diff options
34 files changed, 339 insertions, 76 deletions
@@ -53,3 +53,64 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + + +Service testing matrix +---------------------- + +The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` +and should be executed according to the following table: + ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | ++================+=============+=============+=============+=============+=================+ +| keystone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| glance | file | swift | file | file | swift | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cinder | | iscsi | | | iscsi | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| heat | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mysql | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| neutron | ovs | ovs | ovs | ovs | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| rabbitmq | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mongodb | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| redis | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| haproxy | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| keepalived | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| memcached | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| pacemaker | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| nova | qemu | qemu | qemu | qemu | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ntp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| snmp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| timezone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| sahara | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| swift | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| aodh | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ceilometer | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| gnocchi | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| barbican | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| zaqar | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cephrgw | | X | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 97fec24c..7875ef4e 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -49,3 +49,4 @@ parameter_defaults: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 092426cb..26f94d03 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -50,3 +50,4 @@ parameter_defaults: # we don't deploy Swift so we switch to file backend. GlanceBackend: 'file' KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 4aa18709..0d94cea0 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -60,3 +60,4 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + SwiftCeilometerPipelineEnabled: false diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index e7e276b2..40e5248a 100755 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -44,6 +44,9 @@ AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ -v /etc/sysconfig/docker:/etc/sysconfig/docker \ -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ + -v /var/lib/os-collect-config:/var/lib/os-collect-config \ + -v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \ + -v /var/lib/heat-config:/var/lib/heat-config \ -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" diff --git a/environments/docker.yaml b/environments/docker.yaml index 0755c61f..9b0f65f9 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,6 +1,6 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Compute::NodeUserData: ../docker/firstboot/install_docker_agents.yaml OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml diff --git a/environments/external-loadbalancer-vip-v6.yaml b/environments/external-loadbalancer-vip-v6.yaml index 5a2ef505..fbd1fb98 100644 --- a/environments/external-loadbalancer-vip-v6.yaml +++ b/environments/external-loadbalancer-vip-v6.yaml @@ -1,29 +1,24 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external_v6.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service_v6.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool_v6.yaml # OVS doesn't support IPv6 endpoints for tunneling yet, so this remains IPv4 for now. OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool_v6.yaml parameter_defaults: # When using an external loadbalancer set the following in parameter_defaults # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 2001:db8:fd00:1000:0000:0000:0000:0005 - InternalApiNetworkVip: fd00:fd00:fd00:2000:0000:0000:0000:0005 - StorageNetworkVip: fd00:fd00:fd00:3000:0000:0000:0000:0005 - StorageMgmtNetworkVip: fd00:fd00:fd00:4000:0000:0000:0000:0005 - ServiceVips: - redis: fd00:fd00:fd00:2000:0000:0000:0000:0006 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'2001:db8:fd00:1000:0000:0000:0000:0005'}] + InternalApiVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0005'}] + StorageVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:3000:0000:0000:0000:0005'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:4000:0000:0000:0000:0005'}] + RedisVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0006'}] ControllerIPs: external: - 2001:db8:fd00:1000:0000:0000:0000:0007 diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml index 8656ba1a..1759c04c 100644 --- a/environments/external-loadbalancer-vip.yaml +++ b/environments/external-loadbalancer-vip.yaml @@ -1,10 +1,4 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml @@ -18,13 +12,12 @@ parameter_defaults: # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 10.0.0.251 - InternalApiNetworkVip: 172.16.2.251 - StorageNetworkVip: 172.16.1.251 - StorageMgmtNetworkVip: 172.16.3.251 - ServiceVips: - redis: 172.16.2.252 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'10.0.0.251'}] + InternalApiVirtualFixedIPs: [{'ip_address':'172.16.2.251'}] + StorageVirtualFixedIPs: [{'ip_address':'172.16.1.251'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'172.16.3.251'}] + RedisVirtualFixedIPs: [{'ip_address':'172.16.2.252'}] ControllerIPs: external: - 10.0.0.253 diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index bafb2a73..3da560c8 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -8,10 +8,10 @@ resource_registry: # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml parameter_defaults: NeutronMechanismDrivers: ovn - OVNDbHost: '0.0.0.0' OVNSouthboundServerPort: 6642 OVNNorthboundServerPort: 6641 OVNDbConnectionTimeout: 60 @@ -19,3 +19,4 @@ parameter_defaults: OVNNeutronSyncMode: log OVNQosDriver: ovn-qos OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index e91c7bc3..fb66b38a 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index c9096f44..6586a547 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} - ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 365b0a54..ebb491f0 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketInternal: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 7ebb318f..95791677 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -82,9 +82,9 @@ parameters: ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarWebSocketAdmin: {protocol: http, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketInternal: {protocol: http, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketPublic: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index d7863e02..263eccd8 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -138,3 +138,20 @@ outputs: SERVICE_short_node_names: {get_param: ServiceHostnameList} for_each: SERVICE: {get_attr: [EnabledServicesValue, value]} + short_service_bootstrap_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + Used for bootstrap purposes + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_short_bootstrap_node_name: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index 5df67b78..e65f922a 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -113,11 +113,17 @@ if [ -n '$network_config' ]; then mkdir -p /etc/os-net-config # Note these variables come from the calling heat SoftwareConfig echo '$network_config' > /etc/os-net-config/config.json + + if [ "$(type -t network_config_hook)" = "function" ]; then + network_config_hook + fi + sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes RETVAL=$? + if [[ $RETVAL == 2 ]]; then ping_metadata_ip diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 5991b3bc..ee35f94f 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -58,6 +58,7 @@ parameters: CephRgwNetwork: storage PublicNetwork: external OpendaylightApiNetwork: internal_api + OvnDbsNetwork: internal_api MistralApiNetwork: internal_api ZaqarApiNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index ebbeef6e..1a73b7fc 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -41,6 +41,8 @@ resource_registry: # in the jinja loop OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml + OS::TripleO::ServiceServerMetadataHook: OS::Heat::None + OS::TripleO::Server: OS::Nova::Server # This creates the "heat-admin" user for all OS images by default @@ -49,10 +51,14 @@ resource_registry: # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config + # role::NodeUserData == Role specific cloud-init additional user-data # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml +{% for role in roles %} + OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml +{% endfor %} OS::TripleO::NodeTLSCAData: OS::Heat::None OS::TripleO::NodeTLSData: OS::Heat::None OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml @@ -147,6 +153,8 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml + OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index f7e6f37f..316aeb6d 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -363,6 +363,7 @@ resources: services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} + ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]} {% endfor %} hostsConfig: @@ -444,6 +445,14 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]} {% endfor %} + short_service_bootstrap_node: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten().first()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 0a8bec6e..5f56fe28 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -28,6 +28,8 @@ parameters: type: json short_service_node_names: type: json + short_service_bootstrap_node: + type: json controller_names: type: comma_delimited_list memcache_node_ips: @@ -125,6 +127,7 @@ resources: - {get_param: service_ips} - {get_param: service_node_names} - {get_param: short_service_node_names} + - {get_param: short_service_bootstrap_node} - controller_node_ips: list_join: - ',' diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d1f8d8f..e74beb2d 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -102,6 +102,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -137,6 +140,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: BlockStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -148,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -159,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::BlockStorage::NodeUserData + ExternalPort: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 2c46bf1a..75f58012 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -108,6 +108,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -143,6 +146,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: CephStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -154,6 +158,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -165,6 +171,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::CephStorage::NodeUserData + ExternalPort: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 0a2598c1..cedab0e6 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -120,6 +120,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -157,6 +160,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: NovaComputeServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -168,6 +172,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -179,6 +185,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Compute::NodeUserData + ExternalPort: type: OS::TripleO::Compute::Ports::ExternalPort properties: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 5e03adcd..05527b63 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -134,6 +134,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -176,6 +179,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: ControllerServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -187,6 +191,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -198,6 +204,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml index 44be7c65..84d431fb 100644 --- a/puppet/extraconfig/tls/freeipa-enroll.yaml +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -13,10 +13,12 @@ parameters: type: string FreeIPAOTP: + default: '' description: 'OTP that will be used for FreeIPA enrollment' type: string hidden: true FreeIPAServer: + default: '' description: 'FreeIPA server DNS name' type: string FreeIPAIPAddress: @@ -36,18 +38,27 @@ resources: - name: ipa_ip config: | #!/bin/sh - sed -i "/${ipa_server}/d" /etc/hosts - # Optionally add the FreeIPA server IP to /etc/hosts - if [ -n "${ipa_ip}" ]; then - echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi fi # Set the node's domain if needed if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then hostnamectl set-hostname "$(hostname).${ipa_domain}" fi yum install -y ipa-client - # Enroll. If there is already keytab, we have already done this. + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi ipa-client-install --server ${ipa_server} -w ${otp} \ --domain=${ipa_domain} -U fi diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 088a2e3d..77a60510 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -102,6 +102,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -137,6 +140,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: SwiftStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -148,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -159,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::ObjectStorage::NodeUserData + ExternalPort: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index acb7677a..22370a7d 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -118,6 +118,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -160,6 +163,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: {{role}}ServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: {{role}}SchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -171,6 +175,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -182,6 +188,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::{{role}}::NodeUserData + ExternalPort: type: OS::TripleO::{{role}}::Ports::ExternalPort properties: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 856b306e..6e4e9c1d 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -74,3 +74,17 @@ step, "step2" for the second, etc. 6) Start control-plane services 7) Any additional online migration tasks (e.g data migrations) + +Nova Server Metadata Settings +----------------------------- + +One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass +entries to the nova instances' metadata. It is, however, disabled by default. +In order to overwrite it one needs to define it in the resource registry. An +implementation of this hook needs to conform to the following: + +* It needs to define an input called `RoleData` of json type. This gets as + input the contents of the `role_data` for each role's ServiceChain. + +* This needs to define an output called `metadata` which will be given to the + Nova Server resource as the instance's metadata. diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index e59dc202..d7f10757 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -61,6 +61,7 @@ outputs: horizon::enable_secure_proxy_ssl_header: true horizon::disable_password_reveal: true horizon::enforce_password_check: true + horizon::disallow_iframe_embed: true horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index e98ed497..20dfda6a 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -18,13 +18,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - OVNDbHost: - description: IP address on which the OVN DB servers are listening - type: string - OVNNorthboundServerPort: - description: Port of the OVN Northbound DB server - type: number - default: 6641 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number @@ -68,9 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - - ovn::northbound::port: {get_param: OVNNorthboundServerPort} - tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost} - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ovn::ovn_l3_mode: true neutron::plugins::ovn::vif_type: {get_param: OVNVifType} diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 907ecddc..63d12fe2 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -46,6 +55,8 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml new file mode 100644 index 00000000..302628d4 --- /dev/null +++ b/puppet/services/ovn-dbs.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OVN databases configured with puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OVNNorthboundServerPort: + description: Port of the OVN Northbound DB server + type: number + default: 6641 + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 + +outputs: + role_data: + description: Role data for the OVN northd service + value: + service_name: ovn_dbs + config_settings: + ovn::northbound::port: {get_param: OVNNorthboundServerPort} + ovn::southbound::port: {get_param: OVNSouthboundServerPort} + ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + step_config: | + include ::tripleo::profile::base::neutron::ovn_northd diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 13df5bbe..97f87061 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -42,6 +42,11 @@ resources: LoggingConfiguration: type: OS::TripleO::LoggingConfiguration + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + outputs: role_data: description: Combined Role data for this set of services. @@ -113,3 +118,4 @@ outputs: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba184ab0..94db9e41 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Swift Proxy service configured with Puppet @@ -49,6 +49,18 @@ parameters: default: guest description: The username for RabbitMQ type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -78,6 +90,8 @@ outputs: swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -89,26 +103,34 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'copy' - - 'container-quotas' - - 'account-quotas' - - 'slo' - - 'dlo' - - 'versioned_writes' - - 'ceilometer' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/roles_data.yaml b/roles_data.yaml index 81ddf9ca..e96bd78d 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -97,6 +97,7 @@ - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs - name: Compute CountDefault: 1 |