diff options
265 files changed, 3776 insertions, 7155 deletions
@@ -82,7 +82,7 @@ and should be executed according to the following table: | neutron-bgpvpn | | | | X | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | ovn | | | | | | X | -+---------------------------------------------------------------------------------------------------------+ ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | neutron-l2gw | | | | X | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | rabbitmq | X | X | X | X | X | X | @@ -113,13 +113,13 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | swift | | X | | | X | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| aodh | X | | | | | | +| aodh | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| ceilometer | X | | | | | | +| ceilometer | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| gnocchi | X | | | | | | +| gnocchi | rbd | swift | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| panko | X | | | | | | +| panko | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | barbican | | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index decac6bb..91daa689 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -10,13 +10,13 @@ # environment_groups: (required) # environment_groups: -# Identifies an environment choice. If group includes multiple environments it -# indicates that environments in group are mutually exclusive. +# Identifies a group of environments. # Attributes: # title: (optional) # description: (optional) # tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) +# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive # environments: # List of environments in environment group @@ -25,149 +25,37 @@ # title: (required) # description: (optional) # requires: an array of environments which are required by this environment (optional) -# resource_registry: [tbd] (optional) - -# resource_registry: -# [tbd] Each environment can provide options on resource_registry level applicable -# only when that given environment is used. (resource_type of that environment can -# be implemented using multiple templates). topics: - - title: Base Resources Configuration + - title: General Deployment Options description: environment_groups: - - title: - description: Enable base configuration for all resources required for OpenStack Deployment + - name: general-deployment-options + title: + description: Enables base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml title: Base resources configuration description: - - - title: Deployment Options - description: - environment_groups: - - title: High Availability - description: Enables configuration of an Overcloud controller with Pacemaker - environments: - - file: environments/puppet-pacemaker.yaml - title: Pacemaker - description: Enable configuration of an Overcloud controller with Pacemaker - requires: - - overcloud-resource-registry-puppet.yaml - - title: Pacemaker options - description: - environments: - - file: environments/puppet-pacemaker-no-restart.yaml - title: Pacemaker No Restart - description: - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Docker RDO + - title: Containerized Deployment description: > - Docker container with heat agents for containerized compute node + Configures Deployment to use containerized services environments: - file: environments/docker.yaml - title: Docker RDO + title: Containerized Deployment description: requires: - overcloud-resource-registry-puppet.yaml - - title: Enable TLS - description: > - environments: - - file: environments/enable-tls.yaml - title: TLS - description: > - Use this option to pass in certificates for SSL deployments. - For these values to take effect, one of the TLS endpoints - environments must also be used. - requires: - - overcloud-resource-registry-puppet.yaml - - title: TLS Endpoints - description: > - environments: - - file: environments/tls-endpoints-public-dns.yaml - title: SSL-enabled deployment with DNS name as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is a DNS name. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - file: environments/tls-endpoints-public-ip.yaml - title: SSL-enabled deployment with IP address as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is an IP address. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - title: External load balancer - description: > - Enable external load balancer - environments: - - file: environments/external-loadbalancer-vip-v6.yaml - title: External load balancer IPv6 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - file: environments/external-loadbalancer-vip.yaml - title: External load balancer IPv4 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - - title: Additional Services - description: Deploy additional Overcloud services - environment_groups: - - title: Manila - description: - environments: - - file: environments/manila-generic-config.yaml - title: Manila - description: Enable Manila generic driver backend - requires: - - overcloud-resource-registry-puppet.yaml - - title: Sahara - description: - environments: - - file: environments/services/sahara.yaml - title: Sahara - description: Deploy Sahara service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ironic - description: - environments: - - file: environments/services/ironic.yaml - title: Ironic - description: Deploy Ironic service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Mistral - description: - environments: - - file: environments/services/mistral.yaml - title: Mistral - description: Deploy Mistral service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ceilometer Api - description: + - title: High Availability + description: Enables configuration of an Overcloud Controller with Pacemaker environments: - - file: environments/services/disable-ceilometer-api.yaml - title: Ceilometer Api - description: Disable Ceilometer Api service. This service is - deprecated and will be removed in future releases. Please move - to using gnocchi/aodh/panko apis instead. + - file: environments/puppet-pacemaker.yaml + title: High Availability (Pacemaker) + description: requires: - overcloud-resource-registry-puppet.yaml - # - title: Network Interface Configuration - # description: - # environment_groups: - - - title: Overlay Network Configuration + - title: Network Configuration description: environment_groups: - title: Network Isolation @@ -189,10 +77,12 @@ topics: to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single NIC or Bonding + mutually_exclusive: true + - title: NICs, Bonding, VLANs Configuration description: > - Configure roles to use pair of bonded nics or to use Vlans on a - single nic. This option assumes use of Network Isolation. + Choose one of the pre-defined configurations or provide custom + network-environment.yaml instead. Note that pre-defined configuration work + only with standard Roles and Networks. These options assume use of Network Isolation. environments: - file: environments/net-bond-with-vlans.yaml title: Bond with Vlans @@ -202,7 +92,6 @@ topics: for each role. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-no-external.yaml title: Bond with Vlans No External Ports description: > @@ -212,7 +101,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-v6.yaml title: Bond with Vlans IPv6 description: > @@ -222,7 +110,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics.yaml title: Multiple NICs description: > @@ -231,7 +118,6 @@ topics: This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics-v6.yaml title: Multiple NICs IPv6 description: > @@ -240,7 +126,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml title: Single NIC with Vlans description: > @@ -248,7 +133,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-no-external.yaml title: Single NIC with Vlans No External Ports description: > @@ -257,7 +141,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-linux-bridge-with-vlans.yaml title: Single NIC with Linux Bridge Vlans description: > @@ -265,7 +148,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-v6.yaml title: Single NIC with Vlans IPv6 description: > @@ -274,7 +156,7 @@ topics: This option assumes use of Network Isolation IPv6 requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true - title: Management Network description: > Enable the creation of a system management network. This @@ -292,6 +174,35 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + + - title: Docker Network + description: > + [Temporary] Use this option when deploying containerized deployment + without network isolation + environments: + - file: environments/docker-network.yaml + title: Docker network + description: + requires: + - environments/docker.yaml + + - title: External load balancer + description: > + Enable external load balancer, requires network Isolation to be enabled. + Note that this option assumes standard isolated networks set. + environments: + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - environments/network-isolation.yaml + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - environments/network-isolation-v6.yaml + mutually_exclusive: true - title: Neutron Plugin Configuration description: @@ -327,8 +238,8 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/neutron-midonet.yaml - title: Deploy MidoNet Services + - file: environments/networking/neutron-midonet.yaml + title: Neutron MidoNet Services description: requires: - overcloud-resource-registry-puppet.yaml @@ -378,34 +289,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - - title: Nova Extensions - description: - environment_groups: - - title: Nova Extensions - description: - environments: - - file: environments/nova-nuage-config.yaml - title: Nuage backend - description: > - Enables Nuage backend on the Compute - requires: - - overcloud-resource-registry-puppet.yaml - - title: Storage description: environment_groups: - - title: Cinder backup service - description: - environments: - - file: environments/cinder-backup.yaml - title: Cinder backup service - description: > - OpenStack Cinder Backup service with Pacemaker configured - with Puppet - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Cinder backend + - title: Cinder backends description: > Enable various Cinder backends environments: @@ -414,7 +301,7 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-netapp-config.yaml + - file: environments/storage/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: @@ -422,22 +309,26 @@ topics: - file: environments/cinder-dellsc-config.yaml title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell EMC Storage Center ISCSI backend, + Enables a Cinder Dell EMC Storage Center ISCSI backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellemc-unity-config.yaml + title: Cinder Dell EMC Unity backend + description: > + Enables a Cinder Dell EMC Unity backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > - Enables a Cinder HPELeftHandISCSI backend, configured - via puppet + Enables a Cinder HPELeftHandISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellps-config.yaml title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder Dell EMC PS Series backend, - configured via puppet + Enables a Cinder Dell EMC PS Series backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml @@ -447,8 +338,7 @@ topics: - file: environments/cinder-scaleio-config.yaml title: Cinder Dell EMC ScaleIO backend description: > - Enables a Cinder Dell EMC ScaleIO backend, - configured via puppet + Enables a Cinder Dell EMC ScaleIO backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-veritas-hyperscale-config.yaml @@ -458,106 +348,199 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph - description: > - Enable the use of Ceph in the overcloud + - title: Cinder backup service + description: environments: - - file: environments/puppet-ceph-external.yaml - title: Externally managed Ceph + - file: environments/cinder-backup.yaml + title: Cinder backup service description: > - Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + OpenStack Cinder Backup service with Pacemaker requires: + - environments/puppet-pacemaker.yaml - overcloud-resource-registry-puppet.yaml + - title: Ceph + description: > + Enable the use of Ceph in the overcloud + environments: - file: environments/puppet-ceph.yaml - title: TripleO managed Ceph + title: Ceph Storage Backend description: > Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: CephMDS - description: > - Deploys CephMDS via TripleO, an additional Ceph service needed to create shared - filesystems hosted in Ceph. + - file: environments/storage/external-ceph.yaml + title: Externally managed Ceph + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + - title: Additional Ceph Options + description: environments: - file: environments/services/ceph-mds.yaml title: Deploys CephMDS - description: + description: > + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. requires: - environments/puppet-ceph.yaml - - title: Ceph Rados Gateway - description: > - Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API - which stores data in the Ceph cluster. - environments: - file: environments/ceph-radosgw.yaml - title: Deploys CephRGW - description: + title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. requires: - environments/puppet-ceph.yaml - - title: Manila with CephFS - description: > - Deploys Manila and configures it with the CephFS driver. This requires the deployment of - Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. - environments: - file: environments/manila-cephfsnative-config.yaml - title: Deploys Manila with CephFS driver - description: Deploys Manila and configures CephFS as its default backend. + title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. requires: - overcloud-resource-registry-puppet.yaml - - title: Storage Environment - description: > - Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It - configures which services will use Ceph, or if any of the services - will use NFS. And more. Usually requires to be edited by user first. - tags: - - no-gui + - title: Glance backends + description: environments: - - file: environments/storage-environment.yaml - title: Storage Environment - description: + - file: environments/storage/glance-nfs.yaml + title: Glance NFS Backend + description: | + Configure and enable this option to enable the use of an NFS + share as the backend for Glance. requires: - overcloud-resource-registry-puppet.yaml - - title: Utilities - description: + + - title: Security + description: Security Hardening Options environment_groups: - - title: Config Debug - description: Enable config management (e.g. Puppet) debugging + - title: TLS + description: environments: - - file: environments/config-debug.yaml - title: Config Debug + - file: environments/ssl/enable-tls.yaml + title: SSL on OpenStack Public Endpoints + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + options must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: + environments: + - file: environments/ssl/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-everywhere-endpoints-dns.yaml + title: Deploy All SSL Endpoints as DNS names + description: > + Use this option when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/ssl/enable-tls.yaml + mutually_exclusive: true + - title: SSH Banner Text + description: Enables population of SSH Banner Text + environments: + - file: environments/sshd-banner.yaml + title: SSH Banner Text description: requires: - overcloud-resource-registry-puppet.yaml - - title: Disable journal in MongoDb - description: > - Since, when journaling is enabled, MongoDb will create big journal - file it can take time. In a CI environment for example journaling is - not necessary. + - title: Horizon Password Validation + description: Enable Horizon Password validation environments: - - file: environments/mongodb-nojournal.yaml - title: Disable journal in MongoDb + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation description: requires: - overcloud-resource-registry-puppet.yaml - - title: Overcloud Steps - description: > - Specifies hooks/breakpoints where overcloud deployment should stop - Allows operator validation between steps, and/or more granular control. - Note: the wildcards relate to naming convention for some resource suffixes, - e.g see puppet/*-post.yaml, enabling this will mean we wait for - a user signal on every *Deployment_StepN resource defined in those files. - tags: - - no-gui + - title: AuditD Rules + description: Management of AuditD rules environments: - - file: environments/overcloud-steps.yaml - title: Overcloud Steps + - file: environments/auditd.yaml + title: AuditD Rule Management description: requires: - overcloud-resource-registry-puppet.yaml + - title: Keystone CADF auditing + description: Enable CADF notifications in Keystone for auditing + environments: + - file: environments/cadf.yaml + title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values + + - title: Additional Services + description: + environment_groups: + - title: + description: Deploy additional services + environments: + - file: environments/services/manila-generic-config.yaml + title: Barbican + description: Enable Barbican with the default secret store backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila with generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ec2-api.yaml + title: EC2 API + description: Enable EC2-API service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/zaqar.yaml + title: Zaqar + description: Deploy Zaqar service + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -566,7 +549,7 @@ topics: description: Enable monitoring agents environments: - file: environments/monitoring-environment.yaml - title: Enable monitoring agents + title: Monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml @@ -574,7 +557,7 @@ topics: description: Enable centralized logging clients (fluentd) environments: - file: environments/logging-environment.yaml - title: Enable fluentd client + title: fluentd client description: requires: - overcloud-resource-registry-puppet.yaml @@ -582,45 +565,45 @@ topics: description: Enable performance monitoring agents environments: - file: environments/collectd-environment.yaml - title: Enable performance monitoring agents + title: Performance monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml - - title: Security Options - description: Security Hardening Options + - title: Utilities + description: environment_groups: - - title: SSH Banner Text - description: Enables population of SSH Banner Text + - title: Config Debug + description: Enable config management (e.g. Puppet) debugging environments: - - file: environments/sshd-banner.yaml - title: SSH Banner Text + - file: environments/config-debug.yaml + title: Config Debug description: requires: - overcloud-resource-registry-puppet.yaml - - title: Horizon Password Validation - description: Enable Horizon Password validation + - title: Disable journal in MongoDb + description: > + Since, when journaling is enabled, MongoDb will create big journal + file it can take time. In a CI environment for example journaling is + not necessary. environments: - - file: environments/horizon_password_validation.yaml - title: Horizon Password Validation + - file: environments/mongodb-nojournal.yaml + title: Disable journal in MongoDb description: requires: - overcloud-resource-registry-puppet.yaml - - title: AuditD Rules - description: Management of AuditD rules + - title: Overcloud Steps + description: > + Specifies hooks/breakpoints where overcloud deployment should stop + Allows operator validation between steps, and/or more granular control. + Note: the wildcards relate to naming convention for some resource suffixes, + e.g see puppet/*-post.yaml, enabling this will mean we wait for + a user signal on every *Deployment_StepN resource defined in those files. + tags: + - no-gui environments: - - file: environments/auditd.yaml - title: AuditD Rule Management + - file: environments/overcloud-steps.yaml + title: Overcloud Steps description: requires: - overcloud-resource-registry-puppet.yaml - - title: Keystone CADF auditing - description: Enable CADF notifications in Keystone for auditing - environments: - - file: environments/cadf.yaml - title: Keystone CADF auditing - - title: SecureTTY Values - description: Set values within /etc/securetty - environments: - - file: environments/securetty.yaml - title: SecureTTY Values diff --git a/ci/common/net-config-multinode-os-net-config.yaml b/ci/common/net-config-multinode-os-net-config.yaml index 6f4542bd..9d45a9ff 100644 --- a/ci/common/net-config-multinode-os-net-config.yaml +++ b/ci/common/net-config-multinode-os-net-config.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml index f7e250e2..6beb62f0 100644 --- a/ci/common/net-config-multinode.yaml +++ b/ci/common/net-config-multinode.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 7768c4f0..03baf4aa 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -52,9 +52,7 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages @@ -75,3 +73,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 2b25e58e..f945a021 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -48,9 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute @@ -72,3 +69,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index d8f71414..81301349 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -32,9 +32,6 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL @@ -68,3 +65,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 73dc5b14..fec958ba 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -7,9 +7,9 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ - OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml - OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml - OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml @@ -99,9 +99,20 @@ parameter_defaults: Debug: true #NOTE(gfidente): not great but we need this to deploy on ext4 #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ - ExtraConfig: - ceph::profile::params::osd_max_object_name_len: 256 - ceph::profile::params::osd_max_object_namespace_len: 64 + CephAnsibleDisksConfig: + devices: + - /dev/loop3 + journal_size: 512 + journal_collocation: true + CephAnsibleExtraConfig: + ceph_conf_overrides: + global: + osd_pool_default_size: 1 + osd_pool_default_pg_num: 32 + osd_max_object_name_len: 256 + osd_max_object_namespace_len: 64 + centos_package_dependencies: [] + CephAnsibleSkipTags: '' #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for # developer and CI testing only. @@ -109,6 +120,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 NovaEnableRbdBackend: true CinderEnableRbdBackend: true CinderBackupBackend: ceph diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index d300f773..584c1e5e 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -8,7 +8,10 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + # TODO: Zaqar doesn't work when containerized + # https://bugs.launchpad.net/tripleo/+bug/1710959 + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index cdbcbfd6..5670c213 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -2,9 +2,10 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml @@ -68,6 +69,18 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentIpmi + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 6d795f97..5590de26 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -95,6 +95,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 SwiftCeilometerPipelineEnabled: false NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' diff --git a/docker/deploy-steps-playbook.yaml b/common/deploy-steps-tasks.yaml index b884e0e7..998bbe0c 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/common/deploy-steps-tasks.yaml @@ -1,6 +1,6 @@ -- hosts: localhost - connection: local - tasks: + # Note the indentation here is required as it's joined + # to create a playbook in deploy-steps.j2 + ##################################################### # Per step puppet configuration of the baremetal host ##################################################### @@ -27,7 +27,7 @@ shell: python /var/lib/docker-puppet/docker-puppet.py environment: NET_HOST: 'true' - DEBUG: '{{docker_puppet_debug}}' + DEBUG: '{{docker_puppet_debug|default(false)}}' when: step == "1" changed_when: false check_mode: no diff --git a/docker/docker-steps.j2 b/common/deploy-steps.j2 index 05ff7945..db2b21c1 100644 --- a/docker/docker-steps.j2 +++ b/common/deploy-steps.j2 @@ -10,6 +10,8 @@ {%- set primary_role_name = primary_role[0].name -%} # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} +{% set update_steps_max = 6 -%} +{% set upgrade_steps_max = 6 -%} heat_template_version: pike @@ -72,7 +74,15 @@ resources: - name: update_identifier - name: bootstrap_server_id - name: docker_puppet_debug - config: {get_file: deploy-steps-playbook.yaml} + config: + str_replace: + template: | + - hosts: localhost + connection: local + tasks: + _TASKS + params: + _TASKS: {get_file: deploy-steps-tasks.yaml} {%- for step in range(1, deploy_steps_max) %} # BEGIN service_workflow_tasks handling @@ -159,7 +169,7 @@ resources: connection: local vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} - docker_puppet_script: {get_file: docker-puppet.py} + docker_puppet_script: {get_file: ../docker/docker-puppet.py} docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} @@ -235,7 +245,7 @@ resources: {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup + type: OS::TripleO::DeploymentSteps depends_on: - WorkflowTasks_Step{{step}}_Execution # TODO(gfidente): the following if/else condition @@ -294,3 +304,54 @@ resources: {% endfor %} + +outputs: + RoleConfig: + description: Mapping of config data for all roles + value: + deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml} + deploy_steps_playbook: | + - hosts: overcloud + tasks: +{%- for role in roles %} + - include: {{role.name}}/host_prep_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + - include: deploy_steps_tasks.yaml + with_sequence: start=0 end={{deploy_steps_max-1}} + loop_control: + loop_var: step + update_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/update_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + update_steps_playbook: | + - hosts: overcloud + serial: 1 + tasks: + - include: update_steps_tasks.yaml + with_sequence: start=0 end={{update_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: start=0 end={{deploy_steps_max-1}} + loop_control: + loop_var: step + upgrade_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/upgrade_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + upgrade_steps_playbook: | + - hosts: overcloud + tasks: + - include: upgrade_steps_tasks.yaml + with_sequence: start=0 end={{upgrade_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: start=0 end={{deploy_steps_max-1}} + loop_control: + loop_var: step + diff --git a/puppet/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml index 11113eec..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/common/major_upgrade_steps.j2.yaml diff --git a/docker/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml index 4477f868..7cd6abdf 100644 --- a/docker/post-upgrade.j2.yaml +++ b/common/post-upgrade.j2.yaml @@ -1,4 +1,4 @@ # Note the include here is the same as post.j2.yaml but the data used at # # the time of rendering is different if any roles disable upgrades {% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'docker-steps.j2' %} +{% include 'deploy-steps.j2' %} diff --git a/common/post.j2.yaml b/common/post.j2.yaml new file mode 100644 index 00000000..8a70dfa9 --- /dev/null +++ b/common/post.j2.yaml @@ -0,0 +1 @@ +{% include 'deploy-steps.j2' %} diff --git a/common/services.yaml b/common/services.yaml index 0bc3462f..a8186e43 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -193,6 +193,16 @@ resources: expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + UpdateTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + UpgradeBatchTasks: type: OS::Heat::Value properties: @@ -253,6 +263,7 @@ outputs: service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} step_config: {get_attr: [PuppetStepConfig, value]} upgrade_tasks: {get_attr: [UpgradeTasks, value]} + update_tasks: {get_attr: [UpdateTasks, value]} upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh new file mode 100755 index 00000000..dcabeadf --- /dev/null +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +set -eu + +# whitespace (space or newline) separated list +OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""} +OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"} +# this is just for compatibility with CI +SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"} +# this is the intended variable for overriding +OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"} + +SLEEP_TIME=5 + +function overcloud_ssh_hosts_json { + echo "$OVERCLOUD_HOSTS" | python -c ' +from __future__ import print_function +import json, re, sys +print(json.dumps(re.split("\s+", sys.stdin.read().strip())))' +} + +function overcloud_ssh_key_json { + # we pass the contents to Mistral instead of just path, otherwise + # the key file would have to be readable for the mistral user + cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' +} + +function workflow_finished { + local execution_id="$1" + openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null +} + +if [ -z "$OVERCLOUD_HOSTS" ]; then + echo 'Please set $OVERCLOUD_HOSTS' + exit 1 +fi + +echo "Starting workflow to create ssh admin on deployed servers." +echo "SSH user: $OVERCLOUD_SSH_USER" +echo "SSH key file: $OVERCLOUD_SSH_KEY" +echo "Hosts: $OVERCLOUD_HOSTS" +echo + +EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}" +EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS") +echo "$EXECUTION_CREATE_OUTPUT" +EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }') + +if [ -z "$EXECUTION_ID" ]; then + echo "Failed to get workflow execution ID for ssh admin creation workflow" + exit 1 +fi + +echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)." +while ! workflow_finished $EXECUTION_ID; do + sleep $SLEEP_TIME + echo -n . +done + +echo "Success." diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh deleted file mode 100755 index 8b4c6a03..00000000 --- a/docker/firstboot/setup_docker_host.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -eux -# This file contains setup steps that can't be or have not yet been moved to -# puppet - -# Disable libvirtd since it conflicts with nova_libvirt container -/usr/bin/systemctl disable libvirtd.service -/usr/bin/systemctl stop libvirtd.service diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml deleted file mode 100644 index ddfa8802..00000000 --- a/docker/firstboot/setup_docker_host.yaml +++ /dev/null @@ -1,19 +0,0 @@ -heat_template_version: pike - -resources: - - userdata: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: setup_docker_host} - - setup_docker_host: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: ./setup_docker_host.sh} - -outputs: - OS::stack_id: - value: {get_resource: userdata} diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml deleted file mode 100644 index fd956215..00000000 --- a/docker/post.j2.yaml +++ /dev/null @@ -1 +0,0 @@ -{% include 'docker-steps.j2' %} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 8afb6d28..da4b981c 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -114,6 +114,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 6caffd15..424c316f 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -115,7 +115,7 @@ outputs: command: - '/usr/bin/bootstrap_host_exec' - 'ceilometer_agent_central' - - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" + - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 09677c64..535b1693 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -92,6 +92,21 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - - name: Stop and disable ceilometer-agent-compute service + - name: Check if openstack-ceilometer-compute is deployed + command: systemctl is-enabled openstack-ceilometer-compute + tags: step2 + ignore_errors: True + register: openstack_ceilometer_compute_enabled + - name: Check if openstack-ceilometer-polling is deployed + command: systemctl is-enabled openstack-ceilometer-polling + tags: step2 + ignore_errors: True + register: openstack_ceilometer_polling_enabled + - name: Stop and disable ceilometer compute agent tags: step2 service: name=openstack-ceilometer-compute state=stopped enabled=no + when: openstack_ceilometer_compute_enabled.rc == 0 + - name: Stop and disable ceilometer polling agent + tags: step2 + service: name=openstack-ceilometer-polling state=stopped enabled=no + when: openstack_ceilometer_polling_enabled.rc == 0 diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 1468415e..d78ff7fd 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackUpdateType: + type: string + description: > + Type of update, to differentiate between UPGRADE and UPDATE cases + when StackAction is UPDATE (both are the same stack action). + constraints: + - allowed_values: ['', 'UPGRADE'] + default: '' CephAnsibleWorkflowName: type: string description: Name of the Mistral workflow to execute @@ -38,10 +46,18 @@ parameters: type: string description: Path to the ceph-ansible playbook to execute default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleUpgradePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute on upgrade + default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} + CephAnsibleSkipTags: + type: string + description: List of ceph-ansible tags to skip + default: 'package-install,with_pkg' CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -78,7 +94,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -88,6 +104,14 @@ parameters: description: default minimum replication for RBD copies type: number default: 3 + ManilaCephFSNativeCephFSAuthId: + default: manila + type: string + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true CephIPv6: default: False type: boolean @@ -101,6 +125,35 @@ conditions: yaql: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') + perform_upgrade: + equals: [{get_param: StackUpdateType}, 'UPGRADE'] + +resources: + DockerImageUrlParts: + type: OS::Heat::Value + properties: + type: json + value: + host: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] + data: {get_param: DockerCephDaemonImage} + - docker.io + image: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2] + data: {get_param: DockerCephDaemonImage} + - yaql: + expression: $.data.rightSplit(':', 1)[0] + data: {get_param: DockerCephDaemonImage} + image_tag: + yaql: + expression: $.data.rightSplit(':', 1)[1] + data: {get_param: DockerCephDaemonImage} outputs: role_data: @@ -119,29 +172,24 @@ outputs: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } input: + ansible_skip_tags: {get_param: CephAnsibleSkipTags} ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} - ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + ceph_ansible_playbook: + if: + - perform_upgrade + - {get_param: CephAnsibleUpgradePlaybook} + - {get_param: CephAnsiblePlaybook} config_settings: ceph_common_ansible_vars: + ireallymeanit: 'yes' fsid: { get_param: CephClusterFSID } docker: true - ceph_docker_registry: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[1] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - docker.io - ceph_docker_image: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[2] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} + ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]} + ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} user_config: true ceph_stable: true @@ -185,11 +233,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - acls: - - "u:glance:r--" - - "u:nova:r--" - - "u:cinder:r--" - - "u:gnocchi:r--" + mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: ManilaCephFSNativeCephFSAuthId} + key: {get_param: CephManilaClientKey} + mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create" + mds_cap: "allow *" + osd_cap: "allow rw" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..4ef3a669 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,83 @@ +heat_template_version: pike + +description: > + Ceph Metadata service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephMdsKey: + description: The cephx key for the MDS service. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Metadata service. + value: + service_name: ceph_mds + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_mds.firewall_rules: + '112 ceph_mds': + dport: + - '6800-7300' + - ceph_mds_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - cephfs_data: {get_param: ManilaCephFSDataPoolName} + cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName} + cephfs: {get_param: ManilaCephFSNativeShareBackendName} diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5ba79b31..9b5c5b8f 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -36,6 +36,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -77,6 +89,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -84,6 +100,8 @@ outputs: - path: /var/log/mongodb owner: mongodb:mongodb recurse: true + - path: /etc/pki/tls/certs/mongodb.pem + owner: mongodb:mongodb docker_config: step_2: mongodb: @@ -91,11 +109,21 @@ outputs: net: host privileged: false volumes: &mongodb_volumes - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/mongodb:/var/log/mongodb - - /var/lib/mongodb:/var/lib/mongodb + list_concat: + - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/mongodb:/var/log/mongodb + - /var/lib/mongodb:/var/lib/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -106,8 +134,18 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_config_image volumes: - - /var/lib/mongodb:/var/lib/mongodb - - /var/log/containers/mongodb:/var/log/mongodb + list_concat: + - - /var/lib/mongodb:/var/lib/mongodb + - /var/log/containers/mongodb:/var/log/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null host_prep_tasks: - name: create persistent directories file: @@ -116,6 +154,8 @@ outputs: with_items: - /var/log/containers/mongodb - /var/lib/mongodb + metadata_settings: + get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 54331415..402dc351 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -40,6 +40,18 @@ parameters: type: string hidden: true default: '' + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -86,10 +98,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/mysql owner: mysql:mysql recurse: true + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -108,12 +131,25 @@ outputs: # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /etc/hosts:/etc/hosts:ro - - /var/lib/mysql:/var/lib/mysql - - /var/log/containers/mysql:/var/log/mariadb + list_concat: + - + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - /var/lib/mysql:/var/lib/mysql + - /var/log/containers/mysql:/var/log/mariadb + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro + - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -146,9 +182,24 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mysql' config_image: *mysql_config_image volumes: - - /var/lib/mysql:/var/lib/mysql/:ro - - /var/log/containers/mysql:/var/log/mariadb - - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf + list_concat: + - + - /var/lib/mysql:/var/lib/mysql/:ro + - /var/log/containers/mysql:/var/log/mariadb + - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro + - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro + - null + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 044eb283..df226b15 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -39,10 +39,16 @@ parameters: EnableInternalTLS: type: boolean default: false + GlanceNfsEnabled: + default: false + description: > + When using GlanceBackend 'file', mount NFS share for image storage. + type: boolean conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]} resources: @@ -128,6 +134,11 @@ outputs: - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro + - + if: + - nfs_backend_enabled + - /var/lib/glance:/var/lib/glance + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 5129b89f..1443da40 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NumberOfStorageSacks: + default: 128 + description: Number of storage sacks to create. + type: number conditions: @@ -84,6 +88,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -97,7 +105,7 @@ outputs: volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] - step_3: + step_4: gnocchi_db_sync: image: *gnocchi_api_image net: host @@ -108,10 +116,16 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" - step_4: + - /etc/ceph:/etc/ceph:ro + command: + str_replace: + template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM' + params: + SACK_NUM: {get_param: NumberOfStorageSacks} + step_5: gnocchi_api: image: *gnocchi_api_image net: host @@ -124,6 +138,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: - internal_tls_enabled @@ -141,6 +156,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable httpd service tags: step2 diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 19e658cd..2957312b 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -81,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -99,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -106,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-statsd service tags: step2 diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 2f0584ea..f0e2f71d 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -60,6 +60,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -86,6 +98,9 @@ outputs: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false tripleo::haproxy::haproxy_service_manage: false + # NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy + # when this is updated + tripleo::haproxy::crl_file: null step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -96,12 +111,23 @@ outputs: step_config: "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} - volumes: &deployed_cert_mount - - list_join: - - ':' - - - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath} - - 'ro' + volumes: + list_concat: + - - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' + - if: + - internal_tls_enabled + - - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro + - /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - null kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -110,6 +136,16 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + permissions: + - path: /etc/pki/tls/certs/haproxy + owner: haproxy:haproxy + recurse: true + optional: true docker_config: step_1: haproxy_firewall: @@ -133,7 +169,6 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro @@ -154,10 +189,24 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index a20dc131..fdba7d58 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -109,6 +109,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /var/log/containers/heat:/var/log/heat command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'" diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml new file mode 100644 index 00000000..22ee5b56 --- /dev/null +++ b/docker/services/logrotate-crond.yaml @@ -0,0 +1,84 @@ +heat_template_version: pike + +description: > + Containerized logrotate with crond for containerized service logs rotation + +parameters: + DockerCrondImage: + description: image + type: string + DockerCrondConfigImage: + description: The container image to use for the crond config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the crond role. + value: + service_name: logrotate_crond + config_settings: {} + step_config: &step_config | + include ::tripleo::profile::base::logging::logrotate + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: crond + step_config: *step_config + config_image: {get_param: DockerCrondConfigImage} + kolla_config: + /var/lib/kolla/config_files/logrotate-crond.json: + command: /usr/sbin/crond -s -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_4: + logrotate_crond: + image: {get_param: DockerCrondImage} + net: none + pid: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro + - /var/log/containers:/var/log/containers + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index fc749f37..5e01558a 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,11 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d - config_files: - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/" - merge: true - preserve_properties: true + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index b4fce226..85a07128 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -122,6 +122,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index dd4f96c0..37c4da5b 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -64,9 +71,6 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false - nova_wsgi_enabled: false - nova::api::service_name: '%{::nova::params::api_service_name}' - nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -82,7 +86,7 @@ outputs: config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api + command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -112,7 +116,7 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -124,6 +128,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" @@ -163,7 +168,7 @@ outputs: start_order: 2 image: *nova_api_image net: host - user: nova + user: root privileged: true restart: always volumes: @@ -173,6 +178,16 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_api_cron: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 2f3851a5..8f151cfe 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -12,10 +12,6 @@ parameters: DockerNovaLibvirtConfigImage: description: The container image to use for the nova_libvirt config_volume type: string - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation at deploy time - type: boolean ServiceData: default: {} description: Dictionary packing service data @@ -56,7 +52,21 @@ parameters: description: Port that dockerized nova migration target sshd service binds to. type: number - + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. conditions: @@ -69,6 +79,15 @@ conditions: - {get_param: UseTLSTransportForLiveMigration} - true + need_libvirt_secret: + or: + - equals: + - {get_param: NovaEnableRbdBackend} + - true + - equals: + - {get_param: CinderEnableRbdBackend} + - true + resources: ContainersCommon: @@ -94,7 +113,10 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - get_attr: [NovaLibvirtBase, role_data, config_settings] + map_merge: + - get_attr: [NovaLibvirtBase, role_data, config_settings] + - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here + step_config: &step_config list_join: - "\n" @@ -102,7 +124,7 @@ outputs: - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: libvirtd_config,nova_config,file,exec + puppet_tags: libvirtd_config,nova_config,file step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -121,13 +143,45 @@ outputs: dest: "/etc/ceph/" merge: true preserve_properties: true + /var/lib/kolla/config_files/nova_virtlogd.json: + command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova recurse: true docker_config: step_3: + nova_virtlogd: + start_order: 0 + image: {get_param: DockerNovaLibvirtImage} + net: host + pid: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /dev:/dev + - /run:/run + - /sys/fs/cgroup:/sys/fs/cgroup + - /var/lib/nova:/var/lib/nova + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu:ro + - /var/log/libvirt/qemu:/var/log/libvirt/qemu + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_libvirt: + start_order: 1 image: {get_param: DockerNovaLibvirtImage} net: host pid: host @@ -145,21 +199,55 @@ outputs: - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova - - /etc/libvirt/secrets:/etc/libvirt/secrets - # Needed to use host's virtlogd + - /etc/libvirt:/etc/libvirt - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - - /etc/libvirt/qemu:/etc/libvirt/qemu - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova + - + if: + - use_tls_for_live_migration + - + - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro + - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro + - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro + - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro + - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + if: + - need_libvirt_secret + - nova_libvirt_init_secret: + detach: false + image: {get_param: DockerNovaLibvirtImage} + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro + - /etc/libvirt:/etc/libvirt + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + command: + - /bin/bash + - -c + - str_replace: + template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY' + params: + SECRET_UUID: {get_param: CephClusterFSID} + SECRET_KEY: {get_param: CephClientKey} + - {} host_prep_tasks: - name: create libvirt persistent data directories file: path: "{{ item }}" state: directory with_items: + - /etc/libvirt - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt @@ -168,22 +256,21 @@ outputs: file: path: /etc/ceph state: directory - - name: set enable_package_install fact - set_fact: - enable_package_install: {get_param: EnablePackageInstall} - # We use virtlogd on host, so when using Deployed Server - # feature, we need to ensure libvirt is installed. - - name: install libvirt-daemon - package: - name: libvirt-daemon - state: present - when: enable_package_install - - name: start virtlogd socket + - name: check if libvirt is installed + command: /usr/bin/rpm -q libvirt-daemon + failed_when: false + register: libvirt_installed + - name: make sure libvirt services are disabled service: - name: virtlogd.socket - state: started - enabled: yes - when: enable_package_install + name: "{{ item }}" + state: stopped + enabled: no + with_items: + - libvirtd.service + - virtlogd.socket + when: libvirt_installed.rc == 0 + metadata_settings: + get_attr: [NovaLibvirtBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable libvirtd service tags: step2 diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index 0a8a74cd..53ae7910 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -4,6 +4,12 @@ description: > OpenStack containerized Nova Metadata service parameters: + DockerNovaMetadataImage: + description: image + type: string + DockerNovaConfigImage: + description: The container image to use for the nova config_volume + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -33,6 +39,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaMetadataBase: type: ../../puppet/services/nova-metadata.yaml properties: @@ -56,9 +65,56 @@ outputs: service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: '' - puppet_tags: '' + config_volume: nova + puppet_tags: nova_config step_config: *step_config - config_image: '' - kolla_config: {} - docker_config: {} + config_image: {get_param: DockerNovaConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova_metadata.json: + command: /usr/bin/nova-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_2: + nova_init_logs: + image: &nova_metadata_image {get_param: DockerNovaMetadataImage} + privileged: false + user: root + volumes: + - /var/log/containers/nova:/var/log/nova + command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_4: + nova_metadata: + start_order: 2 + image: *nova_metadata_image + net: host + user: nova + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaMetadataBase, role_data, metadata_settings] + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_api service + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index d784ace3..26d17560 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,6 +111,16 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index c6a80efa..c2117c04 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -76,7 +76,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderBackupImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -102,10 +108,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_backup_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'" + params: + CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage} + CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest + image: {get_param: DockerCinderBackupImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_backup_init_logs: start_order: 0 - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -129,7 +158,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 3c1b7a74..a4f69517 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -69,7 +69,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderVolumeImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -93,10 +99,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_volume_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'" + params: + CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage} + CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest + image: {get_param: DockerCinderVolumeImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_volume_init_logs: start_order: 0 - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -120,7 +149,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index f12852f8..3de1696d 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -32,6 +32,9 @@ parameters: type: string hidden: true default: '' + MysqlClustercheckPassword: + type: string + hidden: true RoleName: default: '' description: Role name on which the service is applied @@ -40,6 +43,14 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -56,6 +67,10 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: role_data: description: Containerized service MySQL using composable services. @@ -64,7 +79,13 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerMysqlImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 tripleo.mysql.firewall_rules: '104 mysql galera-bundle': @@ -76,6 +97,13 @@ outputs: - 4567 - 4568 - 9200 + - + if: + - internal_tls_enabled + - + tripleo::profile::pacemaker::database::mysql_bundle::ca_file: + get_param: InternalTLSCAFile + - {} step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -100,12 +128,26 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + perm: '0600' + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + perm: '0600' + optional: true docker_config: step_1: mysql_data_ownership: start_order: 0 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host user: root # Kolla does only non-recursive chown @@ -115,10 +157,22 @@ outputs: mysql_bootstrap: start_order: 1 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ec' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -131,6 +185,12 @@ outputs: - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 + - + list_join: + - '=' + - - 'DB_CLUSTERCHECK_PASSWORD' + - {get_param: MysqlClustercheckPassword} - list_join: - '=' @@ -142,6 +202,28 @@ outputs: passwords: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_image_tag: + start_order: 2 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'" + params: + MYSQL_IMAGE: {get_param: DockerMysqlImage} + MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest + image: {get_param: DockerMysqlImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: mysql_init_bundle: start_order: 1 @@ -160,7 +242,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' - image: *mysql_image + image: {get_param: DockerMysqlImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -174,6 +256,8 @@ outputs: file: path: /var/lib/mysql state: directory + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common @@ -199,3 +283,9 @@ outputs: - name: Disable mysql service tags: step2 service: name=mariadb enabled=no + - name: Remove clustercheck service from xinetd + tags: step2 + file: state=absent path=/etc/xinetd.d/galera-monitor + - name: Restart xinetd service after clustercheck removal + tags: step2 + service: name=xinetd state=restarted diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 75b6d650..0b8aa046 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -60,7 +60,13 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRedisImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 tripleo.redis.firewall_rules: '108 redis-bundle': @@ -104,6 +110,29 @@ outputs: owner: redis:redis recurse: true docker_config: + step_1: + redis_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'" + params: + REDIS_IMAGE: {get_param: DockerRedisImage} + REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest + image: {get_param: DockerRedisImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: redis_init_bundle: start_order: 2 diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 24155912..2e5c7424 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -41,6 +41,22 @@ parameters: default: {} description: Parameters specific to the role type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + InternalTLSCRLPEMFile: + default: '/etc/pki/CA/crl/overcloud-crl.pem' + type: string + description: Specifies the default CRL PEM file to use for revocation if + TLS is used for services in the internal network. + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -65,6 +81,24 @@ outputs: - tripleo::haproxy::haproxy_daemon: false haproxy_docker: true tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} + # the list of directories that contain the certs to bind mount in the countainer + # bind-mounting the directories rather than all the cert, key and pem files ensures + # that docker won't create directories on the host when then pem files do not exist + tripleo::profile::pacemaker::haproxy_bundle::tls_mapping: &tls_mapping + - get_param: InternalTLSCAFile + - get_param: HAProxyInternalTLSKeysDirectory + - get_param: HAProxyInternalTLSCertsDirectory + tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory} + tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory} + # disable the use CRL file until we can restart the container when the file expires + tripleo::haproxy::crl_file: null + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerHAProxyImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -80,11 +114,9 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - - list_join: - - ':' - - - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath} - - 'ro' + yaql: + expression: $.data.select($+":"+$+":ro") + data: *tls_mapping kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -94,7 +126,53 @@ outputs: merge: true preserve_properties: true optional: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/*' + owner: haproxy:haproxy + perm: '0600' + optional: true + - path: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/*' + owner: haproxy:haproxy + perm: '0600' + optional: true docker_config: + step_1: + haproxy_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'" + params: + HAPROXY_IMAGE: {get_param: DockerHAProxyImage} + HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest + image: {get_param: DockerHAProxyImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + image: {get_param: DockerHAProxyImage} step_2: haproxy_init_bundle: start_order: 3 @@ -118,7 +196,7 @@ outputs: - ';' - - 'include ::tripleo::profile::base::pacemaker' - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - image: *haproxy_image + image: {get_param: DockerHAProxyImage} volumes: list_concat: - *deployed_cert_mount diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..c88737aa --- /dev/null +++ b/docker/services/pacemaker/manila-share.yaml @@ -0,0 +1,171 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerManilaShareImage: + description: image + type: string + DockerManilaConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + + ManilaBase: + type: ../../../puppet/services/pacemaker/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerManilaShareImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' + manila::share::manage_service: false + manila::share::enabled: false + manila::host: hostgroup + step_config: "" + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config,file,concat,file_line + step_config: + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerManilaConfigImage} + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_1: + manila_share_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'" + params: + MANILASHARE_IMAGE: {get_param: DockerManilaShareImage} + MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + step_3: + manila_share_init_logs: + start_order: 0 + image: {get_param: DockerManilaShareImage} + privileged: false + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila'] + step_5: + manila_share_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle' + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/manila + - /var/lib/manila + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index de53ceee..ba1abaf9 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -62,7 +62,13 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.rabbitmq.firewall_rules: '109 rabbitmq-bundle': @@ -92,6 +98,11 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,13 +110,21 @@ outputs: - path: /var/log/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true # When using pacemaker we don't launch the container, instead that is done by pacemaker # itself. docker_config: step_1: rabbitmq_bootstrap: start_order: 0 - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} net: host privileged: false volumes: @@ -128,6 +147,28 @@ outputs: passwords: - {get_param: RabbitCookie} - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: rabbitmq_init_bundle: start_order: 0 @@ -146,7 +187,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -164,6 +205,8 @@ outputs: echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 01c17388..626d9176 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -116,6 +116,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - /var/log/containers/panko:/var/log/panko command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'" diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 418c60d2..add78879 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -40,6 +40,18 @@ parameters: type: string default: '' hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -66,6 +78,10 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} step_config: &step_config list_join: - "\n" @@ -85,10 +101,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -115,6 +142,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -143,6 +181,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -155,6 +204,8 @@ outputs: volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 072c6759..b6fb4001 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -57,7 +57,7 @@ resources: type: ../../puppet/services/database/mysql-client.yaml ZaqarBase: - type: ../../puppet/services/zaqar.yaml + type: ../../puppet/services/zaqar-api.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} diff --git a/environments/ceph-ansible/ceph-mds.yaml b/environments/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..0834269c --- /dev/null +++ b/environments/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml diff --git a/environments/cinder-dellemc-unity-config.yaml b/environments/cinder-dellemc-unity-config.yaml new file mode 100644 index 00000000..c67c91cb --- /dev/null +++ b/environments/cinder-dellemc-unity-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC Unity backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCUnity: ../puppet/services/cinder-backend-dellemc-unity.yaml + +parameter_defaults: + CinderEnableDellEMCUnityBackend: true + CinderDellEMCUnityBackendName: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: '' + CinderDellEMCUnitySanLogin: 'Admin' + CinderDellEMCUnitySanPassword: '' + CinderDellEMCUnityStorageProtocol: 'iSCSI' + CinderDellEMCUnityIoPorts: '' + CinderDellEMCUnityStoragePoolNames: '' diff --git a/environments/composable-roles/monolithic-ha.yaml b/environments/composable-roles/monolithic-ha.yaml new file mode 100644 index 00000000..a1dcd7bf --- /dev/null +++ b/environments/composable-roles/monolithic-ha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an HA configuration with SSL everywhere and network +# isolation. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 3 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/monolithic-nonha.yaml b/environments/composable-roles/monolithic-nonha.yaml new file mode 100644 index 00000000..f49ddf2a --- /dev/null +++ b/environments/composable-roles/monolithic-nonha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller Non-HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an Non-HA configuration with SSL undercloud only and a +# flat network. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 1 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml new file mode 100644 index 00000000..3305c9ed --- /dev/null +++ b/environments/composable-roles/standalone.yaml @@ -0,0 +1,84 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Controller HA deployment with standalone Database, Messaging and Networker nodes. +# description: | +# A Heat environment that can be used to deploy controller, database, +# messaging, networker and compute services in an HA configuration with SSL +# everywhere and network isolation. +# This should be used with a roles_data.yaml containing the +# ControllerOpenstack, Database, Messaging, Networker, Compute and +# CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # Number of Database nodes + # Type: number + DatabaseCount: 3 + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # Number of Messaging nodes + # Type: number + MessagingCount: 3 + + # Number of Networker nodes + # Type: number + NetworkerCount: 2 + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + + # Name of the flavor for Database nodes + # Type: string + OvercloudDatabaseFlavor: db + + # Name of the flavor for Messaging nodes + # Type: string + OvercloudMessagingFlavor: messaging + + # Name of the flavor for Networker nodes + # Type: string + OvercloudNetworkerFlavor: networker + diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index eae809a5..dd1c5455 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder @@ -122,6 +123,7 @@ - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute @@ -149,6 +151,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd @@ -165,6 +168,7 @@ - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp @@ -184,6 +188,7 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone @@ -203,6 +208,7 @@ - OS::TripleO::Services::ContrailWebUI - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -217,6 +223,7 @@ - OS::TripleO::Services::ContrailAnalytics - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -230,6 +237,7 @@ - OS::TripleO::Services::ContrailAnalyticsDatabase - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -243,6 +251,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -256,6 +265,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml deleted file mode 100644 index 47f8e528..00000000 --- a/environments/docker-centos-tripleoupstream.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# Generated with the following on 2017-07-12T11:40:50.219622 -# -# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml -# - -parameter_defaults: - DockerAodhApiImage: tripleoupstream/centos-binary-aodh-api:latest - DockerAodhConfigImage: tripleoupstream/centos-binary-aodh-api:latest - DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest - DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest - DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest - DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest - DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest - DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest - DockerCeilometerIpmiImage: tripleoupstream/centos-binary-ceilometer-ipmi:latest - DockerCeilometerNotificationImage: tripleoupstream/centos-binary-ceilometer-notification:latest - DockerCinderApiImage: tripleoupstream/centos-binary-cinder-api:latest - DockerCinderBackupImage: tripleoupstream/centos-binary-cinder-backup:latest - DockerCinderConfigImage: tripleoupstream/centos-binary-cinder-api:latest - DockerCinderSchedulerImage: tripleoupstream/centos-binary-cinder-scheduler:latest - DockerCinderVolumeImage: tripleoupstream/centos-binary-cinder-volume:latest - DockerClustercheckConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerClustercheckImage: tripleoupstream/centos-binary-mariadb:latest - DockerCollectdConfigImage: tripleoupstream/centos-binary-collectd:latest - DockerCollectdImage: tripleoupstream/centos-binary-collectd:latest - DockerCongressApiImage: tripleoupstream/centos-binary-congress-api:latest - DockerCongressConfigImage: tripleoupstream/centos-binary-congress-api:latest - DockerEc2ApiConfigImage: tripleoupstream/centos-binary-ec2-api:latest - DockerEc2ApiImage: tripleoupstream/centos-binary-ec2-api:latest - DockerEtcdConfigImage: tripleoupstream/centos-binary-etcd:latest - DockerEtcdImage: tripleoupstream/centos-binary-etcd:latest - DockerGlanceApiConfigImage: tripleoupstream/centos-binary-glance-api:latest - DockerGlanceApiImage: tripleoupstream/centos-binary-glance-api:latest - DockerGnocchiApiImage: tripleoupstream/centos-binary-gnocchi-api:latest - DockerGnocchiConfigImage: tripleoupstream/centos-binary-gnocchi-api:latest - DockerGnocchiMetricdImage: tripleoupstream/centos-binary-gnocchi-metricd:latest - DockerGnocchiStatsdImage: tripleoupstream/centos-binary-gnocchi-statsd:latest - DockerHAProxyConfigImage: tripleoupstream/centos-binary-haproxy:latest - DockerHAProxyImage: tripleoupstream/centos-binary-haproxy:latest - DockerHeatApiCfnConfigImage: tripleoupstream/centos-binary-heat-api-cfn:latest - DockerHeatApiCfnImage: tripleoupstream/centos-binary-heat-api-cfn:latest - DockerHeatApiConfigImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatApiImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatConfigImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest - DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest - DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest - DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest - DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest - DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest - DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest - DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest - DockerIronicInspectorImage: tripleoupstream/centos-binary-ironic-inspector:latest - DockerIronicPxeImage: tripleoupstream/centos-binary-ironic-pxe:latest - DockerIscsidConfigImage: tripleoupstream/centos-binary-iscsid:latest - DockerIscsidImage: tripleoupstream/centos-binary-iscsid:latest - DockerKeystoneConfigImage: tripleoupstream/centos-binary-keystone:latest - DockerKeystoneImage: tripleoupstream/centos-binary-keystone:latest - DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest - DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest - DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest - DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest - DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest - DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest - DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest - DockerMistralConfigImage: tripleoupstream/centos-binary-mistral-api:latest - DockerMistralEngineImage: tripleoupstream/centos-binary-mistral-engine:latest - DockerMistralExecutorImage: tripleoupstream/centos-binary-mistral-executor:latest - DockerMongodbConfigImage: tripleoupstream/centos-binary-mongodb:latest - DockerMongodbImage: tripleoupstream/centos-binary-mongodb:latest - DockerMultipathdConfigImage: tripleoupstream/centos-binary-multipathd:latest - DockerMultipathdImage: tripleoupstream/centos-binary-multipathd:latest - DockerMysqlClientConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerMysqlConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerMysqlImage: tripleoupstream/centos-binary-mariadb:latest - DockerNeutronApiImage: tripleoupstream/centos-binary-neutron-server:latest - DockerNeutronConfigImage: tripleoupstream/centos-binary-neutron-server:latest - DockerNeutronDHCPImage: tripleoupstream/centos-binary-neutron-dhcp-agent:latest - DockerNeutronL3AgentImage: tripleoupstream/centos-binary-neutron-l3-agent:latest - DockerNeutronMetadataImage: tripleoupstream/centos-binary-neutron-metadata-agent:latest - DockerNovaApiImage: tripleoupstream/centos-binary-nova-api:latest - DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest - DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest - DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest - DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest - DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest - DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest - DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest - DockerNovaPlacementConfigImage: tripleoupstream/centos-binary-nova-placement-api:latest - DockerNovaPlacementImage: tripleoupstream/centos-binary-nova-placement-api:latest - DockerNovaSchedulerImage: tripleoupstream/centos-binary-nova-scheduler:latest - DockerNovaVncProxyImage: tripleoupstream/centos-binary-nova-novncproxy:latest - DockerOVNControllerConfigImage: tripleoupstream/centos-binary-ovn-controller:latest - DockerOVNControllerImage: tripleoupstream/centos-binary-ovn-controller:latest - DockerOVNNbDbImage: tripleoupstream/centos-binary-ovn-nb-db-server:latest - DockerOVNNorthdImage: tripleoupstream/centos-binary-ovn-northd:latest - DockerOVNSbDbImage: tripleoupstream/centos-binary-ovn-sb-db-server:latest - DockerOctaviaApiImage: tripleoupstream/centos-binary-octavia-api:latest - DockerOctaviaConfigImage: tripleoupstream/centos-binary-octavia-api:latest - DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest - DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest - DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest - DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest - DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest - DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest - DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest - DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest - DockerRabbitmqConfigImage: tripleoupstream/centos-binary-rabbitmq:latest - DockerRabbitmqImage: tripleoupstream/centos-binary-rabbitmq:latest - DockerRedisConfigImage: tripleoupstream/centos-binary-redis:latest - DockerRedisImage: tripleoupstream/centos-binary-redis:latest - DockerSaharaApiImage: tripleoupstream/centos-binary-sahara-api:latest - DockerSaharaConfigImage: tripleoupstream/centos-binary-sahara-api:latest - DockerSaharaEngineImage: tripleoupstream/centos-binary-sahara-engine:latest - DockerSensuClientImage: tripleoupstream/centos-binary-sensu-client:latest - DockerSensuConfigImage: tripleoupstream/centos-binary-sensu-client:latest - DockerSwiftAccountImage: tripleoupstream/centos-binary-swift-account:latest - DockerSwiftConfigImage: tripleoupstream/centos-binary-swift-proxy-server:latest - DockerSwiftContainerImage: tripleoupstream/centos-binary-swift-container:latest - DockerSwiftObjectImage: tripleoupstream/centos-binary-swift-object:latest - DockerSwiftProxyImage: tripleoupstream/centos-binary-swift-proxy-server:latest - DockerTackerConfigImage: tripleoupstream/centos-binary-tacker:latest - DockerTackerImage: tripleoupstream/centos-binary-tacker:latest - DockerZaqarConfigImage: tripleoupstream/centos-binary-zaqar:latest - DockerZaqarImage: tripleoupstream/centos-binary-zaqar:latest diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 474e9966..1e25a357 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -5,6 +5,8 @@ resource_registry: # Pacemaker runs on the host OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None # Services that are disabled for HA deployments with pacemaker OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 57cf2c5e..ba190e7c 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -1,11 +1,6 @@ # This environment contains the services that can work with TLS-everywhere. resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml OS::TripleO::Services::Docker: ../puppet/services/docker.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -14,28 +9,46 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml - OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml + OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml - OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml + OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml + OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml + OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml + OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml + OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml + OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 336a0b3c..dfa30b08 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,10 +1,4 @@ resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -22,6 +16,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml @@ -56,11 +51,9 @@ resource_registry: OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed. # OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 834c4f10..81044170 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty diff --git a/environments/ips-from-pool-all.yaml b/environments/ips-from-pool-all.yaml index 87563753..d4eccbcf 100644 --- a/environments/ips-from-pool-all.yaml +++ b/environments/ips-from-pool-all.yaml @@ -51,7 +51,7 @@ parameter_defaults: - 172.16.0.251 #management: #- 172.16.4.251 - NovaComputeIPs: + ComputeIPs: # Each compute will get an IP from the lists below, first compute, first IP internal_api: - 172.16.2.252 diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml index 20340c78..888e2705 100644 --- a/environments/major-upgrade-composable-steps-docker.yaml +++ b/environments/major-upgrade-composable-steps-docker.yaml @@ -1,8 +1,5 @@ resource_registry: - # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to - # enable docker specific logic, or is just overridding PostUpgradeSteps - # enough (as we want to share the ansible tasks steps etc) - OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: UPGRADE diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 5a695171..db83f906 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -1,5 +1,5 @@ resource_registry: - OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml parameter_defaults: EnableConfigPurge: true StackUpdateType: UPGRADE diff --git a/environments/major-upgrade-converge-docker.yaml b/environments/major-upgrade-converge-docker.yaml index 163d1de4..668f8a94 100644 --- a/environments/major-upgrade-converge-docker.yaml +++ b/environments/major-upgrade-converge-docker.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml index d222fb86..668f8a94 100644 --- a/environments/major-upgrade-converge.yaml +++ b/environments/major-upgrade-converge.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../puppet/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml new file mode 100644 index 00000000..bb27ee43 --- /dev/null +++ b/environments/network-isolation-v6.j2.yaml @@ -0,0 +1,58 @@ +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + {%- if network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- else %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endif %} + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.enabled|default(true) %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- else %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{%- endfor %} + + +parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. + MongoDbIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml deleted file mode 100644 index 11ca5b31..00000000 --- a/environments/network-isolation-v6.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Enable the creation of IPv6 Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. -resource_registry: - OS::TripleO::Network::External: ../network/external_v6.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml - OS::TripleO::Network::Storage: ../network/storage_v6.yaml - # IPv4 until OVS and Neutron support IPv6 tunnel endpoints - OS::TripleO::Network::Tenant: ../network/tenant.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - -parameter_defaults: - # Enable IPv6 for Ceph. - CephIPv6: True - # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. - CorosyncIPv6: True - # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. - MongoDbIPv6: True - # Enable various IPv6 features in Nova. - NovaIPv6: True - # Enable IPv6 environment for RabbitMQ. - RabbitIPv6: true - # Enable IPv6 environment for Memcached. - MemcachedIPv6: true diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml index 812e84f3..59056217 100644 --- a/environments/network-management-v6.yaml +++ b/environments/network-management-v6.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml +# and define the needed networks in your custom role file. +# ****************************************************************************** # Enable the creation of an IPv6 system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 041617be..5f50bb15 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -1,3 +1,7 @@ +# *************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml +# and define the needed networks in your custom role file. +# *************************************************************************** # Enable the creation of a system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 601554a1..ce64311b 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -1,13 +1,13 @@ # A Heat environment file which can be used to enable a # a Neutron Nuage backend on the controller, configured via puppet resource_registry: + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage - OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage parameter_defaults: NeutronNuageNetPartitionName: 'default_name' @@ -18,9 +18,18 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' - NeutronEnableDHCPAgent: false - NeutronServicePlugins: [] - NovaOVSBridge: 'alubr0' - controllerExtraConfig: + NeutronServicePlugins: '' + NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini' + NeutronTypeDrivers: '' + NeutronNetworkType: '' + NeutronMechanismDrivers: '' + NeutronPluginExtensions: '' + NeutronFlatNetworks: '' + NeutronTunnelIdRanges: '' + NeutronNetworkVLANRanges: '' + NeutronVniRanges: '' + NovaOVSBridge: 'default_bridge' + NeutronMetadataProxySharedSecret: 'default' + InstanceNameTemplate: 'inst-%08x' + ControllerExtraConfig: neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/' diff --git a/environments/neutron-opendaylight-sriov.yaml b/environments/neutron-opendaylight-sriov.yaml new file mode 100644 index 00000000..5c0a0350 --- /dev/null +++ b/environments/neutron-opendaylight-sriov.yaml @@ -0,0 +1,28 @@ +# A Heat environment that can be used to deploy OpenDaylight with SRIOV +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2'] + NeutronServicePlugins: 'odl-router_v2,trunk' + + # Add PciPassthroughFilter to the scheduler default filters + #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] + + #NeutronPhysicalDevMappings: "datacentre:ens20f2" + + # Number of VFs that needs to be configured for a physical interface + #NeutronSriovNumVFs: "ens20f2:5" + + #NovaPCIPassthrough: + # - devname: "ens20f2" + # physical_network: "datacentre" diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml index 5e9e15e3..591e2260 100755 --- a/environments/neutron-sriov.yaml +++ b/environments/neutron-sriov.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml parameter_defaults: - NeutronMechanismDrivers: ['openvswitch','sriovnicswitch'] + NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch'] # Add PciPassthroughFilter to the scheduler default filters #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml index 56c64d15..5e75ed9e 100644 --- a/environments/nova-nuage-config.yaml +++ b/environments/nova-nuage-config.yaml @@ -2,7 +2,13 @@ # Nuage backend on the compute, configured via puppet resource_registry: OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NuageActiveController: '0.0.0.0' NuageStandbyController: '0.0.0.0' + NovaOVSBridge: 'default_bridge' + NovaComputeLibvirtType: 'default_type' + NovaIPv6: False + NuageMetadataProxySharedSecret: 'default' + NuageNovaApiEndpoint: 'default_endpoint' diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml new file mode 100644 index 00000000..aacb677a --- /dev/null +++ b/environments/predictable-placement/custom-domain.yaml @@ -0,0 +1,35 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Custom Domain Name +# description: | +# This environment contains the parameters that need to be set in order to +# use a custom domain name and have all of the various FQDNs reflect it. +parameter_defaults: + # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. + # Type: string + CloudDomain: localdomain + + # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + # Type: string + CloudName: overcloud.localdomain + + # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. + # Type: string + CloudNameCtlplane: overcloud.ctlplane.localdomain + + # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'. + # Type: string + CloudNameInternal: overcloud.internalapi.localdomain + + # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'. + # Type: string + CloudNameStorage: overcloud.storage.localdomain + + # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'. + # Type: string + CloudNameStorageManagement: overcloud.storagemgmt.localdomain + diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 2f577c26..7718b821 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -1,5 +1,5 @@ # ****************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml +# DEPRECATED: Use tripleo-heat-templates/environments/storage/external-ceph.yaml # instead. # ****************************************************************************** # A Heat environment file which can be used to enable the diff --git a/environments/services-docker/ironic.yaml b/environments/services-docker/ironic.yaml index e927ecb3..d98ca1d4 100644 --- a/environments/services-docker/ironic.yaml +++ b/environments/services-docker/ironic.yaml @@ -3,3 +3,5 @@ resource_registry: OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml +parameter_defaults: + NovaSchedulerDiscoverHostsInCellsInterval: 15 diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml index e501b69c..f57582c2 100644 --- a/environments/services/zaqar.yaml +++ b/environments/services/zaqar.yaml @@ -1,3 +1,3 @@ resource_registry: - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml index f1c9d516..0f2d0396 100644 --- a/environments/storage/external-ceph.yaml +++ b/environments/storage/external-ceph.yaml @@ -13,7 +13,7 @@ parameter_defaults: # Type: string CephAdminKey: '' - # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. # Mandatory. This parameter must be set by the user. # Type: string CephClientKey: <None> diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.j2.yaml index 59b8e7f5..b18dba66 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.j2.yaml @@ -5,35 +5,43 @@ parameters: RoleData: type: json description: the list containing the 'role_data' output for the ServiceChain - - # Coming from parameter_defaults +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName CloudName: default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal CloudNameInternal: - default: overcloud.internalapi.localdomain + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's internal API endpoint. E.g. - 'ci-overcloud.internalapi.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorage: - default: overcloud.storage.localdomain +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + CloudNameStorageManagement: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage endpoint. E.g. - 'ci-overcloud.storage.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorageManagement: - default: overcloud.storagemgmt.localdomain +{%- else %} + CloudName{{network.name}}: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.storagemgmt.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string +{%- endif %} +{%- endfor %} CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string resources: @@ -61,10 +69,17 @@ resources: data: metadata: {get_attr: [IncomingMetadataSettings, value]} fqdns: +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} external: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} internal_api: {get_param: CloudNameInternal} - storage: {get_param: CloudNameStorage} +{%- elif network.name == 'StorageMgmt' %} storage_mgmt: {get_param: CloudNameStorageManagement} +{%- else %} + {{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} ctlplane: {get_param: CloudNameCtlplane} CompactServices: @@ -82,3 +97,4 @@ outputs: map_merge: - {get_attr: [IndividualServices, value]} - compact_services: {get_attr: [CompactServices, value]} + diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..b9fd08b4 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,22 +59,31 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. + DeleteOnRHELUnregistration: + type: boolean + default: false + description: | + When true, the system profile will be deleted from the registration + service when the rhel-registration.yaml nested stack is deleted. conditions: - deployment_actions_empty: + unregister_on_delete: equals: - - {get_param: deployment_actions} - - [] + - {get_param: DeleteOnRHELUnregistration} + - true + update_requested: + equals: + - {get_param: UpdateOnRHELRegistration} + - true resources: + DeploymentActions: + type: OS::Heat::Value + properties: + value: + yaql + RHELRegistration: type: OS::Heat::SoftwareConfig properties: @@ -151,9 +160,9 @@ resources: config: {get_resource: RHELUnregistration} actions: if: - - deployment_actions_empty + - unregister_on_delete + - ['DELETE'] - [] - - ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -180,17 +189,12 @@ resources: UpdateDeploymentAfterRHELRegistration: type: OS::Heat::SoftwareDeployment depends_on: RHELRegistrationDeployment - conditions: - update_requested: {get_param: UpdateOnRHELRegistration} + condition: update_requested properties: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index d14ed73f..487857ef 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -235,11 +235,25 @@ case "${REG_METHOD:-}" in if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # Delete the /etc/rhsm/facts directory entirely so that the + # %post script from katello-ca-consumer does not override the + # hostname with $(hostname -f) if there is no fqdn set + fqdn=$(hostname -f) + if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then + rm -rf /etc/rhsm/facts + fi + rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # recreate the facts dir just in case we rm'd it earlier + mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index af49d49d..baf838e4 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -55,6 +55,9 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Stop and disable libvirtd service for upgrade to containers" systemctl stop libvirtd systemctl disable libvirtd + log_debug "Stop and disable openstack-nova-compute for upgrade to containers" + systemctl stop openstack-nova-compute + systemctl disable openstack-nova-compute fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/firstboot/userdata_example.yaml b/firstboot/userdata_example.yaml index 2f03c83b..32da7eda 100644 --- a/firstboot/userdata_example.yaml +++ b/firstboot/userdata_example.yaml @@ -42,10 +42,9 @@ resources: str_replace: template: | #!/bin/bash - curl http://169.254.169.254/openstack/2012-08-10/meta_data.json -o /root/meta_data.json mkdir -p /home/$user/.ssh chmod 700 /home/$user/.ssh - cat /root/meta_data.json | jq -r ".keys[0].data" > /home/$user/.ssh/authorized_keys + os-apply-config --key public-keys.0.openssh-key --type raw > /home/$user/.ssh/authorized_keys chmod 600 /home/$user/.ssh/authorized_keys chown -R $user:$user /home/$user/.ssh params: diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 356068fc..74fb3bb1 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -1,46 +1,13 @@ # This template specifies which j2 rendered templates # should be excluded in the render process from # tripleo-common/tripleo_common/actions/templates.py - +# E.g: +# name: +# - puppet/cephstorage-role.yaml name: - - puppet/controller-role.yaml - - puppet/compute-role.yaml - - puppet/blockstorage-role.yaml - - puppet/objectstorage-role.yaml - - puppet/cephstorage-role.yaml - - network/internal_api.yaml - - network/external.yaml - - network/storage.yaml - - network/storage_mgmt.yaml - - network/tenant.yaml - - network/management.yaml - network/internal_api_v6.yaml - network/external_v6.yaml - network/storage_v6.yaml - network/storage_mgmt_v6.yaml - network/tenant_v6.yaml - network/management_v6.yaml - - network/ports/internal_api.yaml - - network/ports/external.yaml - - network/ports/storage.yaml - - network/ports/storage_mgmt.yaml - - network/ports/tenant.yaml - - network/ports/management.yaml - - network/ports/internal_api_v6.yaml - - network/ports/external_v6.yaml - - network/ports/storage_v6.yaml - - network/ports/storage_mgmt_v6.yaml - - network/ports/tenant_v6.yaml - - network/ports/management_v6.yaml - - network/ports/internal_api_from_pool.yaml - - network/ports/external_from_pool.yaml - - network/ports/storage_from_pool.yaml - - network/ports/storage_mgmt_from_pool.yaml - - network/ports/tenant_from_pool.yaml - - network/ports/management_from_pool.yaml - - network/ports/internal_api_from_pool_v6.yaml - - network/ports/external_from_pool_v6.yaml - - network/ports/storage_from_pool_v6.yaml - - network/ports/storage_mgmt_from_pool_v6.yaml - - network/ports/tenant_from_pool_v6.yaml - - network/ports/management_from_pool_v6.yaml diff --git a/net-config-bond.yaml b/net-config-bond.yaml index 95b47455..8a97c854 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -22,7 +22,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -30,7 +30,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index 29646ab5..0668245d 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index 6c44e60e..3964341a 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-noop.yaml b/net-config-noop.yaml index 57f1a197..bdfda577 100644 --- a/net-config-noop.yaml +++ b/net-config-noop.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index cbf282ea..0e0d5900 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index c778bd81..e3e930d5 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static.yaml b/net-config-static.yaml index e864be03..02e2fe65 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-undercloud.yaml b/net-config-undercloud.yaml index 881fbfd7..df02833a 100644 --- a/net-config-undercloud.yaml +++ b/net-config-undercloud.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 9683456a..bd15a189 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index 3ad6d653..4ea3c470 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index 095c4973..5def1ca9 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 882402af..2acbc877 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 4901f94d..55603518 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 33c6fa65..69ab7539 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -14,7 +14,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -22,7 +22,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 100821b7..70e41eb6 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/networker.yaml b/network/config/bond-with-vlans/networker.yaml index aa6e9da6..45994c72 100644 --- a/network/config/bond-with-vlans/networker.yaml +++ b/network/config/bond-with-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index 0ede081f..c31bf225 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/contrail/contrail-nic-config-compute.yaml b/network/config/contrail/contrail-nic-config-compute.yaml index a5f0ecab..5f9e9198 100644 --- a/network/config/contrail/contrail-nic-config-compute.yaml +++ b/network/config/contrail/contrail-nic-config-compute.yaml @@ -16,7 +16,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string InternalApiDefaultRoute: # Not used by default in this template default: '10.0.0.1' @@ -28,7 +28,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/contrail/contrail-nic-config.yaml b/network/config/contrail/contrail-nic-config.yaml index 595f34d1..fb78caca 100644 --- a/network/config/contrail/contrail-nic-config.yaml +++ b/network/config/contrail/contrail-nic-config.yaml @@ -16,7 +16,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string InternalApiDefaultRoute: # Not used by default in this template default: '10.0.0.1' @@ -28,7 +28,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index 3cc4361f..8448f84f 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index fa7d49e3..57882e22 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml index a7939125..562a63d9 100644 --- a/network/config/multiple-nics/compute-dvr.yaml +++ b/network/config/multiple-nics/compute-dvr.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index d1dc06a3..febfed0c 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index 477eeaae..17544f22 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 59f16b93..7d9dbe7a 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/networker.yaml b/network/config/multiple-nics/networker.yaml index b251fb9c..abee66ca 100644 --- a/network/config/multiple-nics/networker.yaml +++ b/network/config/multiple-nics/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 180f553f..cf547918 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index 6685f2bc..b22f633a 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index ecc57ad5..1c5a8c9a 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index a637ef00..f4fd5fba 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index d4058078..44fc961c 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index a52a8b84..0a54145a 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/networker.yaml b/network/config/single-nic-linux-bridge-vlans/networker.yaml index b1733dec..7dd48944 100644 --- a/network/config/single-nic-linux-bridge-vlans/networker.yaml +++ b/network/config/single-nic-linux-bridge-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index ad154fad..2649391f 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 790e8a7d..ebcc721c 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index 6dee3bee..d2548e4e 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index d2559d2c..78814af1 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index d26de321..1dc9a6f3 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index 8f68760f..f1055ae3 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index 8530118f..171fcf5d 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/networker.yaml b/network/config/single-nic-vlans/networker.yaml index 54a17e46..2502984a 100644 --- a/network/config/single-nic-vlans/networker.yaml +++ b/network/config/single-nic-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index b4587e04..99ab66c1 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/external.yaml b/network/external.yaml deleted file mode 100644 index 8dbe3e20..00000000 --- a/network/external.yaml +++ /dev/null @@ -1,69 +0,0 @@ -heat_template_version: pike - -description: > - External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ExternalNetCidr: - default: '10.0.0.0/24' - description: Cidr for the external network. - type: string - ExternalNetValueSpecs: - default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'} - description: Value specs for the external network. - type: json - ExternalNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ExternalNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - ExternalNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ExternalNetName: - default: external - description: The name of the external network. - type: string - ExternalSubnetName: - default: external_subnet - description: The name of the external subnet in Neutron. - type: string - ExternalAllocationPools: - default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] - description: Ip allocation pool range for the external network. - type: json - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string - -resources: - ExternalNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ExternalNetAdminStateUp} - name: {get_param: ExternalNetName} - shared: {get_param: ExternalNetShared} - value_specs: {get_param: ExternalNetValueSpecs} - - ExternalSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: ExternalNetCidr} - enable_dhcp: {get_param: ExternalNetEnableDHCP} - name: {get_param: ExternalSubnetName} - network: {get_resource: ExternalNetwork} - allocation_pools: {get_param: ExternalAllocationPools} - gateway_ip: {get_param: ExternalInterfaceDefaultRoute} - -outputs: - OS::stack_id: - description: Neutron external network - value: {get_resource: ExternalNetwork} - subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} diff --git a/network/external_v6.yaml b/network/external_v6.yaml index 3266932a..9d1c3d00 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -73,4 +73,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api.yaml b/network/internal_api.yaml deleted file mode 100644 index 7ff0dafd..00000000 --- a/network/internal_api.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Internal API network. Used for most APIs, Database, RPC. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - InternalApiNetCidr: - default: '172.16.2.0/24' - description: Cidr for the internal API network. - type: string - InternalApiNetValueSpecs: - default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} - description: Value specs for the internal API network. - type: json - InternalApiNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - InternalApiNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - InternalApiNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - InternalApiNetName: - default: internal_api - description: The name of the internal API network. - type: string - InternalApiSubnetName: - default: internal_api_subnet - description: The name of the internal API subnet in Neutron. - type: string - InternalApiAllocationPools: - default: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] - description: Ip allocation pool range for the internal API network. - type: json - -resources: - InternalApiNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: InternalApiNetAdminStateUp} - name: {get_param: InternalApiNetName} - shared: {get_param: InternalApiNetShared} - value_specs: {get_param: InternalApiNetValueSpecs} - - InternalApiSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: InternalApiNetCidr} - enable_dhcp: {get_param: InternalApiNetEnableDHCP} - name: {get_param: InternalApiSubnetName} - network: {get_resource: InternalApiNetwork} - allocation_pools: {get_param: InternalApiAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron internal network - value: {get_resource: InternalApiNetwork} - subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 0688f138..6a0912e2 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -8,11 +8,11 @@ parameters: InternalApiNetCidr: # OpenStack uses the EUI-64 address format, which requires a /64 prefix default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal API network. + description: Cidr for the internal_api network. type: string InternalApiNetValueSpecs: default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} - description: Value specs for the internal API network. + description: Value specs for the internal_api network. type: json InternalApiNetAdminStateUp: default: false @@ -24,15 +24,15 @@ parameters: type: boolean InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string InternalApiSubnetName: default: internal_api_subnet - description: The name of the internal API subnet in Neutron. + description: The name of the internal_api subnet in Neutron. type: string InternalApiAllocationPools: default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the internal API network. + description: Ip allocation pool range for the internal_api network. type: json IPv6AddressMode: default: dhcpv6-stateful @@ -69,4 +69,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/management.yaml b/network/management.yaml deleted file mode 100644 index f54794c3..00000000 --- a/network/management.yaml +++ /dev/null @@ -1,70 +0,0 @@ -heat_template_version: pike - -description: > - Management network. System administration, SSH, DNS, NTP, etc. This network - would usually be the default gateway for the non-controller nodes. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ManagementNetCidr: - default: '10.0.1.0/24' - description: Cidr for the management network. - type: string - ManagementNetValueSpecs: - default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} - description: Value specs for the management network. - type: json - ManagementNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ManagementNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - ManagementNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ManagementNetName: - default: management - description: The name of the management network. - type: string - ManagementSubnetName: - default: management_subnet - description: The name of the management subnet in Neutron. - type: string - ManagementAllocationPools: - default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] - description: Ip allocation pool range for the management network. - type: json - ManagementInterfaceDefaultRoute: - default: null - description: The default route of the management network. - type: string - -resources: - ManagementNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ManagementNetAdminStateUp} - name: {get_param: ManagementNetName} - shared: {get_param: ManagementNetShared} - value_specs: {get_param: ManagementNetValueSpecs} - - ManagementSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: ManagementNetCidr} - enable_dhcp: {get_param: ManagementNetEnableDHCP} - name: {get_param: ManagementSubnetName} - network: {get_resource: ManagementNetwork} - allocation_pools: {get_param: ManagementAllocationPools} - gateway_ip: {get_param: ManagementInterfaceDefaultRoute} - -outputs: - OS::stack_id: - description: Neutron management network - value: {get_resource: ManagementNetwork} - subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} diff --git a/network/management_v6.yaml b/network/management_v6.yaml index bf715513..2eb8c876 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -68,4 +68,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml index 2c223c16..29d58cd5 100644 --- a/network/network.network.j2.yaml +++ b/network/network.network.j2.yaml @@ -15,7 +15,7 @@ parameters: type: json {{network.name}}NetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean {{network.name}}NetEnableDHCP: default: false @@ -27,7 +27,7 @@ parameters: type: boolean {{network.name}}NetName: default: {{network.name_lower}} - description: The name of the {{network.name_lower}} network. + description: The name of the {{network.name_lower}} network. type: string {{network.name}}SubnetName: default: {{network.name_lower}}_subnet @@ -38,7 +38,7 @@ parameters: description: Ip allocation pool range for the {{network.name_lower}} network. type: json {{network.name}}InterfaceDefaultRoute: - default: {{network.gateway_ip|default("not_defined")}} + default: {{network.gateway_ip|default('""')}} description: default route for the {{network.name_lower}} network type: string {%- if network.vlan %} @@ -88,5 +88,4 @@ outputs: description: {{network.name_lower}} network value: {get_resource: {{network.name}}Network} subnet_cidr: - value: {get_attr: {{network.name}}Subnet, cidr} - + value: {get_attr: [{{network.name}}Subnet, cidr]} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index c790d370..48c509df 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -3,9 +3,9 @@ heat_template_version: pike description: Create networks to split out Overcloud traffic resources: - {%- for network in networks %} - {{network.name}}Network: + {%- set network_name = network.compat_name|default(network.name) %} + {{network_name}}Network: type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -19,8 +19,9 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} + {%- set network_name = network.compat_name|default(network.name) %} {{network.name_lower}}: yaql: - data: {get_attr: [{{network.name}}Network, subnet_cidr]} + data: {get_attr: [{{network_name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index bb54ca62..f874c30d 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -9,8 +9,8 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: - description: # Here for compatibility with isolated networks + NetworkName: # Here for compatibility with isolated networks + description: Name of the network where the VIP will be created default: ctlplane type: string PortName: diff --git a/network/ports/external.yaml b/network/ports/external.yaml deleted file mode 100644 index a02cc284..00000000 --- a/network/ports/external.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the external network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ExternalNetName: - description: Name of the external neutron network - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ExternalPort: - type: OS::Neutron::Port - properties: - network: {get_param: ExternalNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: external network IP (for compatibility with external_v6.yaml) - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml deleted file mode 100644 index d2610c69..00000000 --- a/network/ports/external_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ExternalNetName: - description: Name of the external network - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '10.0.0.0/24' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml deleted file mode 100644 index e5fe8d71..00000000 --- a/network/ports/external_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ExternalNetName: - description: Name of the external network - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '2001:db8:fd00:1000::/64' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml deleted file mode 100644 index f258080a..00000000 --- a/network/ports/internal_api.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: Name of the internal API neutron network - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml deleted file mode 100644 index cb87fd54..00000000 --- a/network/ports/internal_api_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - InternalApiNetName: - description: Name of the internal API network - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: '172.16.2.0/24' - description: Cidr for the internal API network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml deleted file mode 100644 index 12a0731b..00000000 --- a/network/ports/internal_api_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - InternalApiNetName: - description: Name of the internal API network - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal API network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml deleted file mode 100644 index 46e6e187..00000000 --- a/network/ports/internal_api_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: Name of the internal API neutron network - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: internal api network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management.yaml b/network/ports/management.yaml deleted file mode 100644 index dd62033b..00000000 --- a/network/ports/management.yaml +++ /dev/null @@ -1,49 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: Name of the management neutron network - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml deleted file mode 100644 index 188be68c..00000000 --- a/network/ports/management_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ManagementNetName: - description: Name of the management network - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: '172.16.4.0/24' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml deleted file mode 100644 index b5d44259..00000000 --- a/network/ports/management_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ManagementNetName: - description: Name of the management network - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: 'fd00:fd00:fd00:6000::/64' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml deleted file mode 100644 index 977502a8..00000000 --- a/network/ports/management_v6.yaml +++ /dev/null @@ -1,54 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: Name of the management neutron network - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.j2.yaml index a9111ed9..e929ab2c 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.j2.yaml @@ -4,24 +4,11 @@ parameters: ControlPlaneIpList: default: [] type: comma_delimited_list - ExternalIpList: - default: [] - type: comma_delimited_list - InternalApiIpList: - default: [] - type: comma_delimited_list - StorageIpList: - default: [] - type: comma_delimited_list - StorageMgmtIpList: - default: [] - type: comma_delimited_list - TenantIpList: - default: [] - type: comma_delimited_list - ManagementIpList: +{%- for network in networks %} + {{network.name}}IpList: default: [] type: comma_delimited_list +{%- endfor %} EnabledServices: default: [] type: comma_delimited_list @@ -37,7 +24,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -53,12 +40,17 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant description: The name of the tenant network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string +{%- endfor %} resources: @@ -91,19 +83,13 @@ resources: value: map_replace: - ctlplane: {get_param: ControlPlaneIpList} - external: {get_param: ExternalIpList} - internal_api: {get_param: InternalApiIpList} - storage: {get_param: StorageIpList} - storage_mgmt: {get_param: StorageMgmtIpList} - tenant: {get_param: TenantIpList} - management: {get_param: ManagementIpList} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}IpList} +{%- endfor %} - keys: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} outputs: net_ip_map: diff --git a/network/ports/net_ip_map.j2.yaml b/network/ports/net_ip_map.j2.yaml new file mode 100644 index 00000000..f01d624a --- /dev/null +++ b/network/ports/net_ip_map.j2.yaml @@ -0,0 +1,81 @@ +heat_template_version: pike + +parameters: + ControlPlaneIp: + default: '' + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string +{%- for network in networks %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpSubnet: + description: 'IP address/subnet on the {{network.name_lower}} network' + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string +{%- endfor %} + +resources: + + NetIpMapValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - ctlplane: {get_param: ControlPlaneIp} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}Ip} +{%- endfor %} + ctlplane_subnet: + list_join: + - '' + - - {get_param: ControlPlaneIp} + - '/' + - {get_param: ControlPlaneSubnetCidr} +{%- for network in networks %} + {{network.name_lower}}_subnet: {get_param: {{network.name}}IpSubnet} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIp} +{%- for network in networks %} + {{network.name_lower}}_uri: {get_param: {{network.name}}IpUri} +{%- endfor %} + - keys: +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} +{%- for network in networks %} + {{network.name_lower}}_subnet: + str_replace: + template: NAME_subnet + params: + NAME: {get_param: {{network.name}}NetName} +{%- endfor %} +{%- for network in networks %} + {{network.name_lower}}_uri: + str_replace: + template: NAME_uri + params: + NAME: {get_param: {{network.name}}NetName} +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: {get_attr: [NetIpMapValue, value]} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml deleted file mode 100644 index a6971b0f..00000000 --- a/network/ports/net_ip_map.yaml +++ /dev/null @@ -1,205 +0,0 @@ -heat_template_version: pike - -parameters: - ControlPlaneIp: - default: '' - type: string - ControlPlaneSubnetCidr: # Override this via parameter_defaults - default: '24' - description: The subnet CIDR of the control plane network. - type: string - ExternalIp: - default: '' - type: string - ExternalIpSubnet: - default: '' - type: string - ExternalIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - InternalApiIp: - default: '' - type: string - InternalApiIpSubnet: - default: '' - type: string - InternalApiIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageIp: - default: '' - type: string - StorageIpSubnet: - default: '' - type: string - StorageIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpSubnet: - default: '' - type: string - StorageMgmtIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - TenantIp: - default: '' - type: string - TenantIpSubnet: - default: '' - type: string - TenantIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - ManagementIp: - default: '' - type: string - ManagementIpSubnet: - default: '' - type: string - description: IP address/subnet on the management network - ManagementIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - - InternalApiNetName: - default: internal_api - description: The name of the internal API network. - type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the Storage management network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - -resources: - - NetIpMapValue: - type: OS::Heat::Value - properties: - type: json - value: - map_replace: - - ctlplane: {get_param: ControlPlaneIp} - external: {get_param: ExternalIp} - internal_api: {get_param: InternalApiIp} - storage: {get_param: StorageIp} - storage_mgmt: {get_param: StorageMgmtIp} - tenant: {get_param: TenantIp} - management: {get_param: ManagementIp} - ctlplane_subnet: - list_join: - - '' - - - {get_param: ControlPlaneIp} - - '/' - - {get_param: ControlPlaneSubnetCidr} - external_subnet: {get_param: ExternalIpSubnet} - internal_api_subnet: {get_param: InternalApiIpSubnet} - storage_subnet: {get_param: StorageIpSubnet} - storage_mgmt_subnet: {get_param: StorageMgmtIpSubnet} - tenant_subnet: {get_param: TenantIpSubnet} - management_subnet: {get_param: ManagementIpSubnet} - ctlplane_uri: {get_param: ControlPlaneIp} - external_uri: {get_param: ExternalIpUri} - internal_api_uri: {get_param: InternalApiIpUri} - storage_uri: {get_param: StorageIpUri} - storage_mgmt_uri: {get_param: StorageMgmtIpUri} - tenant_uri: {get_param: TenantIpUri} - management_uri: {get_param: ManagementIpUri} - - keys: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} - external_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: ExternalNetName} - internal_api_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: InternalApiNetName} - storage_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: StorageNetName} - storage_mgmt_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: StorageMgmtNetName} - tenant_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: TenantNetName} - management_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: ManagementNetName} - external_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: ExternalNetName} - internal_api_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: InternalApiNetName} - storage_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: StorageNetName} - storage_mgmt_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: StorageMgmtNetName} - tenant_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: TenantNetName} - management_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: ManagementNetName} - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: {get_attr: [NetIpMapValue, value]} diff --git a/network/ports/net_vip_map_external.j2.yaml b/network/ports/net_vip_map_external.j2.yaml new file mode 100644 index 00000000..b17f48b5 --- /dev/null +++ b/network/ports/net_vip_map_external.j2.yaml @@ -0,0 +1,40 @@ +heat_template_version: pike + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlPlaneIP: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}NetworkVip: + default: '' + type: string +{%- endfor %} + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}: {get_param: {{network.name}}NetworkVip} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}_uri: {get_param: {{network.name}}NetworkVip} +{%- endfor %} diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml deleted file mode 100644 index 018bf2bb..00000000 --- a/network/ports/net_vip_map_external.yaml +++ /dev/null @@ -1,64 +0,0 @@ -heat_template_version: pike - -parameters: - # Set these via parameter defaults to configure external VIPs - ControlPlaneIP: - default: '' - type: string - ExternalNetworkVip: - default: '' - type: string - InternalApiNetworkVip: - default: '' - type: string - StorageNetworkVip: - default: '' - type: string - StorageMgmtNetworkVip: - default: '' - type: string - # The following are unused in this template - ControlPlaneIp: - default: '' - type: string - ExternalIp: - default: '' - type: string - ExternalIpUri: - default: '' - type: string - InternalApiIp: - default: '' - type: string - InternalApiIpUri: - default: '' - type: string - StorageIp: - default: '' - type: string - StorageIpUri: - default: '' - type: string - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpUri: - default: '' - type: string - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: - ctlplane: {get_param: ControlPlaneIP} - external: {get_param: ExternalNetworkVip} - internal_api: {get_param: InternalApiNetworkVip} - storage: {get_param: StorageNetworkVip} - storage_mgmt: {get_param: StorageMgmtNetworkVip} - ctlplane_uri: {get_param: ControlPlaneIP} - external_uri: {get_param: ExternalNetworkVip} - internal_api_uri: {get_param: InternalApiNetworkVip} - storage_uri: {get_param: StorageNetworkVip} - storage_mgmt_uri: {get_param: StorageMgmtNetworkVip} diff --git a/network/ports/net_vip_map_external_v6.j2.yaml b/network/ports/net_vip_map_external_v6.j2.yaml new file mode 100644 index 00000000..5eff73c1 --- /dev/null +++ b/network/ports/net_vip_map_external_v6.j2.yaml @@ -0,0 +1,45 @@ +heat_template_version: pike + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlPlaneIP: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}NetworkVip: + default: '' + type: string +{%- endfor %} + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}: {get_param: {{network.name}}NetworkVip} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}_uri: + list_join: + - '' + - - '[' + - {get_param: {{network.name}}NetworkVip} + - ']' +{%- endfor %} diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml deleted file mode 100644 index aa40cf17..00000000 --- a/network/ports/net_vip_map_external_v6.yaml +++ /dev/null @@ -1,84 +0,0 @@ -heat_template_version: pike - -parameters: - # Set these via parameter defaults to configure external VIPs - ControlPlaneIP: - default: '' - type: string - ExternalNetworkVip: - default: '' - type: string - InternalApiNetworkVip: - default: '' - type: string - StorageNetworkVip: - default: '' - type: string - StorageMgmtNetworkVip: - default: '' - type: string - # The following are unused in this template - ControlPlaneIp: - default: '' - type: string - ExternalIp: - default: '' - type: string - ExternalIpUri: - default: '' - type: string - InternalApiIp: - default: '' - type: string - InternalApiIpUri: - default: '' - type: string - StorageIp: - default: '' - type: string - StorageIpUri: - default: '' - type: string - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpUri: - default: '' - type: string - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: - ctlplane: {get_param: ControlPlaneIP} - external: {get_param: ExternalNetworkVip} - internal_api: {get_param: InternalApiNetworkVip} - storage: {get_param: StorageNetworkVip} - storage_mgmt: {get_param: StorageMgmtNetworkVip} - ctlplane_uri: {get_param: ControlPlaneIP} - external_uri: - list_join: - - '' - - - '[' - - {get_param: ExternalNetworkVip} - - ']' - internal_api_uri: - list_join: - - '' - - - '[' - - {get_param: InternalApiNetworkVip} - - ']' - storage_uri: - list_join: - - '' - - - '[' - - {get_param: StorageNetworkVip} - - ']' - storage_mgmt_uri: - list_join: - - '' - - - '[' - - {get_param: StorageMgmtNetworkVip} - - ']' diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 8030bfc0..9f39c4ff 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -12,19 +12,21 @@ parameters: description: IP address on the control plane type: string ControlPlaneNetwork: - description: Name of the control plane network + description: The name of the undercloud Neutron control plane default: ctlplane type: string PortName: description: Name of the port default: '' type: string - NetworkName: - description: # Here for compatibility with vip.yaml - default: '' + NetworkName: # Here for compatibility with vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane type: string FixedIPs: - description: # Here for compatibility with vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] default: [] type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults diff --git a/network/ports/external_v6.yaml b/network/ports/port.j2 index 12d61cce..2088d840 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/port.j2 @@ -1,19 +1,19 @@ heat_template_version: pike description: > - Creates a port on the external network. The IP address will be chosen + Creates a port on the {{network.name}} network. The IP address will be chosen automatically if FixedIPs is empty. parameters: - ExternalNetName: - description: Name of the external neutron network - default: external + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower|default(network.name|lower)}} type: string PortName: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string @@ -36,31 +36,37 @@ parameters: resources: - ExternalPort: + {{network.name}}Port: type: OS::Neutron::Port properties: - network: {get_param: ExternalNetName} + network: {get_param: {{network.name}}NetName} name: {get_param: PortName} fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} ip_address_uri: - description: external network IP with brackets suitable for a URL +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) value: list_join: - '' - - '[' - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} ip_subnet: - description: IP/Subnet CIDR for the external network IP + description: IP/Subnet CIDR for the {{network.name}} network IP value: list_join: - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml index ded3e798..d0bd45ab 100644 --- a/network/ports/port.network.j2.yaml +++ b/network/ports/port.network.j2.yaml @@ -1,72 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name_lower}} neutron network - default: {{network.name_lower|default(network.name|lower)}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - {{network.name}}Port: - type: OS::Neutron::Port - properties: - network: {get_param: {{network.name}}NetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with IPv6 URLs) - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} - +{% include 'port.j2' %} diff --git a/network/ports/port_from_pool.j2 b/network/ports/port_from_pool.j2 new file mode 100644 index 00000000..14b93692 --- /dev/null +++ b/network/ports/port_from_pool.j2 @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml index 9c08ec76..ff863583 100644 --- a/network/ports/port_from_pool.network.j2.yaml +++ b/network/ports/port_from_pool.network.j2.yaml @@ -1,65 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network, using a map of IPs per role. - Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by - network (lower_name or lower case). For example: - ControllerIPs: - external: - - 1.2.3.4 # First controller - - 1.2.3.5 # Second controller - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name}} neutron network - default: {{network.name_lower}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml - default: {} - type: json - NodeIndex: # First node in the role will get first IP, and so on... - default: 0 - type: number - {{network.name}}NetCidr: - default: {{network.ip_subnet}} - description: Cidr for the {{network.name_lower}} network. - type: string - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} - +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_from_pool_v6.network.j2.yaml b/network/ports/port_from_pool_v6.network.j2.yaml new file mode 100644 index 00000000..689e1ad0 --- /dev/null +++ b/network/ports/port_from_pool_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_v6.network.j2.yaml b/network/ports/port_v6.network.j2.yaml new file mode 100644 index 00000000..59709bde --- /dev/null +++ b/network/ports/port_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port.j2' %} diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml deleted file mode 100644 index 5c1aba1a..00000000 --- a/network/ports/storage.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: Name of the storage neutron network - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml deleted file mode 100644 index ca5993fc..00000000 --- a/network/ports/storage_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageNetName: - description: Name of the storage network - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: '172.16.1.0/24' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml deleted file mode 100644 index ec7cd2f0..00000000 --- a/network/ports/storage_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageNetName: - description: Name of the storage network - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: 'fd00:fd00:fd00:3000::/64' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml deleted file mode 100644 index 94b058a2..00000000 --- a/network/ports/storage_mgmt.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - storage_mgmt network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml deleted file mode 100644 index 63b2e154..00000000 --- a/network/ports/storage_mgmt_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageMgmtNetName: - description: Name of the storage MGMT network - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: '172.16.3.0/24' - description: Cidr for the storage MGMT network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml deleted file mode 100644 index 6d0b8794..00000000 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageMgmtNetName: - description: Name of the storage MGMT network - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage MGMT network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml deleted file mode 100644 index 3d70c690..00000000 --- a/network/ports/storage_mgmt_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage_mgmt network IP with brackets suitable for a URI - value: - list_join: - - '' - - - '[' - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml deleted file mode 100644 index 6137d241..00000000 --- a/network/ports/storage_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: Name of the storage neutron network - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml deleted file mode 100644 index a56b0f43..00000000 --- a/network/ports/tenant.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: Name of the tenant neutron network - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml deleted file mode 100644 index 03ff6d11..00000000 --- a/network/ports/tenant_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: Name of the tenant network - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: '172.16.0.0/24' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml deleted file mode 100644 index d45faf06..00000000 --- a/network/ports/tenant_from_pool_v6.yaml +++ /dev/null @@ -1,51 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: Name of the tenant network - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: 'fd00:fd00:fd00:5000::/64' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml deleted file mode 100644 index d23e91f7..00000000 --- a/network/ports/tenant_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: Name of the tenant neutron network - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 70b4482c..f47760c8 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 09f646a6..90525a31 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index ba8e5568..54646c38 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -106,7 +106,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -122,7 +122,7 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant diff --git a/network/storage.yaml b/network/storage.yaml deleted file mode 100644 index 00316c51..00000000 --- a/network/storage.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Storage network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageNetCidr: - default: '172.16.1.0/24' - description: Cidr for the storage network. - type: string - StorageNetValueSpecs: - default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'} - description: Value specs for the storage network. - type: json - StorageNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - StorageNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageSubnetName: - default: storage_subnet - description: The name of the storage subnet in Neutron. - type: string - StorageAllocationPools: - default: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - description: Ip allocation pool range for the storage network. - type: json - -resources: - StorageNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageNetAdminStateUp} - name: {get_param: StorageNetName} - shared: {get_param: StorageNetShared} - value_specs: {get_param: StorageNetValueSpecs} - - StorageSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: StorageNetCidr} - enable_dhcp: {get_param: StorageNetEnableDHCP} - name: {get_param: StorageSubnetName} - network: {get_resource: StorageNetwork} - allocation_pools: {get_param: StorageAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage network - value: {get_resource: StorageNetwork} - subnet_cidr: - value: {get_attr: StorageSubnet, cidr} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml deleted file mode 100644 index bc4347c2..00000000 --- a/network/storage_mgmt.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Storage management network. Storage replication, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageMgmtNetCidr: - default: '172.16.3.0/24' - description: Cidr for the storage management network. - type: string - StorageMgmtNetValueSpecs: - default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} - description: Value specs for the storage_mgmt network. - type: json - StorageMgmtNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageMgmtNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - StorageMgmtNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageMgmtNetName: - default: storage_mgmt - description: The name of the Storage management network. - type: string - StorageMgmtSubnetName: - default: storage_mgmt_subnet - description: The name of the Storage management subnet in Neutron. - type: string - StorageMgmtAllocationPools: - default: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - description: Ip allocation pool range for the storage mgmt network. - type: json - -resources: - StorageMgmtNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageMgmtNetAdminStateUp} - name: {get_param: StorageMgmtNetName} - shared: {get_param: StorageMgmtNetShared} - value_specs: {get_param: StorageMgmtNetValueSpecs} - - StorageMgmtSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: StorageMgmtNetCidr} - enable_dhcp: {get_param: StorageMgmtNetEnableDHCP} - name: {get_param: StorageMgmtSubnetName} - network: {get_resource: StorageMgmtNetwork} - allocation_pools: {get_param: StorageMgmtAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage management network - value: {get_resource: StorageMgmtNetwork} - subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index 0d6614f9..7ed4c92e 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -8,7 +8,7 @@ parameters: StorageMgmtNetCidr: # OpenStack uses the EUI-64 address format, which requires a /64 prefix default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage management network. + description: Cidr for the storage_mgmt network. type: string StorageMgmtNetValueSpecs: default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} @@ -24,15 +24,15 @@ parameters: type: boolean StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string StorageMgmtSubnetName: default: storage_mgmt_subnet - description: The name of the Storage management subnet in Neutron. + description: The name of the storage_mgmt subnet in Neutron. type: string StorageMgmtAllocationPools: default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the storage mgmt network. + description: Ip allocation pool range for the storage_mgmt network. type: json IPv6AddressMode: default: dhcpv6-stateful @@ -69,4 +69,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index bf796b2b..51edd4b3 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/tenant.yaml b/network/tenant.yaml deleted file mode 100644 index 2104f0bd..00000000 --- a/network/tenant.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Tenant network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - TenantNetCidr: - default: '172.16.0.0/24' - description: Cidr for the tenant network. - type: string - TenantNetValueSpecs: - default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'} - description: Value specs for the tenant network. - type: json - TenantNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - TenantNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - TenantNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - TenantSubnetName: - default: tenant_subnet - description: The name of the tenant subnet in Neutron. - type: string - TenantAllocationPools: - default: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - description: Ip allocation pool range for the tenant network. - type: json - -resources: - TenantNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: TenantNetAdminStateUp} - name: {get_param: TenantNetName} - shared: {get_param: TenantNetShared} - value_specs: {get_param: TenantNetValueSpecs} - - TenantSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: TenantNetCidr} - enable_dhcp: {get_param: TenantNetEnableDHCP} - name: {get_param: TenantSubnetName} - network: {get_resource: TenantNetwork} - allocation_pools: {get_param: TenantAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron tenant network - value: {get_resource: TenantNetwork} - subnet_cidr: - value: {get_attr: TenantSubnet, cidr} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index 9993eec9..9f139cb1 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network_data.yaml b/network_data.yaml index 947769ae..6ad37dfe 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -17,6 +17,8 @@ # allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] # gateway_ip: gateway for the network (optional, may use parameter defaults) # NOTE: IP-related values set parameter defaults in templates, may be overridden. +# compat_name: for existing stack you may need to override the default transformation +# for the resource's name. # # Example: # - name Example @@ -39,6 +41,7 @@ vip: true ip_subnet: '172.16.2.0/24' allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] + compat_name: Internal - name: Storage vip: true name_lower: storage diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0d3b875a..0f0e9ceb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -1,8 +1,8 @@ resource_registry: OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::PostDeploySteps: puppet/post.yaml - OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml + OS::TripleO::PostDeploySteps: common/post.yaml + OS::TripleO::PostUpgradeSteps: common/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml @@ -17,7 +17,7 @@ resource_registry: {% for role in roles %} OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None - OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml + OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None @@ -109,6 +109,8 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: OS::Heat::None + OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup + # services OS::TripleO::Services: common/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml @@ -154,6 +156,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None OS::TripleO::Services::OVNController: OS::Heat::None @@ -192,6 +195,7 @@ resource_registry: OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml + OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml @@ -260,6 +264,7 @@ resource_registry: OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None + OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None @@ -276,7 +281,6 @@ resource_registry: OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None - OS::TripleO::Services::Iscsid: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None OS::TripleO::Services::VRTSHyperScale: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index ddf2701a..2e398671 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -21,40 +21,44 @@ description: > parameters: # Common parameters (not specific to a role) +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName CloudName: default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal CloudNameInternal: - default: overcloud.internalapi.localdomain + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's internal API endpoint. E.g. - 'ci-overcloud.internalapi.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorage: - default: overcloud.storage.localdomain +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + CloudNameStorageManagement: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage endpoint. E.g. - 'ci-overcloud.storage.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorageManagement: - default: overcloud.storagemgmt.localdomain +{%- else %} + CloudName{{network.name}}: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.storagemgmt.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string +{%- endif %} +{%- endfor %} CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string - ControlFixedIPs: - default: [] - description: > - Control the IP allocation for the ControlVirtualIP port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json ExtraConfig: default: {} description: | @@ -77,42 +81,42 @@ parameters: description: | DEPRECATED use ComputeExtraConfig instead type: json - InternalApiVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the InternalApiVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json NeutronControlPlaneID: default: 'ctlplane' type: string description: Neutron ID or name for ctlplane network. NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string - PublicVirtualFixedIPs: + ControlFixedIPs: default: [] description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. + Control the IP allocation for the ControlVirtualIP port. E.g. [{'ip_address':'1.2.3.4'}] type: json - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - StorageVirtualFixedIPs: +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # TODO (dsneddon) Legacy name, eventually refactor to match network name + PublicVirtualFixedIPs: default: [] description: > - Control the IP allocation for the StorageVirtualInterface port. E.g. + Control the IP allocation for the PublicVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json - StorageMgmtVirtualFixedIPs: +{%- else %} + {{network.name}}VirtualFixedIPs: default: [] description: > - Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. + Control the IP allocation for the {{network.name}}VirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json +{%- endif %} +{%- endfor %} + RabbitCookieSalt: + type: string + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. RedisVirtualFixedIPs: default: [] description: > @@ -186,11 +190,12 @@ parameters: {% if role.name != 'Compute' %} {{role.name}}SchedulerHints: + description: Optional scheduler hints to pass to nova {% else %} NovaComputeSchedulerHints: + description: DEPRECATED - use ComputeSchedulerHints instead {% endif %} type: json - description: Optional scheduler hints to pass to nova default: {} {{role.name}}Parameters: @@ -224,13 +229,6 @@ parameters: description: > List of server hostnames to blacklist from any triggered deployments. -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - - NovaComputeExtraConfig - conditions: add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} @@ -246,28 +244,38 @@ resources: - - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, external]} - HOST: {get_param: CloudName} + IP: {get_attr: [VipMap, net_ip_map, ctlplane]} + HOST: {get_param: CloudNameCtlplane} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, ctlplane]} - HOST: {get_param: CloudNameCtlplane} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, internal_api]} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} HOST: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, storage]} - HOST: {get_param: CloudNameStorage} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudNameStorageManagement} +{%- else %} - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - HOST: {get_param: CloudNameStorageManagement} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} HeatAuthEncryptionKey: type: OS::TripleO::RandomString @@ -303,11 +311,21 @@ resources: type: OS::TripleO::EndpointMap properties: CloudEndpoints: - external: {get_param: CloudName} - internal_api: {get_param: CloudNameInternal} - storage: {get_param: CloudNameStorage} - storage_mgmt: {get_param: CloudNameStorageManagement} ctlplane: {get_param: CloudNameCtlplane} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName + {{network.name_lower}}: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal + {{network.name_lower}}: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + {{network.name_lower}}: {get_param: CloudNameStorageManagement} +{%- else %} + {{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} NetIpMap: {get_attr: [VipMap, net_ip_map]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} @@ -464,12 +482,9 @@ resources: type: OS::TripleO::Network::Ports::NetIpListMap properties: ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]} - ExternalIpList: {get_attr: [{{role.name}}, external_ip_address]} - InternalApiIpList: {get_attr: [{{role.name}}, internal_api_ip_address]} - StorageIpList: {get_attr: [{{role.name}}, storage_ip_address]} - StorageMgmtIpList: {get_attr: [{{role.name}}, storage_mgmt_ip_address]} - TenantIpList: {get_attr: [{{role.name}}, tenant_ip_address]} - ManagementIpList: {get_attr: [{{role.name}}, management_ip_address]} +{%- for network in networks if network.enabled|default(true) %} + {{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]} +{%- endfor %} EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} @@ -588,10 +603,20 @@ resources: allNodesConfig: type: OS::TripleO::AllNodes::SoftwareConfig properties: - cloud_name_external: {get_param: CloudName} - cloud_name_internal_api: {get_param: CloudNameInternal} - cloud_name_storage: {get_param: CloudNameStorage} - cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName + cloud_name_{{network.name_lower}}: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal + cloud_name_{{network.name_lower}}: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + cloud_name_{{network.name_lower}}: {get_param: CloudNameStorageManagement} +{%- else %} + cloud_name_{{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} cloud_name_ctlplane: {get_param: CloudNameCtlplane} enabled_services: list_join: @@ -705,6 +730,8 @@ resources: ServiceName: redis FixedIPs: {get_param: RedisVirtualFixedIPs} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} # The public VIP is on the External net, falls back to ctlplane PublicVirtualIP: depends_on: Networks @@ -714,43 +741,38 @@ resources: ControlPlaneNetwork: {get_param: NeutronControlPlaneID} PortName: public_virtual_ip FixedIPs: {get_param: PublicVirtualFixedIPs} - - InternalApiVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::InternalApiVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: internal_api_virtual_ip - FixedIPs: {get_param: InternalApiVirtualFixedIPs} - - StorageVirtualIP: +{%- elif network.name == 'StorageMgmt' %} + {{network.name}}VirtualIP: depends_on: Networks - type: OS::TripleO::Network::Ports::StorageVipPort + type: OS::TripleO::Network::Ports::{{network.name}}VipPort properties: ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_virtual_ip - FixedIPs: {get_param: StorageVirtualFixedIPs} - - StorageMgmtVirtualIP: + PortName: storage_management_virtual_ip + FixedIPs: {get_param: {{network.name}}VirtualFixedIPs} +{%- else %} + {{network.name}}VirtualIP: depends_on: Networks - type: OS::TripleO::Network::Ports::StorageMgmtVipPort + type: OS::TripleO::Network::Ports::{{network.name}}VipPort properties: ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_management_virtual_ip - FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} + PortName: {{network.name_lower}}_virtual_ip + FixedIPs: {get_param: {{network.name}}VirtualFixedIPs} +{%- endif %} +{%- endfor %} VipMap: type: OS::TripleO::Network::Ports::NetVipMap properties: ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} - InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} - StorageIp: {get_attr: [StorageVirtualIP, ip_address]} - StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} - StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} +{%- else %} + {{network.name}}Ip: {get_attr: [{{network.name}}VirtualIP, ip_address]} + {{network.name}}IpUri: {get_attr: [{{network.name}}VirtualIP, ip_address_uri]} +{%- endif %} +{%- endfor %} # No tenant or management VIP required # Because of nested get_attr functions in the KeystoneAdminVip output, we # can't determine which attributes of VipMap are used until after @@ -764,24 +786,12 @@ resources: PingTestIps: list_join: - ' ' - - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, external_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, internal_api_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, storage_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, storage_mgmt_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, tenant_ip_address]} + - +{%- for network in networks if network.enabled|default(true) %} - yaql: expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, management_ip_address]} + data: {get_attr: [{{primary_role_name}}, {{network.name_lower}}_ip_address]} +{%- endfor %} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow @@ -935,6 +945,9 @@ outputs: - {get_attr: [{{role.name}}ServiceChainRoleData, value]} - {get_attr: [{{role.name}}MergedConfigSettings, value]} {% endfor %} + RoleConfig: + description: The configuration workflows associated with each role + value: {get_attr: [AllNodesDeploySteps, RoleConfig]} RoleNetIpMap: description: Mapping of each network to a list of IPs for each role value: diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 24aa1525..3044fe39 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -76,7 +76,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -92,7 +92,7 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml deleted file mode 100644 index de7b6b49..00000000 --- a/puppet/blockstorage-role.yaml +++ /dev/null @@ -1,704 +0,0 @@ -heat_template_version: pike -description: 'OpenStack cinder storage configured by Puppet' -parameters: - BlockStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that BlockStorageExtraConfig takes precedence over ExtraConfig. - type: json - BlockStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - BlockStorageIPs: - default: {} - type: json - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - default: baremetal - constraints: - - custom_constraint: nova.flavor - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - BlockStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - BlockStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - BlockStorage: - type: OS::TripleO::BlockStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: - {get_param: BlockStorageImage} - flavor: {get_param: OvercloudBlockStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: BlockStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: BlockStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::BlockStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::BlockStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::BlockStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::BlockStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::BlockStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::BlockStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::BlockStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::BlockStorage::PreNetworkConfig - properties: - server: {get_resource: BlockStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: BlockStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - BlockStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - BlockStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: BlockStorageUpgradeInitDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: BlockStorageUpgradeInitDeployment - properties: - name: BlockStorageDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Map heat metadata into hiera datafiles - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: {get_param: BlockStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - volume: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: BlockStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: BlockStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: BlockStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - config: {get_resource: UpdateConfig} - server: {get_resource: BlockStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: BlockStorageDeployment - properties: - server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [BlockStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [BlockStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the block storage server - value: - {get_resource: BlockStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [BlockStorage, os_collect_config]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml deleted file mode 100644 index ce44fd68..00000000 --- a/puppet/cephstorage-role.yaml +++ /dev/null @@ -1,718 +0,0 @@ -heat_template_version: pike -description: 'OpenStack ceph storage node configured by Puppet' -parameters: - OvercloudCephStorageFlavor: - description: Flavor for the Ceph Storage node. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - CephStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - CephStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - CephStorage: - type: OS::TripleO::CephStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: CephStorageImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudCephStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: CephStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: CephStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::CephStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::CephStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::CephStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::CephStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::CephStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::CephStorage::PreNetworkConfig - properties: - server: {get_resource: CephStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - CephStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - CephStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: CephStorageUpgradeInitDeployment - server: {get_resource: CephStorage} - config: {get_resource: CephStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: CephStorageUpgradeInitDeployment - properties: - name: CephStorageDeployment - config: {get_resource: CephStorageConfig} - server: {get_resource: CephStorage} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: {get_param: CephStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - ceph: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: CephStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - CephStorageExtraConfigPre: - depends_on: CephStorageDeployment - type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: CephStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: CephStorageDeployment - properties: - server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [CephStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [CephStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the ceph storage server - value: - {get_resource: CephStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml deleted file mode 100644 index af45793e..00000000 --- a/puppet/compute-role.yaml +++ /dev/null @@ -1,744 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack hypervisor node configured via Puppet. - -parameters: - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that NovaComputeExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudComputeFlavor: - description: Flavor for the nova compute node - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - NovaImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - NodeIndex: - type: number - default: 0 - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeIPs: - default: {} - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - NovaComputeServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - NovaComputeSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - -resources: - - NovaCompute: - type: OS::TripleO::ComputeServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: NovaImage} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: OvercloudComputeFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: NovaComputeServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: NovaComputeSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Compute::NodeUserData - - ExternalPort: - type: OS::TripleO::Compute::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::Compute::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::Compute::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::Compute::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::Compute::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::Compute::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Compute::PreNetworkConfig - properties: - server: {get_resource: NovaCompute} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Compute::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - config: {get_resource: NetworkConfig} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - NovaComputeUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - NovaComputeUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: NovaComputeUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: NovaCompute} - config: {get_resource: NovaComputeUpgradeInitConfig} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: {get_param: NovaComputeExtraConfig} - extraconfig: {get_param: ExtraConfig} - compute: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: NovaComputeUpgradeInitDeployment - properties: - name: NovaComputeDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NovaComputeDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ComputeExtraConfigPre: - depends_on: NovaComputeDeployment - type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ComputeExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: NovaCompute} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: NovaComputeDeployment - properties: - server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} - condition: server_not_blacklisted - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [NovaCompute, os_collect_config]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml deleted file mode 100644 index 38589a4e..00000000 --- a/puppet/controller-role.yaml +++ /dev/null @@ -1,782 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack controller node configured by Puppet. - -parameters: - controllerExtraConfig: - default: {} - description: | - Deprecated. Use ControllerExtraConfig via parameter_defaults instead. - type: json - ControllerExtraConfig: - default: {} - description: | - Controller specific hiera configuration data to inject into the cluster. - type: json - ControllerIPs: - default: {} - description: > - A network mapped list of IPs to assign to Controllers in the following form: - { - "internal_api": ["a.b.c.d", "e.f.g.h"], - ... - } - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional hieradata to inject into the cluster, note that - ControllerExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - controllerImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - NodeIndex: - type: number - default: 0 - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - ControllerServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ControllerSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - Controller: - type: OS::TripleO::ControllerServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: controllerImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudControlFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: ControllerServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ControllerSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Controller::NodeUserData - - ExternalPort: - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - InternalApiPort: - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Controller::Ports::StoragePort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Controller::Ports::TenantPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - ManagementPort: - type: OS::TripleO::Controller::Ports::ManagementPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Controller::PreNetworkConfig - properties: - server: {get_resource: Controller} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Controller::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: Controller} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NetworkDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: Controller} - - # Resource for site-specific passing of private keys/certificates - NodeTLSData: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeTLSData - properties: - server: {get_resource: Controller} - NodeIndex: {get_param: NodeIndex} - - ControllerUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - ControllerUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: ControllerUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: Controller} - config: {get_resource: ControllerUpgradeInitConfig} - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: ControllerUpgradeInitDeployment - properties: - name: ControllerDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Map heat metadata into hiera datafiles - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: {get_param: ExtraConfig} - controller: - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ControllerExtraConfigPre: - depends_on: ControllerDeployment - type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ControllerExtraConfigPre, NodeTLSData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: Controller} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: ControllerDeployment - properties: - server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [Controller, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - condition: server_not_blacklisted - tls_key_modulus_md5: - description: MD5 checksum of the TLS Key Modulus - value: {get_attr: [NodeTLSData, key_modulus_md5]} - tls_cert_modulus_md5: - description: MD5 checksum of the TLS Certificate Modulus - value: {get_attr: [NodeTLSData, cert_modulus_md5]} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [Controller, os_collect_config]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 8cba4351..e81b1142 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -7,6 +7,7 @@ description: > parameters: # Can be overridden via parameter_defaults in the environment SSLCertificate: + default: '' description: > The content of the SSL certificate (without Key) in PEM format. type: string diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml deleted file mode 100644 index 10e56450..00000000 --- a/puppet/objectstorage-role.yaml +++ /dev/null @@ -1,703 +0,0 @@ -heat_template_version: pike -description: 'OpenStack swift storage node configured by Puppet' -parameters: - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that ObjectStorageExtraConfig takes precedence over ExtraConfig. - type: json - ObjectStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - SwiftStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - SwiftStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ObjectStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - SwiftStorage: - type: OS::TripleO::ObjectStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: SwiftStorageImage} - flavor: {get_param: OvercloudSwiftStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: SwiftStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ObjectStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::ObjectStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::SwiftStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::SwiftStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::SwiftStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::SwiftStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::SwiftStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::ObjectStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::ObjectStorage::PreNetworkConfig - properties: - server: {get_resource: SwiftStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: SwiftStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - - SwiftStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - SwiftStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: SwiftStorageUpgradeInitDeployment - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SwiftStorageHieraConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: {get_param: ObjectStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - object: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - SwiftStorageHieraDeploy: - type: OS::Heat::StructuredDeployment - depends_on: SwiftStorageUpgradeInitDeployment - properties: - name: SwiftStorageHieraDeploy - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageHieraConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: SwiftStorageHieraDeploy - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: SwiftStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: SwiftStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: SwiftStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: SwiftStorageHieraDeploy - properties: - server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [SwiftStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [SwiftStorage, os_collect_config]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml deleted file mode 100644 index bdd1e613..00000000 --- a/puppet/post-upgrade.j2.yaml +++ /dev/null @@ -1,30 +0,0 @@ -heat_template_version: pike - -description: > - Post-upgrade configuration steps via puppet for all roles - where upgrade is not disabled as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -resources: -# Note the include here is the same as post.j2.yaml but the data used at -# the time of rendering is different if any roles disable upgrades -{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'puppet-steps.j2' %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml deleted file mode 100644 index 67e1ecfd..00000000 --- a/puppet/post.j2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -heat_template_version: pike - -description: > - Post-deploy configuration steps via puppet for all roles, - as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -{% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 deleted file mode 100644 index f7651a57..00000000 --- a/puppet/puppet-steps.j2 +++ /dev/null @@ -1,156 +0,0 @@ -{% set deploy_steps_max = 6 %} -conditions: -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}_Enabled: - or: - {%- for role in roles %} - - not: - equals: - - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] - - '' - - False - {%- endfor %} -{% endfor %} - -resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number -{% for role in roles %} - # {{role.name}} Role post-deploy steps - {{role.name}}ArtifactsConfig: - type: deploy-artifacts.yaml - - {{role.name}}ArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - name: {{role.name}}ArtifactsDeploy - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ArtifactsConfig} - - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - - # Step through a series of configuration steps -{% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - WorkflowTasks_Step{{step}}_Execution - # TODO(gfidente): the following if/else condition - # replicates what is already defined for the - # WorkflowTasks_StepX resource and can be remove - # if https://bugs.launchpad.net/heat/+bug/1700569 - # is fixed. - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {{role.name}}Deployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: {{step}} - update_identifier: {get_param: DeployIdentifier} -{% endfor %} - - # Note, this should be the last step to execute configuration changes. - # Ensure that all {{role.name}}ExtraConfigPost steps are executed - # after all the previous deployment steps. - {{role.name}}ExtraConfigPost: - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step5 - {%- endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} - - # The {{role.name}}PostConfig steps are in charge of - # quiescing all services, i.e. in the Controller case, - # we should run a full service reload. - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig - depends_on: - {%- for dep in roles %} - - {{dep.name}}ExtraConfigPost - {%- endfor %} - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - -{% endfor %} - -# BEGIN service_workflow_tasks handling -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}: - type: OS::Mistral::Workflow - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} - type: direct - tasks: - yaql: - expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() - data: - {%- for role in roles %} - - get_param: [role_data, {{role.name}}, service_workflow_tasks] - {%- endfor %} - - WorkflowTasks_Step{{step}}_Execution: - type: OS::Mistral::ExternalResource - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: WorkflowTasks_Step{{step}} - properties: - actions: - CREATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - UPDATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - always_update: true -{% endfor %} -# END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 23d8896e..5453e65c 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,27 +1,40 @@ -{# ## Some variables are set to enable rendering backwards compatible templates #} -{# ## where a few parameter/resource names don't match the expected pattern #} -{# ## FIXME: we need some way to deprecate the old inconsistent parameters #} -{%- if role.name == 'Controller' -%} - {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%} -{% endif %} +{#- ## Some variables are set to enable rendering backwards compatible templates #} +{#- ## where a few parameter/resource names don't match the expected pattern #} +{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #} +{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%} heat_template_version: pike description: 'OpenStack {{role.name}} node configured by Puppet' parameters: +{%- set default_flavor_name = 'baremetal' %} +{%- if role.deprecated_param_flavor is defined %} + {{role.deprecated_param_flavor}}: + description: DEPRECATED Use Overcloud{{role.name}}Flavor instead. + default: {{default_flavor_name}} + type: string +{%- endif %} Overcloud{{role.name}}Flavor: description: Flavor for the {{role.name}} node. - default: baremetal + default: {{default_flavor_name}} type: string -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor -{% endif %} +{%- endif %} +{%- set default_image_name = 'overcloud-full' %} +{%- if role.deprecated_param_image is defined %} + {{role.deprecated_param_image}}: + type: string + default: {{default_image_name}} + description: DEPRECATED Use {{role.name}}Image instead +{%- endif %} {{role.name}}Image: type: string - default: overcloud-full -{% if role.disable_constraints is not defined %} + default: {{default_image_name}} + description: The disk image file to use for the role. +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: glance.image -{% endif %} +{%- endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -30,13 +43,13 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair -{% endif %} +{%- endif %} NeutronPhysicalBridge: default: 'br-ex' - description: An OVS bridge to create for accessing tenant networks. + description: An OVS bridge to create for accessing external networks. type: string NeutronPublicInterface: default: nic1 @@ -76,8 +89,8 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json -{%- if deprecated_extraconfig_param is defined %} - {{deprecated_extraconfig_param}}: +{%- if role.deprecated_param_extraconfig is defined %} + {{role.deprecated_param_extraconfig}}: default: {} description: | DEPRECATED use {{role.name}}ExtraConfig instead @@ -86,6 +99,12 @@ parameters: {{role.name}}IPs: default: {} type: json +{%- if role.deprecated_param_ips is defined %} + {{role.deprecated_param_ips}}: + default: {} + description: DEPRECATED - use {{role.name}}IPs instead + type: json +{%- endif %} NetworkDeploymentActions: type: comma_delimited_list description: > @@ -112,6 +131,12 @@ parameters: role-specific and is merged with the values given to the ServerMetadata parameter. type: json +{%- if role.deprecated_param_metadata is defined %} + {{role.deprecated_param_metadata}}: + default: {} + description: DEPRECATED - use {{role.name}}ServerMetadata instead + type: json +{%- endif %} ServerMetadata: default: {} description: > @@ -123,6 +148,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} +{%- if role.deprecated_param_scheduler_hints is defined %} + {{role.deprecated_param_scheduler_hints}}: + type: json + description: DEPRECATED - use {{role.name}}SchedulerHints instead + default: {} +{%- endif %} NodeIndex: type: number default: 0 @@ -202,12 +233,16 @@ parameters: object: 0 default: {} -{% if deprecated_extraconfig_param is defined %} +{% if role.uses_deprecated_params is defined %} parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - - {{deprecated_extraconfig_param}} +{%- for property in role %} +{%- if property.startswith('deprecated_param_') %} + - {{role[property]}} +{%- endif %} +{%- endfor %} {%- endif %} conditions: @@ -222,18 +257,48 @@ conditions: - DeploymentSwiftDataMap - {get_param: Hostname} - "" +{%- if role.deprecated_param_image is defined %} + deprecated_param_image_set: + not: + equals: + - {get_param: {{role.deprecated_param_image}}} + - {{default_image_name}} +{%- endif %} +{%- if role.deprecated_param_flavor is defined %} + deprecated_param_flavor_set: + not: + equals: + - {get_param: {{role.deprecated_param_flavor}}} + - {{default_flavor_name}} +{%- endif %} resources: - {{role.name}}: + {{server_resource_name}}: type: OS::TripleO::{{role.name}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} splay: {get_param: ConfigCollectSplay} properties: - image: {get_param: {{role.name}}Image} + image: +{%- if role.deprecated_param_image is defined %} + if: + - deprecated_param_image_set + - {get_param: {{role.deprecated_param_image}}} + - {get_param: {{role.name}}Image} +{%- else %} + get_param: {{role.name}}Image +{%- endif %} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Overcloud{{role.name}}Flavor} + flavor: +{%- if role.deprecated_param_flavor is defined %} + if: + - deprecated_param_flavor_set + - {get_param: {{role.deprecated_param_flavor}}} + - {get_param: Overcloud{{role.name}}Flavor} +{%- else %} + get_param: Overcloud{{role.name}}Flavor +{%- endif %} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -247,9 +312,17 @@ resources: metadata: map_merge: - {get_param: ServerMetadata} +{%- if role.deprecated_param_metadata is defined %} + - {get_param: {{role.deprecated_param_metadata}}} +{%- endif %} - {get_param: {{role.name}}ServerMetadata} - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: {{role.name}}SchedulerHints} + scheduler_hints: + map_merge: +{%- if role.deprecated_param_scheduler_hints is defined %} + - {get_param: {{role.deprecated_param_scheduler_hints}}} +{%- endif %} + - {get_param: {{role.name}}SchedulerHints} deployment_swift_data: if: - deployment_swift_data_map_unset @@ -288,15 +361,20 @@ resources: {{network.name}}Port: type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port properties: - ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role.name}}IPs} + ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} + IPPool: + map_merge: +{%- if role.deprecated_param_ips is defined %} + - {get_param: {{role.deprecated_param_ips}}} +{%- endif %} + - {get_param: {{role.name}}IPs} NodeIndex: {get_param: NodeIndex} {%- endfor %} NetworkConfig: type: OS::TripleO::{{role.name}}::Net::SoftwareConfig properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} {%- endfor %} @@ -304,7 +382,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} @@ -320,91 +398,91 @@ resources: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external internal_api: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi storage: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage storage_mgmt: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt tenant: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant management: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management ctlplane: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane PreNetworkConfig: type: OS::TripleO::{{role.name}}::PreNetworkConfig properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} RoleParameters: {get_param: RoleParameters} ServiceNames: {get_param: ServiceNames} deployment_actions: {get_attr: [DeploymentActions, value]} @@ -415,7 +493,7 @@ resources: properties: name: NetworkDeployment config: {get_resource: NetworkConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} @@ -426,7 +504,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] - {{role.name}}UpgradeInitConfig: + {{server_resource_name}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig properties: group: script @@ -440,26 +518,26 @@ resources: # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - {{role.name}}UpgradeInitDeployment: + {{server_resource_name}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment properties: - name: {{role.name}}UpgradeInitDeployment - server: {get_resource: {{role.name}}} - config: {get_resource: {{role.name}}UpgradeInitConfig} + name: {{server_resource_name}}UpgradeInitDeployment + server: {get_resource: {{server_resource_name}}} + config: {get_resource: {{server_resource_name}}UpgradeInitConfig} actions: if: - server_not_blacklisted - ['CREATE', 'UPDATE'] - [] - {{role.name}}Deployment: + {{server_resource_name}}Deployment: type: OS::Heat::StructuredDeployment - depends_on: {{role.name}}UpgradeInitDeployment + depends_on: {{server_resource_name}}UpgradeInitDeployment properties: - name: {{role.name}}Deployment - config: {get_resource: {{role.name}}Config} - server: {get_resource: {{role.name}}} + name: {{server_resource_name}}Deployment + config: {get_resource: {{server_resource_name}}Config} + server: {get_resource: {{server_resource_name}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} actions: @@ -468,7 +546,7 @@ resources: - ['CREATE', 'UPDATE'] - [] - {{role.name}}Config: + {{server_resource_name}}Config: type: OS::Heat::StructuredConfig properties: group: hiera @@ -486,6 +564,13 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' + # The following are required for compatibility with the Controller role + # where some vendor integrations added hieradata via ExtraConfigPre + - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre + - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre merge_behavior: deeper datafiles: service_names: @@ -497,10 +582,10 @@ resources: - values: {get_attr: [NetIpMap, net_ip_map]} {{role.name.lower()}}_extraconfig: map_merge: -{%- if deprecated_extraconfig_param is defined %} - - {get_param: {{deprecated_extraconfig_param}}} +{%- if role.deprecated_param_extraconfig is defined %} + - {get_param: {{role.deprecated_param_extraconfig}}} {%- endif %} - - {get_param: {{role.name}}ExtraConfig} + - {get_param: {{server_resource_name}}ExtraConfig} extraconfig: {get_param: ExtraConfig} {{role.name.lower()}}: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -513,16 +598,13 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - {%- if 'primary' in role.tags and 'controller' in role.tags %} - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} {%- if 'primary' in role.tags and 'controller' in role.tags %} # Resource for site-specific passing of private keys/certificates @@ -530,19 +612,19 @@ resources: depends_on: NodeTLSCAData type: OS::TripleO::NodeTLSData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} NodeIndex: {get_param: NodeIndex} {%- endif -%} # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment type: OS::TripleO::{{role.name}}ExtraConfigPre # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration @@ -559,7 +641,7 @@ resources: # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -570,7 +652,7 @@ resources: properties: name: UpdateDeployment config: {get_resource: UpdateConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} input_values: update_identifier: get_param: UpdateIdentifier @@ -591,18 +673,18 @@ resources: SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: description: IP address of the server in the ctlplane network - value: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} hostname: description: Hostname of the server - value: {get_attr: [{{role.name}}, name]} + value: {get_attr: [{{server_resource_name}}, name]} hostname_map: description: Mapping of network names to hostnames value: @@ -622,12 +704,12 @@ outputs: params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} known_hosts_entry: description: Entry for ssh known hosts @@ -641,18 +723,18 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} nova_server_resource: description: Heat resource handle for {{role.name}} server value: - {get_resource: {{role.name}}} + {get_resource: {{server_resource_name}}} condition: server_not_blacklisted deployed_server_port_map: description: | @@ -664,7 +746,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" map_replace: - hostname: fixed_ips: - - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} - keys: hostname: list_join: @@ -682,14 +764,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" container: str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 5 object: str_split: - '?' - str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 6 - 0 - keys: {hostname: {get_param: Hostname}} @@ -703,7 +785,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource - value: {get_attr: [{{role.name}}, os_collect_config]} + value: {get_attr: [{{server_resource_name}}, os_collect_config]} {%- for network in networks %} {{network.name_lower|default(network.name.lower())}}_ip_address: description: IP address of the server in the {{network.name}} network diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d55414b7..a593d55e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc. - Steps/tages correlate to the following: + Steps/tags correlate to the following: 1) Stop all control-plane services. @@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services. +Update Steps +------------ + +Each service template may optionally define a `update_tasks` key, which is a +list of ansible tasks to be performed during the minor update process. + +Similar to the upgrade_tasks, we allow a series of steps for the per-service +update sequence, but note update_task selects the steps via a conditional +referencing the step variable e.g when: step == 2, which is different to the +tags based approach used for upgrade_tasks (the two may be aligned in future). + + Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml new file mode 100644 index 00000000..c8b8bd8f --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-unity.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC Unity backend + +parameters: + CinderEnableDellEMCUnityBackend: + type: boolean + default: true + CinderDellEMCUnityBackendName: + type: string + default: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: + type: string + CinderDellEMCUnitySanLogin: + type: string + default: 'Admin' + CinderDellEMCUnitySanPassword: + type: string + hidden: true + CinderDellEMCUnityStorageProtocol: + type: string + default: 'iSCSI' + CinderDellEMCUnityIoPorts: + type: string + default: '' + CinderDellEMCUnityStoragePoolNames: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellemc_unity + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend} + cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName} + cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp} + cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin} + cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword} + cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol} + cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts} + cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 04f34e24..dcead0f7 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -47,6 +47,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -98,6 +103,7 @@ outputs: generate_service_certificates: true mongodb::server::ssl: true mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb::server::ssl_ca: {get_param: InternalTLSCAFile} mongodb_certificate_specs: service_pem: '/etc/pki/tls/certs/mongodb.pem' service_certificate: '/etc/pki/tls/certs/mongodb.crt' diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bd96823b..bdcc4fcd 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -77,3 +77,6 @@ outputs: tags: step3 yum: name=redis state=latest when: redis_enabled.rc != 0 + - name: Start redis service + tags: step4 + service: name=redis state=started diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d11ef66a..2cda08eb 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -7,8 +7,9 @@ parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. - type: string - default: '' + The value can be multiple addresses separated by commas. + type: comma_delimited_list + default: [] EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,7 +38,7 @@ parameters: type: json conditions: - insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} outputs: role_data: @@ -48,11 +49,10 @@ outputs: if: - insecure_registry_is_empty - {} - - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} + - tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: - name: Install docker packages on upgrade if missing tags: step3 yum: name=docker state=latest - diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..e0173d88 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -55,16 +61,31 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" for_each: NETWORK: {get_attr: [HAProxyNetworks, value]} diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..14d171dc 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string outputs: role_data: @@ -38,14 +44,33 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" metadata_settings: - service: haproxy diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8796209b..218ba740 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -178,10 +178,10 @@ parameters: Cron to purge expired tokens - Week Day default: '*' KeystoneCronTokenFlushMaxDelay: - type: string + type: number description: > Cron to purge expired tokens - Max Delay - default: '0' + default: 0 KeystoneCronTokenFlushDestination: type: string description: > diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml index 1f331894..65b2a2a1 100644 --- a/puppet/services/network/contrail-dpdk.yaml +++ b/puppet/services/network/contrail-dpdk.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 058b9dc9..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string + hidden: true ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 981fe2fb..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b9556890..b6980045 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,12 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + NeutronDBSyncExtraParams: + default: '' + description: | + String of extra command line parameters to append to the neutron-db-manage + upgrade head command. + type: string ServiceData: default: {} description: Dictionary packing service data @@ -134,6 +140,7 @@ outputs: neutron::db::database_max_retries: -1 neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} - if: - dhcp_agents_zero - {} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml new file mode 100644 index 00000000..a7dc2e8b --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -0,0 +1,99 @@ +heat_template_version: pike + +description: > + OpenStack Neutron ML2/Nuage plugin configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronML2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron ML2/Nuage plugin + value: + service_name: neutron_plugin_ml2_nuage + config_settings: + map_merge: + - get_attr: [NeutronML2Base, role_data, config_settings] + - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index cc4cd8f4..68bba110 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -33,7 +33,7 @@ parameters: OpenDaylightPortBindingController: description: OpenDaylight port binding controller type: string - default: 'network-topology' + default: 'pseudo-agentdb-binding' resources: diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index dd757b5d..1ea6b1ae 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -72,6 +72,16 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: 'openvswitch' + NeutronOverlayIPVersion: + default: 4 + description: IP version used for all overlay network endpoints. + type: number + constraints: + - allowed_values: [4,6] resources: NeutronBase: @@ -100,6 +110,8 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} + neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} + neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index a12bfd0f..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -97,7 +97,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > @@ -170,6 +170,11 @@ outputs: tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index e2ae7260..3f37cd94 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -139,6 +139,11 @@ outputs: # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::nova::migration::client::libvirt_enabled: true @@ -157,7 +162,7 @@ outputs: dport: - 16514 - '49152-49215' - - '5900-5999' + - '5900-6923' - if: @@ -165,6 +170,8 @@ outputs: - generate_service_certificates: true tripleo::profile::base::nova::migration::client::libvirt_tls: true + nova::migration::libvirt::listen_address: + get_param: [ServiceNetMap, NovaLibvirtNetwork] nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 2027292c..139ab7c7 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -33,6 +33,28 @@ parameters: Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" + HostAllowedNetworkTypes: + description: Allowed tenant network types for this OVS host. Note this can + vary per host or role to constrain which hosts nova instances + and networks are scheduled to. + type: comma_delimited_list + default: ['local', 'vlan', 'vxlan', 'gre'] + OvsEnableDpdk: + description: Whether or not to configure enable DPDK in OVS + default: false + type: boolean + OvsVhostuserMode: + description: Specify the mode for OVS with vhostuser port creation. In + client mode, the hypervisor will be responsible for creating + vhostuser sockets. In server mode, OVS will create them. + type: string + default: "client" + constraints: + - allowed_values: [ 'client', 'server' ] + VhostuserSocketDir: + description: Specify the directory to use for vhostuser sockets + type: string + default: "/var/run/openvswitch" EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -71,6 +93,28 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes + neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk + neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir + neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode + neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings + - values: {get_param: [RoleParameters]} + - values: + HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} + OvsEnableDpdk: {get_param: OvsEnableDpdk} + VhostuserSocketDir: {get_param: VhostuserSocketDir} + OvsVhostuserMode: {get_param: OvsVhostuserMode} + OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} + outputs: role_data: description: Role data for the OpenDaylight service. @@ -86,7 +130,6 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' @@ -94,6 +137,7 @@ outputs: '136 neutron gre networks': proto: 'gre' - get_attr: [Ovs, role_data, config_settings] + - get_attr: [RoleParametersValue, value] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index fbc5559a..30720448 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -45,7 +45,7 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index a1134f3e..f4675875 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,11 +66,17 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: Sync cinder DB + - name: get bootstrap nodeid tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable + command: hiera bootstrap_nodeid + register: bootstrap_node + - block: + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable + when: bootstrap_node.stdout == ansible_hostname diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 76511784..47ca6142 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -35,6 +35,11 @@ parameters: description: The authkey for the pacemaker remote service. hidden: true default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string @@ -103,5 +108,13 @@ outputs: tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + pacemaker::corosync::manage_fw: false + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e471c2a6..2a8620c8 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -56,3 +56,7 @@ outputs: - name: Update all packages tags: step3 yum: name=* state=latest + update_tasks: + - name: Update all packages + yum: name=* state=latest + when: step == "3" diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar-api.yaml index 4a1ad179..82d105ef 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar-api.yaml @@ -87,9 +87,9 @@ resources: outputs: role_data: - description: Shared role data for the Heat services. + description: Shared role data for the Zaqar services. value: - service_name: zaqar + service_name: zaqar_api config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] diff --git a/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml new file mode 100644 index 00000000..52db34b6 --- /dev/null +++ b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The path to the zaqar profile has changed from puppet/services/zaqar.yaml to + puppet/services/zaqar-api.yaml. Make sure to update any references to this + in the resource registry. diff --git a/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml new file mode 100644 index 00000000..523377c2 --- /dev/null +++ b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml @@ -0,0 +1,4 @@ +--- +features: + - Adds new environment file for deploying SRIOV + with OpenDaylight. diff --git a/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml b/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml new file mode 100644 index 00000000..dd01e36f --- /dev/null +++ b/releasenotes/notes/compute_deprecated_params-a2d69efd75f7c50f.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - | + The following parameters are deprecated for the Compute role: + NovaComputeSchedulerHints - use ComputeSchedulerHints instead + NovaComputeServerMetadata - use ComputeServerMetadata instead + NovaComputeExtraConfig - use ComputeExtraConfig instead + NovaComputeIPs - use ComputeIPs instead + NovaImage - Use OvercloudComputeImage instead diff --git a/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml b/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml new file mode 100644 index 00000000..02f596d3 --- /dev/null +++ b/releasenotes/notes/controller_deprecated_params-7f009de6d17c05a4.yaml @@ -0,0 +1,8 @@ +--- +deprecations: + - | + The following parameters are deprecated for the Controller role: + controllerExtraConfig - Use ControllerExtraConfig instead, + OvercloudControlFlavor - Use OvercloudControllerFlavor instead, + controllerImage - use ControllerImage instead. + diff --git a/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml new file mode 100644 index 00000000..764686f4 --- /dev/null +++ b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + Both environments/network-management.yaml and environments/network-management-v6.yaml + are now deprecated in favor of specifying the needed networks on each role. diff --git a/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml new file mode 100644 index 00000000..96e6234d --- /dev/null +++ b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Don't unregister systems from the portal/satellite + when deleting from Heat. There are several reasons why + it's compelling to fix this behavior. See + https://bugs.launchpad.net/tripleo/+bug/1710144 + for full information. The previous behavior can be triggered + by setting the DeleteOnRHELUnregistration parameter to "true". diff --git a/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml new file mode 100644 index 00000000..e417f5f2 --- /dev/null +++ b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fix Heat condition for RHEL registration yum update + There were 2 problems with this condition making the + rhel-registration.yaml template broken: "conditions" should be "condition" + and the condition should refer to just a condition name defined in the + "conditions:" section of the template. See + https://bugs.launchpad.net/tripleo/+bug/1709916 diff --git a/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml new file mode 100644 index 00000000..1c20b26d --- /dev/null +++ b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add NeutronOverlayIPVersion parameter to congfigure neutron ML2 + overlay_ip_version option. This parameter should be set to 6 when user + requires tenant vxlan tunnel endpoints to be IPv6. diff --git a/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml b/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml new file mode 100644 index 00000000..8fa77fcb --- /dev/null +++ b/releasenotes/notes/objectstorage_deprecated_params-f7642b6541a0d09c.yaml @@ -0,0 +1,8 @@ +--- +deprecations: + - | + The following parameters are deprecated for the ObjectStorage role: + SwiftStorageServerMetadata - use ObjectStorageServerMetadata instead + SwiftStorageIPs - use ObjectStorageIPs instead + SwiftStorageImage - Use ObjectStorageImage instead + OvercloudSwiftStorageFlavor - Use OvercloudObjectStorageFlavor instead diff --git a/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml new file mode 100644 index 00000000..645f3c79 --- /dev/null +++ b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - Setting the port-binding to be pseudo-agentdb-binding. + Networking-odl no longer supports network-topology +features: + - Enables per role configuration of per host + configuration which allows an operator to dedicate + different compute roles to different network or + port types in OpenDaylight deployments. diff --git a/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml b/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml new file mode 100644 index 00000000..a9563223 --- /dev/null +++ b/releasenotes/notes/roles_deprecated_params-50b4bbe8b9e4abc7.yaml @@ -0,0 +1,21 @@ +--- +deprecations: + - | + The static role definitions contained a number of conflicting parameters + which require special handling to convert to dynamic template generation. + In the future, these parameters will be removed. If a role requires one + of these deprecated parameters, then it will be defined in the role + definition in a property named "deprecated_param_<name>". If the role has one + or more deprecated parameters, then "uses_deprecated_params" should be + set to True as well. This will enable creation of a parameter_group + containing the deprecated parameters in the role definition, which will enable + warning users if they use deprecated parameters on deployment. +upgrade: + - | + For deployments where a custom roles_data file is used, it should be rebased + against the default roles_data.yaml, as several additional items, e.g to + specify deprecated parameter names for some of the default roles, have been + added. Alternatively you can regenerate your roles_data using the new + overcloud roles generate command, so that the updated role definitions in + /usr/share/openstack-tripleo-heat-templates/roles are used, which include + the necessary additional data. diff --git a/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml new file mode 100644 index 00000000..f2edb9f7 --- /dev/null +++ b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC Unity cinder driver diff --git a/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml new file mode 100644 index 00000000..04b21fba --- /dev/null +++ b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Workaround systems getting registered as "localhost" during + RHEL registration if they don't have a fqdn set by first + rm'ing the /etc/rhsm/facts directory. When the directory does not + exist, the katello-rshm-consumer which runs when installing + the katello-ca-consumer will not set the hostname.override fact to + "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 939b263c..9d46018a 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b3' +release = '7.0.0.0rc1' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index e4fdfa44..9d1bef08 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -21,6 +21,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index f3978c5b..8e62e8e7 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 56daa864..9d2c8189 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -10,6 +10,15 @@ - Tenant - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_image: 'NovaImage' + deprecated_param_extraconfig: 'NovaComputeExtraConfig' + deprecated_param_metadata: 'NovaComputeServerMetadata' + deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints' + deprecated_param_ips: 'NovaComputeIPs' + deprecated_server_resource_name: 'NovaCompute' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -35,6 +44,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 0e8a90b7..0216b04a 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -35,6 +35,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index 7c3cd218..9b94710d 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/Controller.yaml b/roles/Controller.yaml index d702a63d..56f54f54 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -16,6 +16,12 @@ - StorageMgmt - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_extraconfig: 'controllerExtraConfig' + deprecated_param_flavor: 'OvercloudControlFlavor' + deprecated_param_image: 'controllerImage' ServicesDefault: - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator @@ -28,6 +34,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -38,6 +46,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -102,6 +111,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 10d76dd7..2cfc0cb9 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -27,12 +27,14 @@ - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI @@ -79,6 +81,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/Database.yaml b/roles/Database.yaml index e101fd4f..ffeada05 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -10,12 +10,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index ae848bc8..d5d8ddd7 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -8,12 +8,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index 47e0f920..cd6071c4 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -10,10 +10,12 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SensuClient diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 311e0a7d..1bf58031 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -11,6 +11,7 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel @@ -29,6 +30,7 @@ - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::PacemakerRemote - OS::TripleO::Services::SensuClient diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index 81bedbd1..e2eacd9e 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -8,6 +8,13 @@ - InternalApi - Storage - StorageMgmt + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_metadata: 'SwiftStorageServerMetadata' + deprecated_param_ips: 'SwiftStorageIPs' + deprecated_param_image: 'SwiftStorageImage' + deprecated_param_flavor: 'OvercloudSwiftStorageFlavor' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -19,6 +26,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index b1c73798..1dbb887f 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -12,10 +12,13 @@ - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhListener - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CACerts - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TrieplO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd @@ -23,6 +26,7 @@ - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Redis diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index a408a21b..a78ba398 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -39,6 +39,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/roles_data.yaml b/roles_data.yaml index 0d6c8035..313fcaa9 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -19,6 +19,12 @@ - StorageMgmt - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_extraconfig: 'controllerExtraConfig' + deprecated_param_flavor: 'OvercloudControlFlavor' + deprecated_param_image: 'controllerImage' ServicesDefault: - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator @@ -31,6 +37,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -41,6 +49,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -105,6 +114,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping @@ -145,6 +155,15 @@ - Tenant - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_image: 'NovaImage' + deprecated_param_extraconfig: 'NovaComputeExtraConfig' + deprecated_param_metadata: 'NovaComputeServerMetadata' + deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints' + deprecated_param_ips: 'NovaComputeIPs' + deprecated_server_resource_name: 'NovaCompute' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -170,6 +189,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient @@ -204,6 +224,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -222,6 +243,13 @@ - InternalApi - Storage - StorageMgmt + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_metadata: 'SwiftStorageServerMetadata' + deprecated_param_ips: 'SwiftStorageIPs' + deprecated_param_image: 'SwiftStorageImage' + deprecated_param_flavor: 'OvercloudSwiftStorageFlavor' disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -233,6 +261,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -263,6 +292,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d61d1a2f..4628665b 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -42,6 +42,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml new file mode 100644 index 00000000..91d6060f --- /dev/null +++ b/sample-env-generator/composable-roles.yaml @@ -0,0 +1,174 @@ +# +# This environment generator is used to generate some sample composable role +# environment files. +# +environments: + - + name: composable-roles/monolithic-nonha + title: Monolithic Controller Non-HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an Non-HA configuration with SSL undercloud only and a + flat network. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 1 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/monolithic-ha + title: Monolithic Controller HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an HA configuration with SSL everywhere and network + isolation. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 3 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/standalone + title: Controller HA deployment with standalone Database, Messaging and Networker nodes. + description: | + A Heat environment that can be used to deploy controller, database, + messaging, networker and compute services in an HA configuration with SSL + everywhere and network isolation. + This should be used with a roles_data.yaml containing the + ControllerOpenstack, Database, Messaging, Networker, Compute and + CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - DatabaseCount + - MessagingCount + - NetworkerCount + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + - OvercloudDatabaseFlavor + - OvercloudMessagingFlavor + - OvercloudNetworkerFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + DatabaseCount: 3 + OvercloudDatabaseFlavor: db + MessagingCount: 3 + OvercloudMessagingFlavor: messaging + NetworkerCount: 2 + OvercloudNetworkerFlavor: networker + + +# NOTE(aschultz): So because these are dynamic based on the roles used, we +# do not currently define these in any heat files. So we're defining them here +# so that the sample env generator can still provide these configuration items +# in the generated config files. +parameters: + DnsServers: + default: ['8.8.8.8', '8,8.4.4'] + description: DNS servers to use for the Overcloud + type: comma_delimited_list + # Dynamic vars based on roles + DatabaseCount: + default: 0 + description: Number of Database nodes + type: number + MessagingCount: + default: 0 + description: Number of Messaging nodes + type: number + NetworkerCount: + default: 0 + description: Number of Networker nodes + type: number + OvercloudControllerFlavor: + default: control + description: Name of the flavor for Controller nodes + type: string + OvercloudComputeFlavor: + default: compute + description: Name of the flavor for Compute nodes + type: string + OvercloudCephStorageFlavor: + default: compute + description: Name of the flavor for Ceph nodes + type: string + OvercloudDatabaseFlavor: + default: database + description: Name of the flavor for Database nodes + type: string + OvercloudMessagingFlavor: + default: messaging + description: Name of the flavor for Messaging nodes + type: string + OvercloudNetworkerFlavor: + default: networker + description: Name of the flavor for Networker nodes + type: string + diff --git a/sample-env-generator/predictable-placement.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..3a971fbd 100644 --- a/sample-env-generator/predictable-placement.yaml +++ b/sample-env-generator/predictable-placement.yaml @@ -15,3 +15,18 @@ environments: Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with OS::stack_name in the template below. If you want to use the heat generated names, pass '' (empty string). + - + name: predictable-placement/custom-domain + title: Custom Domain Name + files: + overcloud.yaml: + parameters: + - CloudDomain + - CloudName + - CloudNameInternal + - CloudNameStorage + - CloudNameStorageManagement + - CloudNameCtlplane + description: | + This environment contains the parameters that need to be set in order to + use a custom domain name and have all of the various FQDNs reflect it. diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index ccaa5bde..a096d69a 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -50,81 +50,56 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'ExternalAllocationPools': ['default'], 'StorageNetCidr': ['default'], 'StorageAllocationPools': ['default'], - 'StorageMgmtNetCidr': ['default', - # FIXME - 'description'], + 'StorageMgmtNetCidr': ['default'], 'StorageMgmtAllocationPools': ['default'], 'TenantNetCidr': ['default'], 'TenantAllocationPools': ['default'], 'InternalApiNetCidr': ['default'], + 'InternalApiAllocationPools': ['default'], 'UpdateIdentifier': ['description'], 'key_name': ['default'], + # There's one template that defines this + # differently, and I'm not sure if we can + # safely change it. + 'EC2MetadataIp': ['default'], + # Same as EC2MetadataIp + 'ControlPlaneDefaultRoute': ['default'], # TODO(bnemec): Address these existing # inconsistencies. - 'NeutronMetadataProxySharedSecret': [ - 'description', 'hidden'], 'ServiceNetMap': ['description', 'default'], - 'EC2MetadataIp': ['default'], 'network': ['default'], 'ControlPlaneIP': ['default', 'description'], 'ControlPlaneIp': ['default', 'description'], 'NeutronBigswitchLLDPEnabled': ['default'], - 'NeutronEnableL2Pop': ['description'], 'NeutronWorkers': ['description'], - 'TenantIpSubnet': ['description'], - 'ExternalNetName': ['description'], - 'ControlPlaneDefaultRoute': ['default'], - 'StorageMgmtNetName': ['description'], 'ServerMetadata': ['description'], - 'InternalApiIpUri': ['description'], - 'UpgradeLevelNovaCompute': ['default'], - 'StorageMgmtIpUri': ['description'], 'server': ['description'], 'servers': ['description'], - 'FixedIPs': ['description'], - 'ExternalIpSubnet': ['description'], - 'NeutronBridgeMappings': ['description'], 'ExtraConfig': ['description'], - 'InternalApiIpSubnet': ['description'], 'DefaultPasswords': ['description', 'default'], 'BondInterfaceOvsOptions': ['description', 'default', 'constraints'], 'KeyName': ['constraints'], - 'TenantNetName': ['description'], - 'StorageIpSubnet': ['description'], 'OVNSouthboundServerPort': ['description'], 'ExternalInterfaceDefaultRoute': ['description', 'default'], - 'ExternalIpUri': ['description'], 'IPPool': ['description'], - 'ControlPlaneNetwork': ['description'], 'SSLCertificate': ['description', 'default', 'hidden'], 'HostCpusList': ['default', 'constraints'], - 'InternalApiAllocationPools': ['default'], 'NodeIndex': ['description'], 'name': ['description', 'default'], - 'StorageNetName': ['description'], - 'ManagementNetName': ['description'], - 'NeutronPublicInterface': ['description'], - 'ManagementInterfaceDefaultRoute': - ['default'], 'image': ['description', 'default'], 'NeutronBigswitchAgentEnabled': ['default'], 'EndpointMap': ['description', 'default'], 'DockerManilaConfigImage': ['description', 'default'], - 'NetworkName': ['default', 'description'], - 'StorageIpUri': ['description'], - 'InternalApiNetName': ['description'], - 'NeutronTunnelTypes': ['description'], 'replacement_policy': ['default'], - 'StorageMgmtIpSubnet': ['description'], 'CloudDomain': ['description', 'default'], 'EnableLoadBalancer': ['description'], 'ControllerExtraConfig': ['description'], diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py index 876dd854..f1469390 100755 --- a/tripleo_heat_templates/environment_generator.py +++ b/tripleo_heat_templates/environment_generator.py @@ -50,7 +50,7 @@ _PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex', 'DefaultPasswords'] # static. This allows us to generate sample environments using them when # necessary, but they won't be improperly included by accident. _HIDDEN_PARAMS = ['EndpointMap', 'RoleName', 'RoleParameters', - 'ServiceNetMap', + 'ServiceNetMap', 'ServiceData', ] |