diff options
122 files changed, 1711 insertions, 500 deletions
@@ -64,80 +64,82 @@ Service testing matrix The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` and should be executed according to the following table: -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | -+================+=============+=============+=============+=============+=================+ -| keystone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| glance | rbd | swift | file | swift + rbd | swift | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cinder | rbd | iscsi | | | iscsi | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| heat | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mysql | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron | ovs | ovs | ovs | ovs | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-bgpvpn | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-l2gw | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| rabbitmq | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mongodb | X | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| redis | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| haproxy | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| keepalived | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| memcached | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| pacemaker | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| nova | qemu | qemu | qemu | qemu | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ntp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| snmp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| timezone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sahara | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mistral | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| swift | | X | | | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| aodh | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ceilometer | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| gnocchi | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| panko | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| barbican | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| zaqar | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ec2api | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephrgw | | X | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| tacker | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| congress | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephmds | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| manila | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| collectd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| fluentd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sensu-client | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ ++----------------+-------------+-------------+-------------+-------------+-----------------++-------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | scenario007 | ++================+=============+=============+=============+=============+=================+==============+ +| keystone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| glance | rbd | swift | file | swift + rbd | swift | file | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cinder | rbd | iscsi | | | iscsi | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| heat | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mysql | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron | ovs | ovs | ovs | ovs | X | ovn | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron-bgpvpn | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ovn | | | | | | X | ++---------------------------------------------------------------------------------------------------------+ +| neutron-l2gw | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| rabbitmq | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mongodb | X | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| redis | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| haproxy | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| keepalived | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| memcached | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| pacemaker | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| nova | qemu | qemu | qemu | qemu | X | qemu | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ntp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| snmp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| timezone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sahara | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mistral | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| swift | | X | | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| aodh | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ceilometer | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| gnocchi | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| panko | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| barbican | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| zaqar | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ec2api | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephrgw | | X | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| tacker | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| congress | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephmds | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| manila | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| collectd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| fluentd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sensu-client | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index d0ec0152..decac6bb 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -451,6 +451,13 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-veritas-hyperscale-config.yaml + title: Cinder Veritas HyperScale backend + description: > + Enables a Cinder Veritas HyperScale backend, + configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Ceph description: > Enable the use of Ceph in the overcloud diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index ef51a779..e040b015 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -55,8 +55,10 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid - name: Controller CountDefault: 1 @@ -79,3 +81,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index d2550365..7768c4f0 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -16,6 +16,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -59,7 +60,9 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml index b5316f1b..0dd59e96 100644 --- a/ci/environments/multinode-core.yaml +++ b/ci/environments/multinode-core.yaml @@ -21,6 +21,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. resources: diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 72b1bc41..2b25e58e 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -57,7 +57,9 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Horizon - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index ba5e3335..d8f71414 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -54,9 +54,11 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::Horizon - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 89339d10..73dc5b14 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -26,6 +26,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -62,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -89,6 +91,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 8abd079f..54eef744 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -60,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -87,6 +88,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index b795535a..d300f773 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -19,6 +19,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -53,6 +54,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -67,6 +69,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 220979b9..cdbcbfd6 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -52,6 +52,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -66,6 +67,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index 71daf8ec..e3789ea8 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -20,6 +20,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -62,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 7a72562c..5e797b40 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -50,6 +50,7 @@ parameter_defaults: - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine @@ -59,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 14d68a2d..6d795f97 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -29,6 +29,7 @@ resource_registry: # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: @@ -73,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index a15db896..bd30347a 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -74,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml new file mode 100644 index 00000000..6db00ef1 --- /dev/null +++ b/ci/environments/scenario007-multinode.yaml @@ -0,0 +1,75 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml + OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Disable neutron services not required for OVN and enable services required for OVN. + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN + OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + # For OVN. + NeutronMechanismDrivers: ovn + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false + NeutronTypeDrivers: 'geneve,vlan,flat,vxlan' + NeutronNetworkType: 'geneve' + NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' + NeutronVniRanges: ['1:65536', ] + OVNBridgeMappings: 'datacentre:br-ex' + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/pingtests/scenario007-multinode.yaml b/ci/pingtests/scenario007-multinode.yaml new file mode 100644 index 00000000..b7d6213b --- /dev/null +++ b/ci/pingtests/scenario007-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: pike + +description: > + HOT template to created resources deployed by scenario007. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/common/services.yaml b/common/services.yaml index 8581656e..350026cc 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -1,4 +1,3 @@ -#FIXME move into common when specfile adds it heat_template_version: pike description: > @@ -63,26 +62,47 @@ resources: properties: RoleData: {get_attr: [ServiceChain, role_data]} -outputs: - role_data: - description: Combined Role data for this set of services. - value: - service_names: - {get_attr: [ServiceChain, role_data, service_name]} - monitoring_subscriptions: + PuppetStepConfig: + type: OS::Heat::Value + properties: + type: string + value: yaql: - expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - logging_sources: + expression: + # select 'step_config' only from services that do not have a docker_config + coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n") + data: + service_names: {get_attr: [ServiceChain, role_data, service_name]} + step_config: {get_attr: [ServiceChain, role_data, step_config]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + DockerConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: + # select 'docker_config' only from services that have it + coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) + data: + service_names: {get_attr: [ServiceChain, role_data, service_names]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + LoggingSourcesConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some # default configuration at the same time. yaql: expression: > let( - default_format => $.data.default_format, - pos_file_path => $.data.pos_file_path, - sources => $.data.sources.flatten() + default_format => coalesce($.data.default_format, ''), + pos_file_path => coalesce($.data.pos_file_path, ''), + sources => coalesce($.data.sources, {}).flatten() ) -> $sources.where($ != null).select({ 'type' => 'tail', @@ -95,59 +115,150 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null)) + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('logging_source')).where($ != null)) data: {role_data: {get_attr: [ServiceChain, role_data]}} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} - logging_groups: + + LoggingGroupsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: # Build a list of unique groups to which we should add the # fluentd user. yaql: expression: > - set(($.data.default + $.data.extra + $.data.role_data.where($ != null).select($.get('logging_groups'))).flatten()).where($) + set((coalesce($.data.default, []) + coalesce($.data.extra, []) + coalesce($.data.role_data, []).where($ != null).select($.get('logging_groups'))).flatten()).where($) data: default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]} extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]} role_data: {get_attr: [ServiceChain, role_data]} - config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - global_config_settings: + + MonitoringSubscriptionsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + ServiceNames: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + filter: + - [null] + - {get_attr: [ServiceChain, role_data, service_name]} + + GlobalConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: map_merge: yaql: - expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null)) + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null)) data: {role_data: {get_attr: [ServiceChain, role_data]}} - service_config_settings: + + ServiceConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: yaql: - expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - service_workflow_tasks: + + ServiceWorkflowTasks: + type: OS::Heat::Value + properties: + type: json + value: yaql: - expression: $.data.role_data.where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - step_config: {get_attr: [ServiceChain, role_data, step_config]} - upgrade_tasks: + + UpgradeTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} - upgrade_batch_tasks: + + UpgradeBatchTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} - service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} - # Keys to support docker/services - puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]} - kolla_config: - map_merge: {get_attr: [ServiceChain, role_data, kolla_config]} - docker_config: - {get_attr: [ServiceChain, role_data, docker_config]} - docker_puppet_tasks: - {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} - host_prep_tasks: + PuppetConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct() + data: {get_attr: [ServiceChain, role_data]} + + KollaConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + DockerPuppetTasks: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: dict(coalesce($.data, []).where($ != null).select($.get('docker_puppet_tasks')).where($ != null).selectMany($.items()).groupBy($[0], $[1])) + data: {get_attr: [ServiceChain, role_data]} + + HostPrepTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: yaql: # Note we use distinct() here to filter any identical tasks - expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() + expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: {get_attr: [ServiceNames, value]} + monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]} + logging_sources: {get_attr: [LoggingSourcesConfig, value]} + logging_groups: {get_attr: [LoggingGroupsConfig, value]} + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + global_config_settings: {get_attr: [GlobalConfigSettings, value]} + service_config_settings: {get_attr: [ServiceConfigSettings, value]} + service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} + step_config: {get_attr: [PuppetStepConfig, value]} + upgrade_tasks: {get_attr: [UpgradeTasks, value]} + upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} + + # Keys to support docker/services + puppet_config: {get_attr: [PuppetConfig, value]} + kolla_config: {get_attr: [KollaConfig, value]} + docker_config: {get_attr: [DockerConfig, value]} + docker_puppet_tasks: {get_attr: [DockerPuppetTasks, value]} + host_prep_tasks: {get_attr: [HostPrepTasks, value]} diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml index 5b268234..d57ea9fc 100644 --- a/deployed-server/deployed-server-bootstrap-centos.yaml +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-bootstrap-rhel.yaml b/deployed-server/deployed-server-bootstrap-rhel.yaml index a9018515..554bff3e 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.yaml +++ b/deployed-server/deployed-server-bootstrap-rhel.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-environment-output.yaml b/deployed-server/deployed-server-environment-output.yaml index eaf77459..89c3886d 100644 --- a/deployed-server/deployed-server-environment-output.yaml +++ b/deployed-server/deployed-server-environment-output.yaml @@ -34,21 +34,11 @@ resources: fixed_ips: - ip_address: {get_param: [VipMap, redis]} - ResourceRegistry: - type: OS::Heat::Value - properties: - type: json - value: - OS::TripleO::DeployedServer::ControlPlanePort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml - OS::TripleO::Network::Ports::ControlPlaneVipPort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml - DeployedServerEnvironment: type: OS::Heat::Value properties: type: json value: - resource_registry: - {get_attr: [ResourceRegistry, value]} parameter_defaults: map_merge: - {get_attr: [DeployedServerPortMapParameter, value]} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 084c2f8f..4a305c68 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -41,6 +41,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent @@ -118,6 +119,7 @@ - OS::TripleO::Services::Snmp - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -130,6 +132,7 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: BlockStorageDeployedServer disable_constraints: True diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index 446c73a6..cd7d5b55 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -64,6 +64,10 @@ ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists + stat: + path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + register: docker_puppet_tasks_json - name: Run docker-puppet tasks (bootstrap tasks) shell: python /var/lib/docker-puppet/docker-puppet.py environment: @@ -71,7 +75,7 @@ NET_HOST: "true" NO_ARCHIVE: "true" STEP: "{{step}}" - when: deploy_server_id == bootstrap_server_id + when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists changed_when: false check_mode: no register: outputs diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 9780054b..36c63887 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -215,7 +215,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 4b0c8789..05ff7945 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -60,23 +60,6 @@ conditions: resources: - # These utility tasks use docker-puppet.py to execute tasks via puppet - # We only execute these on the first node in the primary role - {{primary_role_name}}DockerPuppetTasks: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) - data: - docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} - default_tasks: -{%- for step in range(1, deploy_steps_max) %} - step_{{step}}: {} -{%- endfor %} - RoleConfig: type: OS::Heat::SoftwareConfig properties: @@ -133,6 +116,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -142,6 +126,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true # END service_workflow_tasks handling {% endfor %} @@ -175,11 +160,11 @@ resources: vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} docker_puppet_script: {get_file: docker-puppet.py} - docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]} - docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} + docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} + docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} + puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -193,10 +178,9 @@ resources: file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes - # This is the docker-puppet configs end in + # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - # this creates a JSON config file for our docker-puppet.py script - name: Write docker-puppet-tasks json files copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes # FIXME: can we move docker-puppet somewhere so it's installed via a package? @@ -220,6 +204,13 @@ resources: ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files + file: + path: "{{item}}" + state: absent + with_fileglob: + - /var/lib/docker-puppet/docker-puppet-tasks*.json + when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes with_dict: "{{docker_puppet_tasks}}" @@ -232,33 +223,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}PuppetStepConfig: - type: OS::Heat::Value - properties: - type: string - value: - yaql: - expression: - # select 'step_config' only from services that do not have a docker_config - $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n") - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - step_config: {get_param: [role_data, {{role.name}}, step_config]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - - {{role.name}}DockerConfig: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - # select 'docker_config' only from services that have it - $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN CONFIG STEPS {{role.name}}PreConfig: diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 41b036da..ddfa8802 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,14 +1,5 @@ heat_template_version: pike -parameters: - DockerNamespace: - type: string - default: tripleoupstream - description: namespace - DockerNamespaceIsRegistry: - type: boolean - default: false - resources: userdata: @@ -21,12 +12,7 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: - str_replace: - params: - $docker_registry: {get_param: DockerNamespace} - $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./setup_docker_host.sh} + config: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index f8ba4eea..6caffd15 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -105,13 +105,17 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + command: + - '/usr/bin/bootstrap_host_exec' + - 'ceilometer_agent_central' + - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 0cd1dd7b..7804fdb2 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -86,6 +86,17 @@ outputs: - path: /var/log/cinder owner: cinder:cinder recurse: true + /var/lib/kolla/config_files/cinder_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true docker_config: step_2: cinder_api_init_logs: @@ -140,6 +151,21 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + cinder_api_cron: + image: *cinder_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 46dbea1d..dc7580a3 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -84,6 +84,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/cinder owner: cinder:cinder @@ -113,13 +117,13 @@ outputs: - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro # FIXME: we need to generate a ceph.conf with puppet for this - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 2ecc7adc..3030019c 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -98,6 +98,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -124,13 +128,13 @@ outputs: - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro # FIXME: we need to generate a ceph.conf with puppet for this - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index d09230fe..ba8fc75f 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -90,6 +90,17 @@ outputs: - path: /var/log/heat owner: heat:heat recurse: true + /var/lib/kolla/config_files/heat_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/heat + owner: heat:heat + recurse: true docker_config: step_4: heat_api: @@ -119,6 +130,20 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + heat_api_cron: + image: {get_param: DockerHeatApiImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/heat:/var/log/heat + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index b39b72e2..f6b348c7 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -42,23 +42,38 @@ resources: ContainersCommon: type: ./containers-common.yaml + IscsidBase: + type: ../../puppet/services/iscsid.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the Iscsid API role. + description: Role data for the Iscsid role. value: - service_name: iscsid - config_settings: {} - step_config: '' - service_config_settings: {} + service_name: {get_attr: [IscsidBase, role_data, service_name]} + config_settings: {get_attr: [IscsidBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [IscsidBase, role_data, step_config]} + service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid - #puppet_tags: file - step_config: '' + puppet_tags: iscsid_config + step_config: *step_config config_image: {get_param: DockerIscsidConfigImage} kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: iscsid: @@ -76,14 +91,10 @@ outputs: - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /etc/iscsi - file: - path: /etc/iscsi - state: directory - name: stat /lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index 9733b6f9..09d1a574 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized Manila Share service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaShareImage: description: image - default: 'centos-binary-manila-share:latest' type: string DockerManilaConfigImage: description: image - default: 'centos-binary-manila-base:latest' type: string EndpointMap: default: {} @@ -72,10 +66,7 @@ outputs: config_volume: manila puppet_tags: manila_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_share.json: command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf @@ -96,10 +87,7 @@ outputs: docker_config: step_4: manila_share: - image: &manila_share_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ] + image: &manila_share_image {get_param: DockerManilaShareImage} net: host restart: always volumes: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 3346a049..ea54c574 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -109,6 +109,18 @@ outputs: path: /var/log/containers/mistral state: directory upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation - name: Stop and disable mistral_executor service tags: step2 + when: mistral_executor_enabled.rc == 0 service: name=openstack-mistral-executor state=stopped enabled=no diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index 51b93029..a0c02f30 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,6 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: @@ -72,11 +77,11 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 547deaf0..a9125c8c 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -163,8 +163,18 @@ outputs: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_api service tags: step2 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index c7444070..4b75d542 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -81,6 +81,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_dhcp: @@ -97,15 +100,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_dhcp service tags: step2 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped enabled=no diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index c3a4d27f..06470c05 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_l3_agent: @@ -93,10 +96,15 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index f030faef..a5a7c34b 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_metadata_agent: @@ -93,15 +96,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_metadata service tags: step2 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped enabled=no diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index d8e76925..0426eaec 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -36,6 +36,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number resources: @@ -51,6 +56,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -58,14 +64,7 @@ outputs: value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: @@ -81,6 +80,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -103,8 +106,8 @@ outputs: - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev:/dev - - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 89ef95ea..17068b41 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -73,6 +73,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -94,9 +98,9 @@ outputs: - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /run:/run - /dev:/dev - - /etc/iscsi:/etc/iscsi - /var/lib/nova/:/var/lib/nova - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index a5527747..5fc7939a 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -14,7 +14,7 @@ parameters: type: string EnablePackageInstall: default: 'false' - description: Set to true to enable package installation + description: Set to true to enable package installation at deploy time type: boolean ServiceData: default: {} @@ -51,6 +51,12 @@ parameters: description: If set to true and if EnableInternalTLS is enabled, it will set the libvirt URI's transport to tls and configure the relevant keys for libvirt. + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + conditions: @@ -77,6 +83,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -84,19 +91,12 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config + puppet_tags: nova_config,file,exec step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -134,6 +134,7 @@ outputs: - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova + - /etc/libvirt/secrets:/etc/libvirt/secrets # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt @@ -148,6 +149,7 @@ outputs: path: "{{ item }}" state: directory with_items: + - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml new file mode 100644 index 00000000..385343a0 --- /dev/null +++ b/docker/services/nova-migration-target.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Migration Target service + +parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SshdBase: + type: ../../puppet/services/sshd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaMigrationTargetBase: + type: ../../puppet/services/nova-migration-target.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Migration Target service. + value: + service_name: nova_migration_target + config_settings: + map_merge: + - get_attr: [SshdBase, role_data, config_settings] + - get_attr: [NovaMigrationTargetBase, role_data, config_settings] + - tripleo.nova_migration_target.firewall_rules: + '113 nova_migration_target': + dport: + - {get_param: DockerNovaMigrationSshdPort} + step_config: &step_config + list_join: + - "\n" + - - get_attr: [SshdBase, role_data, step_config] + - get_attr: [NovaMigrationTargetBase, role_data, step_config] + puppet_config: + config_volume: nova_libvirt + step_config: *step_config + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova-migration-target.json: + command: + str_replace: + template: "/usr/sbin/sshd -D -p SSHDPORT" + params: + SSHDPORT: {get_param: DockerNovaMigrationSshdPort} + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: /host-ssh/ssh_host_*_key + dest: /etc/ssh/ + owner: "root" + perm: "0600" + docker_config: + step_4: + nova_migration_target: + image: {get_param: DockerNovaComputeImage} + net: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ssh/:/host-ssh/:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml index 7d7892dd..6a62f65e 100644 --- a/docker/services/opendaylight-api.yaml +++ b/docker/services/opendaylight-api.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized OpenDaylight API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpendaylightApiImage: description: image - default: 'centos-binary-opendaylight:latest' type: string DockerOpendaylightConfigImage: description: image - default: 'centos-binary-opendaylight:latest' type: string EndpointMap: default: {} @@ -67,20 +61,14 @@ outputs: map_merge: - get_attr: [OpenDaylightBase, role_data, config_settings] step_config: &step_config - list_join: - - "\n" - - - get_attr: [OpenDaylightBase, role_data, step_config] - - "include tripleo::profile::base::neutron::opendaylight::create_cluster" + get_attr: [OpenDaylightBase, role_data, step_config] # BEGIN DOCKER SETTINGS puppet_config: config_volume: opendaylight # 'file,concat,file_line,augeas' are included by default - puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster + puppet_tags: odl_user step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ] + config_image: {get_param: DockerOpendaylightConfigImage} kolla_config: /var/lib/kolla/config_files/opendaylight_api.json: command: /opt/opendaylight/bin/karaf @@ -97,10 +85,7 @@ outputs: step_1: opendaylight_api: start_order: 0 - image: &odl_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ] + image: &odl_api_image {get_param: DockerOpendaylightApiImage} privileged: false net: host detach: true diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index ee8ee124..26ae9bca 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -139,6 +139,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index d016cf83..262e999d 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -157,6 +157,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot + tags: step2 + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index f38cccfc..22c29b29 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -164,6 +164,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource tags: step2 - service: name=mariadb state=stopped enabled=no + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service + tags: step2 + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index e124b045..df7ae7f4 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -139,6 +139,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource tags: step2 - service: name=redis state=stopped enabled=no + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service + tags: step2 + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 86c460fa..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -137,3 +137,25 @@ outputs: - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 19af94b2..dc56bcce 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -157,6 +157,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service + tags: step2 + service: name=rabbitmq-server enabled=no diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 85a84550..061a4a70 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -10,6 +10,10 @@ parameters: DockerZaqarConfigImage: description: The container image to use for the zaqar config_volume type: string + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,6 +41,9 @@ parameters: description: Parameters specific to the role type: json +conditions: + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + resources: ContainersCommon: @@ -87,38 +94,65 @@ outputs: owner: zaqar:zaqar recurse: true docker_config: - step_4: - zaqar: - image: &zaqar_image {get_param: DockerZaqarImage} - net: host - privileged: false - restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - zaqar_websocket: - image: *zaqar_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - + if: + - zaqar_management_store_sqlalchemy + - + step_2: + zaqar_init_log: + image: &zaqar_image {get_param: DockerZaqarImage} + user: root + volumes: + - /var/log/containers/zaqar:/var/log/zaqar + command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] + step_3: + zaqar_db_sync: + image: *zaqar_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/log/containers/zaqar:/var/log/zaqar + command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" + - {} + - step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index d6d6f291..e6487685 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -109,6 +109,7 @@ - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::Etcd - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: Compute CountDefault: 1 @@ -125,6 +126,7 @@ - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -138,6 +140,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: BlockStorage ServicesDefault: @@ -205,6 +208,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: ContrailAnalytics ServicesDefault: diff --git a/environments/deployed-server-deployed-neutron-ports.yaml b/environments/deployed-server-deployed-neutron-ports.yaml new file mode 100644 index 00000000..1464f4be --- /dev/null +++ b/environments/deployed-server-deployed-neutron-ports.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml + diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml index d94ac6d7..47f8e528 100644 --- a/environments/docker-centos-tripleoupstream.yaml +++ b/environments/docker-centos-tripleoupstream.yaml @@ -59,6 +59,7 @@ parameter_defaults: DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest + DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest @@ -99,6 +100,8 @@ parameter_defaults: DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest + DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest + DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 442262b3..474e9966 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -3,9 +3,6 @@ # ...deploy..-e docker.yaml -e docker-ha.yaml resource_registry: # Pacemaker runs on the host - OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml - OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml @@ -13,8 +10,9 @@ resource_registry: OS::TripleO::Services::Keepalived: OS::Heat::None # HA Containers managed by pacemaker - OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml - OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml + # FIXME: enable those Cinder services once their non-HA counterpart are enabled + # OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml + # OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 8d304494..255726a1 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -20,7 +20,9 @@ resource_registry: OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 52b2dc05..a7504611 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -22,6 +22,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml index d5f69ec5..c16627db 100644 --- a/environments/host-config-and-reboot.j2.yaml +++ b/environments/host-config-and-reboot.j2.yaml @@ -11,8 +11,8 @@ resource_registry: #ComputeParameters: #KernelArgs: "" #TunedProfileName: "" - #HostIsolatedCoreList: "" + #IsolCpusList: "" #ComputeOvsDpdkParameters: - #KernelArgs: "" - #TunedProfileName: "" - #HostIsolatedCoreList: "" + #KernelArgs: "intel_iommu=on iommu=pt default_hugepagesz=1GB hugepagesz=1G hugepages=60" + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 05a3a391..872a1d99 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -16,6 +16,7 @@ parameter_defaults: - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml index 9ee4eb7e..d675252d 100644 --- a/environments/neutron-opendaylight-dpdk.yaml +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -12,15 +12,23 @@ parameter_defaults: NeutronMechanismDrivers: 'opendaylight_v2' NeutronServicePlugins: 'odl-router_v2' NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" - ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. - ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. - ## This can be done using ComputeKernelArgs as shown below. - ComputeParameters: - #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + + ComputeOvsDpdkParameters: + OvsEnableDpdk: True + + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments ## due to CPU contention of DPDK PMD threads. - OvsEnableDpdk: True - ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. # It is recommended to use the socket closest to the PCIe slot used for the # desired DPDK NIC. Format should be comma separated per socket string such as: diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index ecfd0fea..029a198e 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -1,25 +1,32 @@ # A Heat environment that can be used to deploy DPDK with OVS # Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../puppet/services/neutron-ovs-dpdk-agent.yaml parameter_defaults: NeutronDatapathType: "netdev" NeutronVhostuserSocketDir: "/var/lib/vhost_sockets" NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" - ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes. - ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. - ## This can be done using ComputeKernelArgs as shown below. - #ComputeParameters: - #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048" + OvsDpdkDriverType: "vfio-pci" + + #ComputeOvsDpdkParameters: + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments ## due to CPU contention of DPDK PMD threads. - ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters: + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. # It is recommended to use the socket closest to the PCIe slot used for the # desired DPDK NIC. Format should be comma separated per socket string such as: # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". - #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver. #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC # location to cores on socket, number of hyper-threaded logical cores, and # desired number of PMD threads can all play a role in configuring this setting. diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 559d81df..4bc16f8c 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -20,3 +20,5 @@ parameter_defaults: HeatMaxJsonBodySize: 2097152 IronicInspectorInterface: br-ctlplane IronicInspectorIpRange: '192.168.24.100,192.168.24.200' + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy' diff --git a/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml new file mode 100644 index 00000000..eaa6cf7f --- /dev/null +++ b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Veritas HyperScale backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendVRTSHyperScale: ../../puppet/services/cinder-backend-veritas-hyperscale.yaml diff --git a/environments/veritas-hyperscale/veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml new file mode 100644 index 00000000..30fe399d --- /dev/null +++ b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml @@ -0,0 +1,24 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to install +# Veritas HyperScale packages for controller. +resource_registry: + OS::TripleO::Services::VRTSHyperScale: ../../puppet/services/veritas-hyperscale-controller.yaml + +parameter_defaults: + EnablePackageInstall: true + VrtsRabbitPassword: '' + VrtsKeystonePassword: '' + VrtsMysqlPassword: '' diff --git a/extraconfig/post_deploy/example_run_on_update.yaml b/extraconfig/post_deploy/example_run_on_update.yaml index 346a1d77..4e378b14 100644 --- a/extraconfig/post_deploy/example_run_on_update.yaml +++ b/extraconfig/post_deploy/example_run_on_update.yaml @@ -14,6 +14,9 @@ parameters: # otherwise unchanged DeployIdentifier: type: string + default: '' + description: > + Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. resources: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 31d0c1e0..2f5fcdf7 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -14,12 +14,6 @@ parameters: ServiceNames: type: comma_delimited_list default: [] - IsolCpusList: - default: "0" - description: List of cores to be isolated by tuned - type: string - constraints: - - allowed_pattern: "[0-9,-]+" OvsEnableDpdk: default: false description: Whether or not to configure enable DPDK in OVS @@ -47,12 +41,6 @@ parameters: mem>, <socket n mem>", where the value is specified in MB. For example: "1024,0". type: string - OvsDpdkDriverType: - default: "vfio-pci" - description: > - DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports - this UIO/PMD driver. - type: string OvsPmdCoreList: description: > A list or range of CPU cores for PMD threads to be pinned to. Note, NIC @@ -91,10 +79,6 @@ parameters: default: '' description: Memory allocated for each socket type: string - NeutronDpdkDriverType: - default: "vfio-pci" - description: DPDK Driver type - type: string deployment_actions: default: ['CREATE', 'UPDATE'] type: comma_delimited_list @@ -105,15 +89,13 @@ parameters: conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} - # YAQL is enabled in conditions with https://review.openstack.org/#/c/467506/ is_dpdk_config_required: or: - yaql: - expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') - data: - service_names: {get_param: ServiceNames} - - {get_param: OvsEnableDpdk} - - {get_param: [RoleParameters, OvsEnableDpdk]} + expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') + data: + service_names: {get_param: ServiceNames} + - {equals: [{get_param: [RoleParameters, OvsEnableDpdk]}, true]} is_reboot_config_required: or: - is_host_config_required @@ -122,8 +104,6 @@ conditions: pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} - driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} - isol_cpus_empty: {equals: [{get_param: IsolCpusList}, '0']} deployment_actions_empty: equals: - {get_param: deployment_actions} @@ -137,19 +117,15 @@ resources: value: map_replace: - map_replace: - - IsolCpusList: IsolCpusList - OvsDpdkCoreList: OvsDpdkCoreList + - OvsDpdkCoreList: OvsDpdkCoreList OvsDpdkMemoryChannels: OvsDpdkMemoryChannels OvsDpdkSocketMemory: OvsDpdkSocketMemory - OvsDpdkDriverType: OvsDpdkDriverType - OvsPmdCoreList: OvsDpdkCoreList + OvsPmdCoreList: OvsPmdCoreList - values: {get_param: [RoleParameters]} - values: - IsolCpusList: {if: [isol_cpus_empty, {get_param: HostCpusList}, {get_param: IsolCpusList}]} OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} - OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} HostParametersConfig: @@ -243,7 +219,11 @@ resources: name: EnableDpdkDeployment server: {get_param: server} config: {get_resource: EnableDpdkConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE RebootConfig: type: OS::Heat::SoftwareConfig diff --git a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml index 6bf5afb0..4d34aedf 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml @@ -27,6 +27,7 @@ resources: {{role.name}}PostPuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: + name: {{role.name}}PostPuppetMaintenanceModeDeployment servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml index 203ca1f8..102be8a8 100644 --- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -23,6 +23,7 @@ resources: ControllerPostPuppetRestartDeployment: type: OS::Heat::SoftwareDeployments properties: + name: ControllerPostPuppetRestartDeployment servers: {get_param: servers} config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index 02fdbf1c..ee06f0a9 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -36,6 +36,7 @@ resources: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} actions: {get_param: deployment_actions} + name: SshHostPubKeyDeployment outputs: diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a1220d30..bb458961 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -161,6 +161,7 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None @@ -169,6 +170,7 @@ resource_registry: OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None + OS::TripleO::Services::Iscsid: puppet/services/iscsid.yaml OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None @@ -186,6 +188,7 @@ resource_registry: OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml + OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None @@ -257,6 +260,7 @@ resource_registry: OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None + OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::Ec2Api: OS::Heat::None @@ -272,6 +276,7 @@ resource_registry: OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Iscsid: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None + OS::TripleO::Services::VRTSHyperScale: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b29a8a98..24aa1525 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -45,6 +45,7 @@ parameters: perform configuration on a Heat stack-update. UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger package update on all nodes diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml index 313c1261..3b7bf40c 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml @@ -174,45 +174,15 @@ resources: echo "$HOST_FQDN $MACS" fi - CollectMacDeploymentsController: +{% for role in roles %} + CollectMacDeployments{{role.name}}: type: OS::Heat::SoftwareDeployments properties: - name: CollectMacDeploymentsController - servers: {get_param: [servers, Controller]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCompute: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCompute - servers: {get_param: [servers, Compute]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsBlockStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsBlockStorage - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsObjectStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsObjectStorage - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCephStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCephStorage - servers: {get_param: [servers, CephStorage]} + name: CollectMacDeployments{{role.name}} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE +{% endfor %} # Now we calculate the additional nexus config based on the mappings MappingToNexusConfig: @@ -220,11 +190,9 @@ resources: properties: group: script inputs: - - name: controller_mappings - - name: compute_mappings - - name: blockstorage_mappings - - name: objectstorage_mappings - - name: cephstorage_mappings + {%- for role in roles %} + - name: {{role.name}}_mappings + {%- endfor %} - name: nexus_config config: | #!/bin/python @@ -233,11 +201,9 @@ resources: import os from copy import deepcopy - mappings = ['controller_mappings', - 'compute_mappings', - 'blockstorage_mappings', - 'objectstorage_mappings', - 'cephstorage_mappings', + mappings = [{%- for role in roles %} + '{{role.name}}_mappings', + {%- endfor %} 'nexus_config'] mapdict_list = [] nexus = {} @@ -295,11 +261,9 @@ resources: # FIXME(shardy): It'd be more convenient if we could join these # items together but because the returned format is a map (not a list) # we can't use list_join or str_replace. Possible Heat TODO. - controller_mappings: {get_attr: [CollectMacDeploymentsController, deploy_stdouts]} - compute_mappings: {get_attr: [CollectMacDeploymentsCompute, deploy_stdouts]} - blockstorage_mappings: {get_attr: [CollectMacDeploymentsBlockStorage, deploy_stdouts]} - objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]} - cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]} + {%- for role in roles %} + {{role.name}}_mappings: {get_attr: [CollectMacDeployments{{role.name}}, deploy_stdouts]} + {%- endfor %} nexus_config: {get_param: NetworkNexusConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 574c41b0..625ff4d9 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -18,6 +18,7 @@ parameters: type: json UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 3d071018..f7651a57 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -23,6 +23,7 @@ resources: {{role.name}}ArtifactsDeploy: type: OS::Heat::StructuredDeployments properties: + name: {{role.name}}ArtifactsDeploy servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}ArtifactsConfig} @@ -36,7 +37,7 @@ resources: {{role.name}}Config: type: OS::TripleO::{{role.name}}Config properties: - StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} # Step through a series of configuration steps {% for step in range(1, deploy_steps_max) %} @@ -139,6 +140,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -148,6 +150,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true {% endfor %} # END service_workflow_tasks handling diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 3e4f5b42..4fe6e908 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -172,6 +172,6 @@ outputs: until: ceph_quorum_nodecheck.rc == 0 retries: {get_param: CephValidationRetries} delay: {get_param: CephValidationDelay} - - name: set crush tunables + - name: ceph osd crush tunables default tags: step0 - shell: ceph osd crush tunables optimal + shell: ceph osd crush tunables default diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml new file mode 100644 index 00000000..11ceb2fd --- /dev/null +++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Veritas HyperScale backend. + value: + service_name: cinder_backend_veritas_hyperscale + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 31a4d3eb..f5d38b60 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. CongressDebug: default: '' description: Set to True to enable debugging Glance service. diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index 2881a5c6..c218e8b5 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -56,7 +56,3 @@ outputs: mongodb::server::journal: false mongodb::server::ipv6: {get_param: MongoDbIPv6} mongodb::server::replset: {get_param: MongoDbReplset} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 9b8386c1..8842a0ca 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -96,10 +96,6 @@ outputs: - {get_param: [DefaultPasswords, mysql_root_password]} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d92b666b..d11ef66a 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -4,13 +4,11 @@ description: > Configures docker on the host parameters: - DockerNamespace: - description: namespace - default: tripleoupstream + DockerInsecureRegistryAddress: + description: Optional. The IP Address and Port of an insecure docker + namespace that will be configured in /etc/sysconfig/docker. type: string - DockerNamespaceIsRegistry: - type: boolean - default: false + default: '' EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -38,14 +36,19 @@ parameters: description: Parameters specific to the role type: json +conditions: + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: - tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} - tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + if: + - insecure_registry_is_empty + - {} + - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index d5056c60..85fdb369 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -61,7 +61,7 @@ parameters: path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 2c13cb30..070bd7c7 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -130,6 +130,8 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cfn is deployed command: systemctl is-enabled openstack-heat-api-cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index b23dc895..689251a3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -114,6 +114,8 @@ outputs: - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cloudwatch is deployed command: systemctl is-enabled openstack-heat-api-cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 3349271c..51f52a71 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -137,6 +137,8 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check is heat_api is deployed command: systemctl is-enabled openstack-heat-api diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml new file mode 100644 index 00000000..9510df3b --- /dev/null +++ b/puppet/services/iscsid.yaml @@ -0,0 +1,41 @@ +heat_template_version: pike + +description: > + Configure iscsid + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for iscsid + value: + service_name: iscsid + config_setting: {} + step_config: | + include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 136c0ad4..8796209b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -67,6 +67,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. KeystoneDebug: default: '' description: Set to True to enable debugging Keystone service. diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 24dda549..0f0fe957 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -44,7 +44,7 @@ parameters: to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without specifying a private key or cert chain to use SSL transport, but not cert auth. - type: string + type: boolean MonitoringRabbitSSLPrivateKey: default: '' description: Private key to be used by Sensu to connect to RabbitMQ host. diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0d56b3b1..a3baf710 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -34,6 +34,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 82371337..7ccf526a 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -33,6 +33,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index d98d1620..dd757b5d 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -53,8 +53,8 @@ parameters: default: 'datacentre:1:1000' description: > The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + Neutron documentation for permitted values. Defaults to permitting VLANs + 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronTunnelIdRanges: description: | diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index d0f8fda2..a12bfd0f 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -104,7 +104,13 @@ parameters: SSH key for migration. Expects a dictionary with keys 'public_key' and 'private_key'. Values should be identical to SSH public/private key files. - default: {} + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number resources: NovaBase: @@ -159,14 +165,9 @@ outputs: NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} - tripleo::profile::base::nova::migration_ssh_localaddrs: - - "%{hiera('cold_migration_ssh_inbound_addr')}" - - "%{hiera('live_migration_ssh_inbound_addr')}" - live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} - cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} - tripleo::profile::base::nova::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 3a5d7536..e2ae7260 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -30,6 +30,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean NovaComputeLibvirtType: type: string default: kvm @@ -70,6 +84,19 @@ parameters: the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO's default CA, which is FreeIPA. It will only be used if internal TLS is enabled. + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number conditions: @@ -111,8 +138,12 @@ outputs: - nova::compute::libvirt::manage_libvirt_services: false # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} @@ -120,6 +151,7 @@ outputs: nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: @@ -132,7 +164,7 @@ outputs: - use_tls_for_live_migration - generate_service_certificates: true - tripleo::profile::base::nova::libvirt_tls: true + tripleo::profile::base::nova::migration::client::libvirt_tls: true nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml new file mode 100644 index 00000000..128abc2c --- /dev/null +++ b/puppet/services/nova-migration-target.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + OpenStack Nova migration target configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + +outputs: + role_data: + description: Role data for the Nova migration target service. + value: + service_name: nova_migration_target + config_settings: + tripleo::profile::base::nova::migration::target::ssh_authorized_keys: + - {get_param: [ MigrationSshKey, public_key ]} + tripleo::profile::base::nova::migration::target::ssh_localaddrs: + - "%{hiera('cold_migration_ssh_inbound_addr')}" + - "%{hiera('live_migration_ssh_inbound_addr')}" + live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} + step_config: | + include tripleo::profile::base::nova::migration::target diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index da925181..472dbcce 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -58,6 +58,10 @@ parameters: default: {} description: Parameters specific to the role type: json + OpenDaylightManageRepositories: + description: Whether to manage the OpenDaylight repository + type: boolean + default: false outputs: role_data: @@ -72,6 +76,7 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 8ffa8a34..2027292c 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -81,6 +81,8 @@ outputs: - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} + neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} + neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 893e8418..158d04bd 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -105,11 +105,6 @@ parameters: description: Whether to deploy a LoadBalancer on the Controller type: boolean - PacemakerResources: - type: comma_delimited_list - description: List of resources managed by pacemaker - default: ['rabbitmq', 'galera'] - outputs: role_data: description: Role data for the Pacemaker role. @@ -156,20 +151,8 @@ outputs: async: 30 poll: 4 - name: Stop pacemaker cluster - tags: step2 + tags: step3 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - - name: Check pacemaker resource - tags: step4 - pacemaker_is_active: - resource: "{{ item }}" - max_wait: 500 - with_items: {get_param: PacemakerResources} - - name: Check pacemaker haproxy resource - tags: step4 - pacemaker_is_active: - resource: haproxy - max_wait: 500 - when: {get_param: EnableLoadBalancer} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 66f5c4b6..5867721a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -97,7 +97,7 @@ outputs: NODE_PORT: '' NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 7661dd2f..541a2eb6 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e52dd71e..e471c2a6 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,7 +32,7 @@ parameters: type: json EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean outputs: diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml new file mode 100644 index 00000000..bcb9e38f --- /dev/null +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + VrtsRabbitPassword: + type: string + default: '' + VrtsKeystonePassword: + type: string + default: '' + VrtsMysqlPassword: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Install Veritas HyperScale packages for controller. + value: + service_name: veritas_hyperscale_controller + config_settings: + step_config: | + include ::veritas_hyperscale::controller_pkg_inst + service_config_settings: + rabbitmq: + vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword} + keystone: + vrts_keystone_passwd: {get_param: VrtsKeystonePassword} + mysql: + vrts_mysql_passwd: {get_param: VrtsMysqlPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index debdc742..21857423 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -56,6 +56,14 @@ parameters: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' + ZaqarMessageStore: + type: string + description: The messaging store for Zaqar + default: mongodb + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EnableInternalTLS: type: boolean default: false @@ -63,6 +71,8 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} + zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: @@ -105,26 +115,67 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_store: {get_param: ZaqarMessageStore} + zaqar::management_store: {get_param: ZaqarManagementStore} + - + if: + - zaqar_messaging_store_swift + - + zaqar::messaging::swift::uri: + list_join: + - '' + - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] + zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + tripleo::profile::base::zaqar::messaging_store: 'swift' + - {} + - + if: + - zaqar_management_store_sqlalchemy + - + tripleo::profile::base::zaqar::management_store: 'sqlalchemy' + zaqar::management::sqlalchemy::uri: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: zaqar + password: {get_param: ZaqarPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /zaqar + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: - keystone: - zaqar::keystone::auth::password: {get_param: ZaqarPassword} - zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} - zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} - zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} - zaqar::keystone::auth::region: {get_param: KeystoneRegion} - zaqar::keystone::auth::tenant: 'service' - zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} - zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} - zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} - zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} - zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} - zaqar::keystone::auth_websocket::tenant: 'service' - + map_merge: + - keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + - + if: + - zaqar_management_store_sqlalchemy + - mysql: + zaqar::db::mysql::user: zaqar + zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + zaqar::db::mysql::dbname: zaqar + zaqar::db::mysql::password: {get_param: ZaqarPassword} + zaqar::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + - {} step_config: | include ::tripleo::profile::base::zaqar upgrade_tasks: diff --git a/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml new file mode 100644 index 00000000..01ce1758 --- /dev/null +++ b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - Deprecate and remove configuring clustering for + OpenDaylight container using an exec. + Configuration is now handled via puppet-opendaylight + using file resources. diff --git a/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml new file mode 100644 index 00000000..3c17e242 --- /dev/null +++ b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for Veritas HyperScale Cinder backend. diff --git a/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml new file mode 100644 index 00000000..ec7f40c9 --- /dev/null +++ b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml @@ -0,0 +1,4 @@ +--- +features: + - A new role ComputeOvsDpdk has been added to enable dynamic roles_data + creation with OVS-DPDK role. diff --git a/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml b/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml new file mode 100644 index 00000000..d37ab12b --- /dev/null +++ b/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Fixing an issue where a custom password for the + OpenDaylight controller caused the TripleO deployment + to fail diff --git a/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml new file mode 100644 index 00000000..b7497b19 --- /dev/null +++ b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adding the ability to disable the OpenDaylight upstream repository. + Introducing the OpenDaylightManageRepositories parameter. diff --git a/releasenotes/notes/systemd-d9a41bb3709d0653.yaml b/releasenotes/notes/systemd-d9a41bb3709d0653.yaml deleted file mode 100644 index af66f89d..00000000 --- a/releasenotes/notes/systemd-d9a41bb3709d0653.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -fixes: - - | - Latest commits in puppet-systemd enabled by default systemd-networkd and - systemd-resolved but we don't want to manage them for now in TripleO. - MySQL and MongoDB services were managing some systemd resources so now - we ensure that these 2 systemd services are disabled. In the future, we - might want and activate these services and revert that patch but for now - we want to disable them. diff --git a/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml new file mode 100644 index 00000000..a72da829 --- /dev/null +++ b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add Heat parameters which allow the end user to configure custom + management and messaging backends for MySQL and Swift. diff --git a/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml new file mode 100644 index 00000000..64a41424 --- /dev/null +++ b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Update undercloud default Heat parameters so we use the Zaqar swift/mysql + backends. This allows us to drop MongoDB from the undercloud. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 7b41a9e2..939b263c 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b2' +release = '7.0.0.0b3' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index b0117400..3779d23e 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -13,6 +13,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 75a6f608..de356487 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index a04a12e1..d20b5f33 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml new file mode 100644 index 00000000..7c3cd218 --- /dev/null +++ b/roles/ComputeOvsDpdk.yaml @@ -0,0 +1,41 @@ +############################################################################### +# Role: ComputeOvsDpdk # +############################################################################### +- name: ComputeOvsDpdk + description: | + Compute OvS DPDK Role + CountDefault: 1 + networks: + - InternalApi + - Tenant + - Storage + HostnameFormatDefault: '%stackname%-computeovsdpdk-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsDpdk + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Controller.yaml b/roles/Controller.yaml index e3af321e..34a23b43 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -40,6 +40,7 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 4ad405aa..1feb12f0 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -57,6 +57,7 @@ - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone diff --git a/roles/README.rst b/roles/README.rst index cd1fcb47..b21a34b6 100644 --- a/roles/README.rst +++ b/roles/README.rst @@ -95,6 +95,7 @@ Example BlockStorage CephStorage Compute + ComputeOvsDpdk Controller ControllerOpenstack Database @@ -151,12 +152,14 @@ Example * OS::TripleO::Services::ComputeNeutronOvsAgent * OS::TripleO::Services::Docker * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Iscsid * OS::TripleO::Services::Kernel * OS::TripleO::Services::MySQLClient * OS::TripleO::Services::NeutronSriovAgent * OS::TripleO::Services::NeutronVppAgent * OS::TripleO::Services::NovaCompute * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::NovaMigrationTarget * OS::TripleO::Services::Ntp * OS::TripleO::Services::OpenDaylightOvs * OS::TripleO::Services::Securetty diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index f56749a9..d462fb27 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -26,7 +26,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin diff --git a/roles_data.yaml b/roles_data.yaml index fe24a423..466164fc 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -43,6 +43,7 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler @@ -165,6 +166,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty @@ -190,6 +192,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 2aa5a291..2c8e479f 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -29,7 +29,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin diff --git a/test-requirements.txt b/test-requirements.txt index 9291450a..1b60459c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,7 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -openstackdocstheme>=1.11.0 # Apache-2.0 +openstackdocstheme>=1.11.0 # Apache-2.0 PyYAML>=3.10.0 # MIT Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 3828766f..33d12eec 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -49,8 +49,93 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'ExternalAllocationPools': ['default'], 'StorageNetCidr': ['default'], 'StorageAllocationPools': ['default'], - 'StorageMgmtNetCidr': ['default'], + 'StorageMgmtNetCidr': ['default', + # FIXME + 'description'], 'StorageMgmtAllocationPools': ['default'], + 'TenantNetCidr': ['default'], + 'TenantAllocationPools': ['default'], + 'InternalApiNetCidr': ['default'], + 'UpdateIdentifier': ['description'], + # TODO(bnemec): Address these existing + # inconsistencies. + 'NeutronMetadataProxySharedSecret': [ + 'description', 'hidden'], + 'ServiceNetMap': ['description', 'default'], + 'RedisPassword': ['description'], + 'EC2MetadataIp': ['default'], + 'network': ['default'], + 'ControlPlaneIP': ['default', + 'description'], + 'ControlPlaneIp': ['default', + 'description'], + 'NeutronBigswitchLLDPEnabled': ['default'], + 'NeutronEnableL2Pop': ['description'], + 'NeutronWorkers': ['description'], + 'TenantIpSubnet': ['description'], + 'ExternalNetName': ['description'], + 'AdminToken': ['description'], + 'ControlPlaneDefaultRoute': ['default'], + 'StorageMgmtNetName': ['description'], + 'ServerMetadata': ['description'], + 'InternalApiIpUri': ['description'], + 'UpgradeLevelNovaCompute': ['default'], + 'StorageMgmtIpUri': ['description'], + 'server': ['description'], + 'servers': ['description'], + 'FixedIPs': ['description'], + 'ExternalIpSubnet': ['description'], + 'NeutronBridgeMappings': ['description'], + 'ExtraConfig': ['description'], + 'InternalApiIpSubnet': ['description'], + 'DefaultPasswords': ['description', + 'default'], + 'BondInterfaceOvsOptions': ['description', + 'default', + 'constraints'], + 'KeyName': ['constraints'], + 'TenantNetName': ['description'], + 'StorageIpSubnet': ['description'], + 'OVNSouthboundServerPort': ['description'], + 'ExternalInterfaceDefaultRoute': + ['description', 'default'], + 'ExternalIpUri': ['description'], + 'IPPool': ['description'], + 'ControlPlaneNetwork': ['description'], + 'SSLCertificate': ['description', + 'default', + 'hidden'], + 'HostCpusList': ['default', 'constraints'], + 'InternalApiAllocationPools': ['default'], + 'NodeIndex': ['description'], + 'SwiftPassword': ['description'], + 'name': ['description', 'default'], + 'StorageNetName': ['description'], + 'ManagementNetName': ['description'], + 'NeutronPublicInterface': ['description'], + 'RoleParameters': ['description'], + 'AdminPassword': ['description', 'hidden'], + 'ManagementInterfaceDefaultRoute': + ['default'], + 'NovaPassword': ['description'], + 'image': ['description', 'default'], + 'NeutronBigswitchAgentEnabled': ['default'], + 'EndpointMap': ['description', 'default'], + 'DockerManilaConfigImage': ['description', + 'default'], + 'NetworkName': ['default', 'description'], + 'StorageIpUri': ['description'], + 'InternalApiNetName': ['description'], + 'NeutronTunnelTypes': ['description'], + 'replacement_policy': ['default'], + 'StorageMgmtIpSubnet': ['description'], + 'CloudDomain': ['description', 'default'], + 'key_name': ['default', 'description'], + 'EnableLoadBalancer': ['description'], + 'ControllerExtraConfig': ['description'], + 'NovaComputeExtraConfig': ['description'], + 'controllerExtraConfig': ['description'], + 'DockerSwiftConfigImage': ['default'], } PREFERRED_CAMEL_CASE = { @@ -219,11 +304,13 @@ def validate_docker_service(filename, tpl): if 'docker_config' in role_data: docker_config = role_data['docker_config'] for _, step in docker_config.items(): + if not isinstance(step, dict): + # NOTE(mandre) this skips everything that is not a dict + # so we may ignore some containers definitions if they + # are in a map_merge for example + continue for _, container in step.items(): if not isinstance(container, dict): - # NOTE(mandre) this skips everything that is not a dict - # so we may ignore some containers definitions if they - # are in a map_merge for example continue command = container.get('command', '') if isinstance(command, list): @@ -422,10 +509,8 @@ for p, defs in param_map.items(): # If all items in the list are not == the first, then the check fails if check_data.count(check_data[0]) != len(check_data): mismatch_count += 1 - # TODO(bnemec): Make this a hard failure once all the templates have - # been fixed. - #exit_val |= 1 - #failed_files.extend([d['filename'] for d in defs]) + exit_val |= 1 + failed_files.extend([d['filename'] for d in defs]) print('Mismatched parameter definitions found for "%s"' % p) print('Definitions found:') for d in defs: |