OS::Heat::None + OS::TripleO::Services::UndercloudCeilometerAgentNotification: OS::Heat::None + #Gnocchi services OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 84b646a2..fb60d2be 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -127,7 +127,7 @@ parameters: resources: SwiftStorage: - type: OS::Nova::ObjectStorageServer + type: OS::TripleO::ObjectStorageServer metadata: os-collect-config: command: {get_param: ConfigCommand} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 0fb1da65..7a18ef0c 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,21 +19,35 @@ environment to set per service parameters. Apart from sevice specific inputs, there are few default parameters for all the services. Following are the list of default parameters: - * ServiceNetMap: Mapping of service_name -> network name. Typically set via - parameter_defaults in the resource registry. This mapping overrides those - in ServiceNetMapDefaults. + * ServiceNetMap: Mapping of service_name -> network name. Default mappings + for service to network names are defined in + ../network/service_net_map.j2.yaml, which may be overridden via + ServiceNetMap values added to a user environment file via + parameter_defaults. - * EndpointMap: Mapping of service endpoint -> protocol. Typically set via - parameter_defaults in the resource registry. + * EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of + endpoint data generated for all services, based on the data included in + ../network/endpoints/endpoint_data.yaml. - * DefaultPasswords: Mapping of service -> default password. Used to help pass - top level passwords managed by Heat into services. + * DefaultPasswords: Mapping of service -> default password. Used to pass some + passwords from the parent templates, this is a legacy interface and should + not be used by new services. * RoleName: Name of the role on which this service is deployed. A service can - be deployed in multiple roles. + be deployed in multiple roles. This is an internal parameter (should not be + set via environment file), which is fetched from the name attribute of the + roles_data.yaml template. * RoleParameters: Parameter specific to a role on which the service is - applied. + applied. Using the format "<RoleName>Parameters" in the parameter_defaults + of user environment file, parameters can be provided for a specific role. + For example, in order to provide a parameter specific to "Compute" role, + below is the format:: + + parameter_defaults: + ComputeParameters: + Param1: value + Config Settings --------------- diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac371927..f3021060 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -84,21 +84,24 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index d2f08bec..e60eb425 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -38,9 +38,27 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number + ManageEventPipeline: + default: false + description: Whether to manage event_pipeline.yaml. + type: boolean EventPipelinePublishers: - default: ['notifier://?topic=alarm.all'] - description: A list of publishers to put in event_pipeline.yaml. + default: ['gnocchi://'] + description: > + A list of publishers to put in event_pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManageEventPipeline to true for override to take effect. + type: comma_delimited_list + ManagePipeline: + default: false + description: Whether to manage pipeline.yaml. + type: boolean + PipelinePublishers: + default: ['gnocchi://'] + description: > + A list of publishers to put in pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManagePipeline to true for override to take effect. type: comma_delimited_list Debug: default: '' @@ -97,7 +115,10 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} + ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline} + ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_user_domain_name: 'Default' diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer.yaml index 560cc582..182193ec 100644 --- a/puppet/services/disabled/ceilometer-expirer.yaml +++ b/puppet/services/disabled/ceilometer-expirer.yaml @@ -20,6 +20,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 697ec228..8121454b 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -34,6 +34,28 @@ parameters: default: 0 description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys type: number + NeighbourGcThreshold1: + default: 1024 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. + This is the minimum number of entries to keep in the ARP + cache. The garbage collector will not run if there are + fewer than this number of entries in the cache. + type: number + NeighbourGcThreshold2: + default: 2048 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value. + This is the soft maximum number of entries to keep in the + ARP cache. The garbage collector will allow the number of + entries to exceed this for 5 seconds before collection will + be performed. + type: number + NeighbourGcThreshold3: + default: 4096 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value. + This is the hard maximum number of entries to keep in the + ARP cache. The garbage collector will always run if there + are more than this number of entries in the cache. + type: number outputs: role_data: @@ -94,5 +116,12 @@ outputs: value: 1 fs.suid_dumpable: value: 0 + #avoid neighbour table overflow on large deployments + net.ipv4.neigh.default.gc_thresh1: + value: {get_param: NeighbourGcThreshold1} + net.ipv4.neigh.default.gc_thresh2: + value: {get_param: NeighbourGcThreshold2} + net.ipv4.neigh.default.gc_thresh3: + value: {get_param: NeighbourGcThreshold3} step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 7d9c73eb..ec4a3df6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -54,6 +54,9 @@ parameters: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log +conditions: + neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + resources: NeutronBase: @@ -78,11 +81,15 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + - + if: + - neutron_workers_unset + - {} + - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} step_config: | include tripleo::profile::base::neutron::metadata upgrade_tasks: diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 9894f00e..d57c8fc6 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -45,3 +45,5 @@ - OS::TripleO::Services::UndercloudGnocchiMetricd - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification @@ -4,6 +4,7 @@ skipsdist = True [testenv] usedevelop = True +install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt |