diff options
143 files changed, 5157 insertions, 3054 deletions
diff --git a/ci/README.rst b/ci/README.rst new file mode 100644 index 00000000..44e8626d --- /dev/null +++ b/ci/README.rst @@ -0,0 +1,11 @@ +======================= +TripleO CI environments +======================= + +TripleO CI environments are exclusively used for Continuous Integration +purpose or for development usage. +They should not be used in production and we don't guarantee they work outside +TripleO CI. + +For more informations about TripleO CI, please look: +https://github.com/openstack-infra/tripleo-ci diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml new file mode 100644 index 00000000..49a06881 --- /dev/null +++ b/ci/common/net-config-multinode.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge configured + with a static IP address for the ctlplane network. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: | + #!/bin/bash + ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name + params: + CONTROLPLANEIP: {get_param: ControlPlaneIp} + CONTROLPLANESUBNETCIDR: {get_param: ControlPlaneSubnetCidr} + inputs: + - + name: bridge_name + default: br-ex + description: bridge-name + type: String + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml new file mode 100644 index 00000000..1a5242a9 --- /dev/null +++ b/ci/environments/scenario001-multinode.yaml @@ -0,0 +1,56 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + GnocchiBackend: 'file' diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml new file mode 100644 index 00000000..b8bc5762 --- /dev/null +++ b/ci/environments/scenario002-multinode.yaml @@ -0,0 +1,48 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::BarbicanApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/barbican-api.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::BarbicanApi + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml new file mode 100644 index 00000000..e540bc55 --- /dev/null +++ b/ci/environments/scenario003-multinode.yaml @@ -0,0 +1,51 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::SaharaApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: /usr/share/openstack-tripleo-heat-templates/puppet/services/mistral-executor.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' diff --git a/ci/pingtests/scenario001-multinode.yaml b/ci/pingtests/scenario001-multinode.yaml new file mode 100644 index 00000000..9dcbd390 --- /dev/null +++ b/ci/pingtests/scenario001-multinode.yaml @@ -0,0 +1,174 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario001. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + gnocchi_res_alarm: + type: OS::Aodh::GnocchiResourcesAlarm + properties: + description: Do stuff with gnocchi + metric: cpu_util + aggregation_method: mean + granularity: 60 + evaluation_periods: 1 + threshold: 50 + alarm_actions: [] + resource_type: instance + resource_id: { get_resource: server1 } + comparison_operator: gt + + asg: + type: OS::Heat::AutoScalingGroup + properties: + max_size: 5 + min_size: 1 + resource: + type: OS::Heat::RandomString + + scaleup_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: asg} + cooldown: 0 + scaling_adjustment: 1 + + alarm: + type: OS::Aodh::Alarm + properties: + description: Scale-up if the average CPU > 50% for 1 minute + meter_name: test_meter + statistic: count + comparison_operator: ge + threshold: 1 + period: 60 + evaluation_periods: 1 + alarm_actions: + - {get_attr: [scaleup_policy, alarm_url]} + matching_metadata: + metadata.metering.stack_id: {get_param: "OS::stack_id"} + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + asg_size: + value: {get_attr: [asg, current_size]} diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml new file mode 100644 index 00000000..d7a30fd9 --- /dev/null +++ b/ci/pingtests/scenario002-multinode.yaml @@ -0,0 +1,153 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario002. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + luks_volume_type: + type: OS::Cinder::VolumeType + properties: + name: LUKS + + encrypted_volume_type: + type: OS::Cinder::EncryptedVolumeType + properties: + volume_type: {get_resource: luks_volume_type} + provider: nova.volume.encryptors.luks.LuksEncryptor + cipher: aes-xts-plain64 + control_location: front-end + key_size: 256 + + volume1: + type: OS::Cinder::Volume + depends_on: encrypted_volume_type + properties: + name: Volume1 + image: { get_param: image } + size: 1 + volume_type: {get_resource: luks_volume_type} + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/ci/pingtests/scenario003-multinode.yaml b/ci/pingtests/scenario003-multinode.yaml new file mode 100644 index 00000000..445c47af --- /dev/null +++ b/ci/pingtests/scenario003-multinode.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario003. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + sahara-image: + type: OS::Sahara::ImageRegistry + properties: + image: { get_param: image } + username: cirros + tags: + - tripleo + + mistral_workflow: + type: OS::Mistral::Workflow + properties: + type: direct + name: test_workflow + description: Just testing workflow resource. + input: + phrase: Hello! + output: + out: <% $.word %> + tasks: + - name: hello + action: std.echo output=<% $.phrase %> + publish: + word: <% $.hello %> + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + exec: + description: Mistral output verifying execution + value: { get_attr: [mistral_workflow, executions]}
\ No newline at end of file diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index 2c01174e..d6219e85 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -18,21 +18,21 @@ read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS -roles="Controller Compute BlockStorage ObjectStorage CephStorage" +roles=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} admin_user_id=$(openstack user show admin -c id -f value) admin_project_id=$(openstack project show admin -c id -f value) function check_stack { - local stack_to_check=$1 + local stack_to_check=${1:-""} - if [ "$stack_to_check" = "|" ]; then + if [ "$stack_to_check" = "" ]; then echo Stack not created return 1 fi echo Checking if $1 stack is created set +e - heat resource-list $stack_to_check + openstack stack resource list $stack_to_check rc=$? set -e @@ -49,13 +49,13 @@ for role in $roles; do sleep $SLEEP_TIME done - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) while ! check_stack $rg_stack; do sleep $SLEEP_TIME - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) done - stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}') + stacks=$(openstack stack resource list $rg_stack -c physical_resource_id -f value) i=0 @@ -65,13 +65,13 @@ for role in $roles; do server_resource_name="NovaCompute" fi - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) while ! check_stack $server_stack; do sleep $SLEEP_TIME - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}') + deployed_server_stack=$(openstack stack resource show $server_stack deployed-server -c physical_resource_id -f value) echo "======================" echo "$role$i os-collect-config.conf configuration:" diff --git a/docker/README-containers.md b/docker/README-containers.md index ff062a93..5a9f6f3c 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -20,6 +20,9 @@ glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x You can use the tripleo.sh script up until the point of running the Overcloud. https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh +You will want to set up the runtime puppet script delivery system described here: +http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html + Create the Overcloud: ``` $ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml deleted file mode 100644 index 60b831be..00000000 --- a/docker/compute-post.yaml +++ /dev/null @@ -1,349 +0,0 @@ -heat_template_version: 2015-10-15 -description: > - OpenStack compute node post deployment for Docker. - -parameters: - servers: - type: json - DeployIdentifier: - type: string - description: Value which changes if the node configuration may need to be re-applied - DockerNamespace: - type: string - default: tripleoupstream - DockerComputeImage: - type: string - DockerComputeDataImage: - type: string - DockerLibvirtImage: - type: string - DockerOpenvswitchImage: - type: string - DockerOvsVswitchdImage: - type: string - DockerOpenvswitchDBImage: - type: string - LibvirtConfig: - type: string - default: "/etc/libvirt/libvirtd.conf" - NovaConfig: - type: string - default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" - NeutronOpenvswitchAgentConfig: - type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - RoleData: - type: json - default: {} - - -resources: - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - tags: package,file,concat,file_line,nova_config,neutron_config,neutron_agent_ovs,neutron_plugin_ml2 - inputs: - - name: tripleo::packages::enable_install - type: Boolean - default: True - outputs: - - name: result - config: - list_join: - - '' - - - get_file: ../puppet/manifests/overcloud_compute.pp - - {get_param: StepConfig} - - - ComputePuppetDeployment: - type: OS::Heat::SoftwareDeployments - properties: - name: ComputePuppetDeployment - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - update_identifier: {get_param: DeployIdentifier} - tripleo::packages::enable_install: True - - CopyEtcConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: {get_file: ./copy-etc.sh} - - CopyEtcDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: ComputePuppetDeployment - properties: - name: CopyEtcDeployment - config: {get_resource: CopyEtcConfig} - servers: {get_param: servers} - - CopyJsonConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - inputs: - - name: libvirt_config - - name: nova_config - - name: neutron_openvswitch_agent_config - config: | - #!/bin/python - import json - import os - - data = {} - file_perms = '600' - libvirt_perms = '644' - - libvirt_config = os.getenv('libvirt_config').split(',') - nova_config = os.getenv('nova_config').split(',') - neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') - - # Command, Config_files, Owner, Perms - services = {'nova-libvirt': ['/usr/sbin/libvirtd', libvirt_config, 'root', libvirt_perms], - 'nova-compute': ['/usr/bin/nova-compute', nova_config, 'nova', file_perms], - 'neutron-openvswitch-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_openvswitch_agent_config, 'neutron', file_perms], - 'ovs-vswitchd': ['/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log'], - 'ovsdb-server': ['/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log'] - } - - - def build_config_files(config, owner, perms): - config_source = '/var/lib/kolla/config_files/' - config_files_dict = {} - source = os.path.basename(config) - dest = config - config_files_dict.update({'source': config_source + source, - 'dest': dest, - 'owner': owner, - 'perm': perms}) - return config_files_dict - - - for service in services: - if service != 'ovs-vswitchd' and service != 'ovsdb-server': - command = services.get(service)[0] - config_files = services.get(service)[1] - owner = services.get(service)[2] - perms = services.get(service)[3] - config_files_list = [] - for config_file in config_files: - if service == 'nova-libvirt': - command = command + ' --config ' + config_file - else: - command = command + ' --config-file ' + config_file - data['command'] = command - config_files_dict = build_config_files(config_file, owner, perms) - config_files_list.append(config_files_dict) - data['config_files'] = config_files_list - else: - data['command'] = services.get(service)[0] - data['config_files'] = [] - - json_config_dir = '/var/lib/etc-data/json-config/' - with open(json_config_dir + service + '.json', 'w') as json_file: - json.dump(data, json_file, sort_keys=True, indent=4, separators=(',', ': ')) - - CopyJsonDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: CopyEtcDeployment - properties: - name: CopyJsonDeployment - config: {get_resource: CopyJsonConfig} - servers: {get_param: servers} - input_values: - libvirt_config: {get_param: LibvirtConfig} - nova_config: {get_param: NovaConfig} - neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeployments - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: servers} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /run:/run - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/openvswitchd:/etc/openvswitchd - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeployments - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: servers} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - - LibvirtContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] - properties: - name: LibvirtContainersDeployment - config: {get_resource: LibvirtContainersConfig} - servers: {get_param: servers} - - LibvirtContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - computedata: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ] - container_name: computedata - volumes: - - /var/lib/nova/instances - - /var/lib/libvirt - - libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /sys/fs/cgroup:/sys/fs/cgroup - - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - NovaComputeContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] - properties: - name: NovaComputeContainersDeployment - config: {get_resource: NovaComputeContainersConfig} - servers: {get_param: servers} - - NovaComputeContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - neutronovsagent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - str_split: - - "," - - list_join: - - "," - - [ "/run:/run", "/lib/modules:/lib/modules:ro", - "/var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json", - "/var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro", - "/var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro", - {get_param: NeutronOpenvswitchAgentPluginVolume}, - {get_param: NeutronOpenvswitchAgentOvsVolume} ] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - novacompute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /etc/iscsi:/etc/iscsi - - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro - - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - ExtraConfig: - depends_on: NovaComputeContainersDeployment - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/docker/copy-json.py b/docker/copy-json.py new file mode 100644 index 00000000..e85ff11e --- /dev/null +++ b/docker/copy-json.py @@ -0,0 +1,72 @@ +#!/bin/python +import json +import os + +data = {} +file_perms = '0600' +libvirt_perms = '0644' + +libvirt_config = os.getenv('libvirt_config').split(',') +nova_config = os.getenv('nova_config').split(',') +neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') + +# Command, Config_files, Owner, Perms +services = { + 'nova-libvirt': [ + '/usr/sbin/libvirtd', + libvirt_config, + 'root', + libvirt_perms], + 'nova-compute': [ + '/usr/bin/nova-compute', + nova_config, + 'nova', + file_perms], + 'neutron-openvswitch-agent': [ + '/usr/bin/neutron-openvswitch-agent', + neutron_openvswitch_agent_config, + 'neutron', + file_perms], + 'ovs-vswitchd': [ + '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'], + 'ovsdb-server': [ + '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log'] +} + + +def build_config_files(config, owner, perms): + config_source = '/var/lib/kolla/config_files/' + config_files_dict = {} + source = os.path.basename(config) + dest = config + config_files_dict.update({'source': config_source + source, + 'dest': dest, + 'owner': owner, + 'perm': perms}) + return config_files_dict + + +for service in services: + if service != 'ovs-vswitchd' and service != 'ovsdb-server': + command = services.get(service)[0] + config_files = services.get(service)[1] + owner = services.get(service)[2] + perms = services.get(service)[3] + config_files_list = [] + for config_file in config_files: + if service == 'nova-libvirt': + command = command + ' --config ' + config_file + else: + command = command + ' --config-file ' + config_file + data['command'] = command + config_files_dict = build_config_files(config_file, owner, perms) + config_files_list.append(config_files_dict) + data['config_files'] = config_files_list + else: + data['command'] = services.get(service)[0] + data['config_files'] = [] + + json_config_dir = '/var/lib/etc-data/json-config/' + with open(json_config_dir + service + '.json', 'w') as json_file: + json.dump(data, json_file, sort_keys=True, indent=4, + separators=(',', ': ')) diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml new file mode 100644 index 00000000..de17cffe --- /dev/null +++ b/docker/post.j2.yaml @@ -0,0 +1,308 @@ +heat_template_version: 2016-10-14 + +description: > + Post-deploy configuration steps via puppet for all roles, + as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + + DockerOpenvswitchDBImage: + description: image + default: 'centos-binary-openvswitch-db-server' + type: string + + DockerOvsVswitchdImage: + description: image + default: 'centos-binary-openvswitch-vswitchd' + type: string + + LibvirtConfig: + type: string + default: "/etc/libvirt/libvirtd.conf" + + NovaConfig: + type: string + default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" + + NeutronOpenvswitchAgentConfig: + type: string + default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + +resources: + +{% for role in roles %} + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number + # {{role.name}} Role steps + {{role.name}}ArtifactsConfig: + type: ../puppet/deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + {% if role.name.lower() == 'compute' %} + PuppetTags: {get_param: [role_data, {{role.name}}, puppet_tags]} + {% endif %} + + # Step through a series of configuration steps + {{role.name}}Deployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}Deployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 1 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step1 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step3: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step2 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step3 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step4: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step3 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step4 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step5: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step4 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step5 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 5 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + + {% if role.name.lower() == 'compute' %} + CopyEtcConfig: + type: OS::Heat::SoftwareConfig + depends_on: {{role.name}}PostConfig + properties: + group: script + outputs: + - name: result + config: {get_file: ../docker/copy-etc.sh} + + CopyEtcDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: CopyEtcDeployment + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: CopyEtcConfig} + + CopyJsonConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: libvirt_config + - name: nova_config + - name: neutron_openvswitch_agent_config + config: {get_file: ../docker/copy-json.py} + + CopyJsonDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CopyEtcDeployment + properties: + name: CopyJsonDeployment + config: {get_resource: CopyJsonConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + libvirt_config: {get_param: LibvirtConfig} + nova_config: {get_param: NovaConfig} + neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} + + NovaComputeContainersDeploymentOVS: + type: OS::Heat::StructuredDeploymentGroup + depends_on: CopyJsonDeployment + properties: + name: NovaComputeContainersDeploymentOVS + config: {get_resource: NovaComputeContainersConfigOVS} + servers: {get_param: [servers, {{role.name}}]} + + NovaComputeContainersConfigOVS: + type: OS::Heat::StructuredConfig + properties: + group: docker-cmd + config: + openvswitchdb: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] + net: host + restart: always + volumes: + - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /run:/run + - logs:/var/log/kolla/ + - openvswitch_db:/var/lib/openvswitch/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + ovsvswitchd: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] + net: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + NovaComputeContainersDeploymentNetconfig: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: NovaComputeContainersDeploymentOVS + properties: + name: NovaComputeContainersDeploymentNetconfig + config: {get_resource: NovaComputeContainersConfigNetconfig} + servers: {get_param: [servers, {{role.name}}]} + + # We run os-net-config here because we depend on the ovs containers to be up + # and running before we configure the network. This allows explicit timing + # of the network configuration. + NovaComputeContainersConfigNetconfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + outputs: + - name: result + config: | + #!/bin/bash + /usr/local/bin/run-os-net-config + + {{role.name}}ContainersConfig_Step1: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_1]} + + {{role.name}}ContainersConfig_Step2: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_2]} + + {{role.name}}ContainersDeployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig] + properties: + name: {{role.name}}ContainersDeployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step1} + + {{role.name}}ContainersDeployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: {{role.name}}ContainersDeployment_Step1 + properties: + name: {{role.name}}ContainersDeployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step2} + {% endif %} +{% endfor %} diff --git a/docker/services/README.rst b/docker/services/README.rst new file mode 100644 index 00000000..8d1f9e86 --- /dev/null +++ b/docker/services/README.rst @@ -0,0 +1,60 @@ +======== +services +======== + +A TripleO nested stack Heat template that encapsulates generic configuration +data to configure a specific service. This generally includes everything +needed to configure the service excluding the local bind ports which +are still managed in the per-node role templates directly (controller.yaml, +compute.yaml, etc.). All other (global) service settings go into +the puppet/service templates. + +Input Parameters +---------------- + +Each service may define its own input parameters and defaults. +Operators will use the parameter_defaults section of any Heat +environment to set per service parameters. + +Config Settings +--------------- + +Each service may define a config_settings output variable which returns +Hiera settings to be configured. + +Steps +----- + +Each service may define an output variable which returns a puppet manifest +snippet that will run at each of the following steps. Earlier manifests +are re-asserted when applying latter ones. + + * config_settings: Custom hiera settings for this service. These are + used to generate configs. + + * step_config: A puppet manifest that is used to step through the deployment + sequence. Each sequence is given a "step" (via hiera('step') that provides + information for when puppet classes should activate themselves. + + * docker_compose: + + * container_name: + + * volumes: + +Steps correlate to the following: + + 1) Service configuration generation with puppet. + + 2) Early Openstack Service setup (database init?) + + 3) Early containerized networking services startup (OVS) + + 4) Network configuration + + 5) General OpenStack Services + + 6) Service activation (Pacemaker) + + 7) Fencing (Pacemaker) + diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml new file mode 100644 index 00000000..8d092a34 --- /dev/null +++ b/docker/services/neutron-ovs-agent.yaml @@ -0,0 +1,75 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Neutron openvswitch service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOpenvswitchImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent' + type: string + NeutronOpenvswitchAgentPluginVolume: + type: string + default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" + NeutronOpenvswitchAgentOvsVolume: + type: string + default: " " + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronOvsAgentBase: + type: ../../puppet/services/neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Neutron openvswitch service + value: + config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]} + step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]} + puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + docker_config: + step_1: + neutronovsagent: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro + - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro + - {get_param: NeutronOpenvswitchAgentPluginVolume} + - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml new file mode 100644 index 00000000..5c56aeee --- /dev/null +++ b/docker/services/nova-compute.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack containerized Nova Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaComputeBase: + type: ../../puppet/services/nova-compute.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} + step_config: {get_attr: [NovaComputeBase, role_data, step_config]} + puppet_tags: nova_config,nova_paste_api_ini + docker_config: + step_1: + novacompute: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - logs:/var/log/kolla/ + - /etc/iscsi:/etc/iscsi + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml new file mode 100644 index 00000000..36511557 --- /dev/null +++ b/docker/services/nova-libvirt.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Libvirt Service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerLibvirtImage: + description: image + default: 'centos-binary-libvirt' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaLibvirtBase: + type: ../../puppet/services/nova-libvirt.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} + step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]} + puppet_tags: nova_config + docker_config: + step_1: + nova_libvirt: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - /sys/fs/cgroup:/sys/fs/cgroup + - logs:/var/log/kolla/ + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + - nova_libvirt_qemu:/etc/libvirt/qemu + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/services.yaml b/docker/services/services.yaml new file mode 100644 index 00000000..37e7b655 --- /dev/null +++ b/docker/services/services.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2016-10-14 + +description: > + Utility stack to convert an array of services into a set of combined + role configs. + +parameters: + Services: + default: [] + description: | + List nested stack service templates. + type: comma_delimited_list + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + description: Mapping of service -> default password. Used to help + pass top level passwords managed by Heat into services. + type: json + +resources: + + PuppetServices: + type: ../../puppet/services/services.yaml + properties: + Services: {get_param: Services} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + + ServiceChain: + type: OS::Heat::ResourceChain + properties: + resources: {get_param: Services} + concurrent: true + resource_properties: + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: + {get_attr: [PuppetServices, role_data, service_names]} + monitoring_subscriptions: + {get_attr: [PuppetServices, role_data, monitoring_subscriptions]} + logging_sources: + {get_attr: [PuppetServices, role_data, logging_sources]} + logging_groups: + {get_attr: [PuppetServices, role_data, logging_groups]} + service_config_settings: + {get_attr: [PuppetServices, role_data, service_config_settings]} + config_settings: + {get_attr: [PuppetServices, role_data, config_settings]} + global_config_settings: + {get_attr: [PuppetServices, role_data, global_config_settings]} + step_config: + {get_attr: [PuppetServices, role_data, step_config]} + puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]} + docker_config: + step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}} + step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}} diff --git a/environments/docker.yaml b/environments/docker.yaml index c03d8511..0755c61f 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,7 +1,16 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::ComputePostDeployment: ../docker/compute-post.yaml OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml + # NOTE (dprince) here we set new roles to be docker enabled as we add support + #OS::TripleO::ComputePostDeploySteps: ../docker/post.yaml + # NOTE (mandre) Defining per role post deploy steps doesn't work yet + # Set a global PostDeploySteps that works for both containerized and + # non-containerized roles + OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::Services: ../docker/services/services.yaml parameter_defaults: NovaImage: atomic-image @@ -10,11 +19,15 @@ parameter_defaults: DockerNamespace: tripleoupstream # Enable local Docker registry DockerNamespaceIsRegistry: false - # Compute Node Images - DockerComputeImage: centos-binary-nova-compute:latest - DockerAgentImage: heat-docker-agents:latest - DockerComputeDataImage: centos-binary-data:latest - DockerLibvirtImage: centos-binary-nova-libvirt:latest - DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest - DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest - DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest + DockerAgentImage: heat-docker-agents:newton + # Docker containers + DockerNovaComputeImage: centos-binary-nova-compute:newton + DockerLibvirtImage: centos-binary-nova-libvirt:newton + DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton + DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton + DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton + + ComputeServices: + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::ComputeNeutronOvsAgent diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 5116c6da..c01b4888 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -3,4 +3,5 @@ parameter_defaults: EnableInternalTLS: true resource_registry: - OS::TripleO::Services::ApacheTLS: ../../puppet/services/apache-internal-tls-certmonger.yaml + OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml + OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index cee4ae4a..77fa5a49 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -5,7 +5,24 @@ resource_registry: parameter_defaults: ComputeServices: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::CephOSD - -parameter_merge_strategies: - ComputeServices: merge
\ No newline at end of file diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml index ad428686..47b2003d 100644 --- a/environments/low-memory-usage.yaml +++ b/environments/low-memory-usage.yaml @@ -13,3 +13,6 @@ parameter_defaults: ApacheMaxRequestWorkers: 32 ApacheServerLimit: 32 + + ControllerExtraConfig: + 'nova::network::neutron::neutron_url_timeout': '60' diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml index 825a5066..5632d8d6 100644 --- a/environments/manila-cephfsnative-config.yaml +++ b/environments/manila-cephfsnative-config.yaml @@ -1,11 +1,11 @@ # A Heat environment file which can be used to enable a # a Manila CephFS Native driver backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml parameter_defaults: diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml index 9344bc6e..65884a94 100644 --- a/environments/manila-generic-config.yaml +++ b/environments/manila-generic-config.yaml @@ -1,10 +1,10 @@ # This environment file enables Manila with the Generic backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml parameter_defaults: ManilaServiceInstanceUser: '' diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml index 3dadfe5d..7eb14941 100644 --- a/environments/manila-netapp-config.yaml +++ b/environments/manila-netapp-config.yaml @@ -1,10 +1,10 @@ # This environment file enables Manila with the Netapp backend. resource_registry: - OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml - OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: - OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml parameter_defaults: ManilaNetappBackendName: tripleo_netapp diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 821ad0c2..bafb2a73 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -5,6 +5,9 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml +# Disabling Neutron services that overlap with OVN + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index e157ae35..74899246 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -19,7 +19,7 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin' + NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' NeutronEnableDHCPAgent: false NeutronServicePlugins: [] NovaOVSBridge: 'alubr0' diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index b658d3a5..973cbe16 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -30,10 +30,15 @@ parameter_defaults: # affect the agent on the controller node. NeutronL3AgentMode: 'dvr_snat' - # L3 HA isn't supported for DVR enabled routers. If upgrading from a system - # where L3 HA is enabled and has neutron routers configured, it is - # recommended setting this value to true until such time all routers can be - # migrated to DVR routers. Once migration of the routers is complete, - # NeutronL3HA can be returned to false. All new systems should be deployed - # with NeutronL3HA set to false. - NeutronL3HA: false + # Enabling DVR deploys additional services to the compute nodes that through + # normal operation will consume memory. The amount required is roughly + # proportional to the number of Neutron routers that will be scheduled to + # that host. It is necessary to reserve memory on the compute nodes to avoid + # memory issues when creating instances that are connected to routed + # networks. The current expected consumption is 50 MB per router in addition + # to the base reserved amount. Deployers should refer to existing + # documentation, release notes, etc. for additional information on estimating + # an appropriate value. The provided value here is based on an estimate of 10 + # routers and is an example value *only* and should be reviewed and modified + # if necessary before deploying. + NovaReservedHostMemory: 2560 diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8cfbab6d..b8e93f20 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -16,3 +16,6 @@ resource_registry: OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): + + # Services that are disabled for HA deployments with pacemaker + OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/services/panko.yaml b/environments/services/panko.yaml new file mode 100644 index 00000000..28bf99f6 --- /dev/null +++ b/environments/services/panko.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 79c7599f..70a0d31f 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -53,6 +53,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index a49ca343..21f8876a 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -53,6 +53,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index c3fbaf49..6afb3a63 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -5,6 +5,9 @@ parameter_defaults: AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} @@ -50,6 +53,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml index daf07bc7..b700312f 100644 --- a/environments/use-dns-for-vips.yaml +++ b/environments/use-dns-for-vips.yaml @@ -1,5 +1,5 @@ # A Heat environment file which can be used to disable the writing of the VIPs # to the /etc/hosts file in the overcloud. Use this in case you have a working # DNS server that you will provide for the overcloud. -resource_registry: - OS::TripleO::Services::VipHosts: OS::Heat::None +parameter_defaults: + AddVipsToEtcHosts: False diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 1c9acd2b..71ab0767 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -116,6 +116,7 @@ case "${REG_METHOD:-}" in if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then subscription-manager attach $attach_opts fi + subscription-manager repos --disable '*' subscription-manager $repos ;; satellite) diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh index b65f6915..8bdff5e7 100755 --- a/extraconfig/tasks/major_upgrade_check.sh +++ b/extraconfig/tasks/major_upgrade_check.sh @@ -18,14 +18,8 @@ check_pcsd() fi } -check_disk_for_mysql_dump() +mysql_need_update() { - # Where to backup current database if mysql need to be upgraded - MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp - MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup - # Spare disk ratio for extra safety - MYSQL_BACKUP_SIZE_RATIO=1.2 - # Shall we upgrade mysql data directory during the stack upgrade? if [ "$mariadb_do_major_upgrade" = "auto" ]; then ret=$(is_mysql_upgrade_needed) @@ -40,6 +34,17 @@ check_disk_for_mysql_dump() else DO_MYSQL_UPGRADE=1 fi +} + +check_disk_for_mysql_dump() +{ + # Where to backup current database if mysql need to be upgraded + MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp + MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup + # Spare disk ratio for extra safety + MYSQL_BACKUP_SIZE_RATIO=1.2 + + mysql_need_update if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then if [ $DO_MYSQL_UPGRADE -eq 1 ]; then diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index f5105a1a..b0d42806 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -35,6 +35,10 @@ fi yum -y install python-zaqarclient # needed for os-collect-config yum -y update +# Due to bug#1640177 we need to restart compute agent +echo "Restarting openstack ceilometer agent compute" +systemctl restart openstack-ceilometer-compute + ENDOFCAT # ensure the permissions are OK diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index fbdbc30b..080831ab 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -2,8 +2,6 @@ set -eu -cluster_sync_timeout=1800 - check_cluster check_pcsd if [[ -n $(is_bootstrap_node) ]]; then @@ -19,6 +17,11 @@ check_disk_for_mysql_dump # at the end of this script if [[ -n $(is_bootstrap_node) ]]; then STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') + # We create this empty file if stonith was set to true so we can reenable stonith in step2 + rm -f /var/tmp/stonith-true + if [ $STONITH_STATE == "true" ]; then + touch /var/tmp/stonith-true + fi pcs property set stonith-enabled=false fi @@ -28,181 +31,6 @@ fi # services will be restart as there are no other constraints if [[ -n $(is_bootstrap_node) ]]; then migrate_full_to_ng_ha - rabbitmq_mitaka_newton_upgrade -fi - -# After migrating the cluster to HA-NG the services not under pacemaker's control -# are still up and running. We need to stop them explicitely otherwise during the yum -# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which -# is going to take a long time because rabbit is down. By having the service stopped -# systemctl try-restart is a noop - -for service in $(services_to_migrate); do - manage_systemd_service stop "${service%%-clone}" - # So the reason for not reusing check_resource_systemd is that - # I have observed systemctl is-active returning unknown with at least - # one service that was stopped (See LP 1627254) - timeout=600 - tstart=$(date +%s) - tend=$(( $tstart + $timeout )) - check_interval=3 - while (( $(date +%s) < $tend )); do - if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then - echo "$service still active, sleeping $check_interval seconds." - sleep $check_interval - else - # we do not care if it is inactive, unknown or failed as long as it is - # not running - break - fi - - done -done - -# In case the mysql package is updated, the database on disk must be -# upgraded as well. This typically needs to happen during major -# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) -# -# Because in-place upgrades are not supported across 2+ major versions -# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle -# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 -# -# The default is to determine automatically if upgrade is needed based -# on mysql package versionning, but this can be overriden manually -# to support specific upgrade scenario - -if [[ -n $(is_bootstrap_node) ]]; then - if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" - cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" - fi - - pcs resource disable redis - check_resource redis stopped 600 - pcs resource disable rabbitmq - check_resource rabbitmq stopped 600 - pcs resource disable galera - check_resource galera stopped 600 - pcs resource disable openstack-cinder-volume - check_resource openstack-cinder-volume stopped 600 - # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: - # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do - pcs resource disable $vip - check_resource $vip stopped 60 - done - pcs cluster stop --all -fi - - -# Swift isn't controlled by pacemaker -systemctl_swift stop - -tstart=$(date +%s) -while systemctl is-active pacemaker; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_sync_timeout )) ; then - echo_error "ERROR: cluster shutdown timed out" - exit 1 - fi -done - -# The reason we do an sql dump *and* we move the old dir out of -# the way is because it gives us an extra level of safety in case -# something goes wrong during the upgrade. Once the restore is -# successful we go ahead and remove it. If the directory exists -# we bail out as it means the upgrade process had issues in the last -# run. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then - echo_error "ERROR: mysql backup dir already exist" - exit 1 - fi - mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR + rabbitmq_newton_ocata_upgrade fi -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y -q update - -# We need to ensure at least those two configuration settings, otherwise -# mariadb 10.1+ won't activate galera replication. -# wsrep_cluster_address must only be set though, its value does not -# matter because it's overriden by the galera resource agent. -cat >> /etc/my.cnf.d/galera.cnf <<EOF -[mysqld] -wsrep_on = ON -wsrep_cluster_address = gcomm://localhost -EOF - -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - # Scripts run via heat have no HOME variable set and this confuses - # mysqladmin - export HOME=/root - - mkdir /var/lib/mysql || /bin/true - chown mysql:mysql /var/lib/mysql - chmod 0755 /var/lib/mysql - restorecon -R /var/lib/mysql/ - mysql_install_db --datadir=/var/lib/mysql --user=mysql - chown -R mysql:mysql /var/lib/mysql/ - - if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - mysqld_safe --wsrep-new-cluster & - # We have a populated /root/.my.cnf with root/password here so - # we need to temporarily rename it because the newly created - # db is empty and no root password is set - mv /root/.my.cnf /root/.my.cnf.temporary - timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' - mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" - mv /root/.my.cnf.temporary /root/.my.cnf - mysqladmin -u root shutdown - # The import was successful so we may remove the folder - rm -r "$MYSQL_BACKUP_DIR" - fi -fi - -# If we reached here without error we can safely blow away the origin -# mysql dir from every controller - -# TODO: What if the upgrade fails on the bootstrap node, but not on -# this controller. Data may be lost. -if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR -fi - -# Let's reset the stonith back to true if it was true, before starting the cluster -if [[ -n $(is_bootstrap_node) ]]; then - if [ $STONITH_STATE == "true" ]; then - pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true - fi -fi - -# Pin messages sent to compute nodes to kilo, these will be upgraded later -crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" -# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 -# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 -crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit -# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 -# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists -crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" -# LP: 1615035, required only for M/N upgrade. -crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager -# LP: 1627450, required only for M/N upgrade -crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler - -crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index b3a0098c..7cc6735f 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -2,68 +2,186 @@ set -eu -cluster_form_timeout=600 -cluster_settle_timeout=1800 -galera_sync_timeout=600 +cluster_sync_timeout=1800 -if [[ -n $(is_bootstrap_node) ]]; then - pcs cluster start --all +# After migrating the cluster to HA-NG the services not under pacemaker's control +# are still up and running. We need to stop them explicitely otherwise during the yum +# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which +# is going to take a long time because rabbit is down. By having the service stopped +# systemctl try-restart is a noop +for service in $(services_to_migrate); do + manage_systemd_service stop "${service%%-clone}" + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 tstart=$(date +%s) - while pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > cluster_form_timeout )) ; then - echo_error "ERROR: timed out forming the cluster" - exit 1 - fi + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + done +done - if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then - echo_error "ERROR: timed out waiting for cluster to finish transition" - exit 1 +# In case the mysql package is updated, the database on disk must be +# upgraded as well. This typically needs to happen during major +# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) +# +# Because in-place upgrades are not supported across 2+ major versions +# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle +# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 +# +# The default is to determine automatically if upgrade is needed based +# on mysql package versionning, but this can be overriden manually +# to support specific upgrade scenario + +# Calling this function will set the DO_MYSQL_UPGRADE variable which is used +# later +mysql_need_update + +if [[ -n $(is_bootstrap_node) ]]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" + cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" fi - for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do - pcs resource enable $vip - check_resource_pacemaker $vip started 60 + pcs resource disable redis + check_resource redis stopped 600 + pcs resource disable rabbitmq + check_resource rabbitmq stopped 600 + pcs resource disable galera + check_resource galera stopped 600 + pcs resource disable openstack-cinder-volume + check_resource openstack-cinder-volume stopped 600 + # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: + # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do + pcs resource disable $vip + check_resource $vip stopped 60 done + pcs cluster stop --all fi -start_or_enable_service galera -check_resource galera started 600 -start_or_enable_service redis -check_resource redis started 600 -# We need mongod which is now a systemd service up and running before calling -# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes -# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely -# we should be good. -# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm -systemctl start mongod -check_resource mongod started 600 -if [[ -n $(is_bootstrap_node) ]]; then - tstart=$(date +%s) - while ! clustercheck; do - sleep 5 - tnow=$(date +%s) - if (( tnow-tstart > galera_sync_timeout )) ; then - echo_error "ERROR galera sync timed out" - exit 1 - fi - done +# Swift isn't controlled by pacemaker +systemctl_swift stop - # Run all the db syncs - # TODO: check if this can be triggered in puppet and removed from here - ceilometer-dbsync --config-file=/etc/ceilometer/ceilometer.conf - cinder-manage db sync - glance-manage --config-file=/etc/glance/glance-registry.conf db_sync - heat-manage --config-file /etc/heat/heat.conf db_sync - keystone-manage db_sync - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head - nova-manage db sync - nova-manage api_db sync - nova-manage db online_data_migrations - gnocchi-upgrade - sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head +tstart=$(date +%s) +while systemctl is-active pacemaker; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > cluster_sync_timeout )) ; then + echo_error "ERROR: cluster shutdown timed out" + exit 1 + fi +done + +# The reason we do an sql dump *and* we move the old dir out of +# the way is because it gives us an extra level of safety in case +# something goes wrong during the upgrade. Once the restore is +# successful we go ahead and remove it. If the directory exists +# we bail out as it means the upgrade process had issues in the last +# run. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then + echo_error "ERROR: mysql backup dir already exist" + exit 1 + fi + mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + mkdir OVS_UPGRADE || true + pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + echo "Updating openvswitch with nopostun option" + rpm -U --replacepkgs --nopostun ./*.rpm + popd +else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" fi + +yum -y install python-zaqarclient # needed for os-collect-config +yum -y -q update + +# We need to ensure at least those two configuration settings, otherwise +# mariadb 10.1+ won't activate galera replication. +# wsrep_cluster_address must only be set though, its value does not +# matter because it's overriden by the galera resource agent. +cat >> /etc/my.cnf.d/galera.cnf <<EOF +[mysqld] +wsrep_on = ON +wsrep_cluster_address = gcomm://localhost +EOF + +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + # Scripts run via heat have no HOME variable set and this confuses + # mysqladmin + export HOME=/root + + mkdir /var/lib/mysql || /bin/true + chown mysql:mysql /var/lib/mysql + chmod 0755 /var/lib/mysql + restorecon -R /var/lib/mysql/ + mysql_install_db --datadir=/var/lib/mysql --user=mysql + chown -R mysql:mysql /var/lib/mysql/ + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + mysqld_safe --wsrep-new-cluster & + # We have a populated /root/.my.cnf with root/password here so + # we need to temporarily rename it because the newly created + # db is empty and no root password is set + mv /root/.my.cnf /root/.my.cnf.temporary + timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' + mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" + mv /root/.my.cnf.temporary /root/.my.cnf + mysqladmin -u root shutdown + # The import was successful so we may remove the folder + rm -r "$MYSQL_BACKUP_DIR" + fi +fi + +# If we reached here without error we can safely blow away the origin +# mysql dir from every controller + +# TODO: What if the upgrade fails on the bootstrap node, but not on +# this controller. Data may be lost. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + +# Let's reset the stonith back to true if it was true, before starting the cluster +if [[ -n $(is_bootstrap_node) ]]; then + if [ -f /var/tmp/stonith-true ]; then + pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true + fi + rm -f /var/tmp/stonith-true +fi + +# Pin messages sent to compute nodes to kilo, these will be upgraded later +crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" +# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 +# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 +crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit +# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 +# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists +crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" +# LP: 1615035, required only for M/N upgrade. +crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager +# LP: 1627450, required only for M/N upgrade +crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler + +crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm + diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index b653c7c7..6748f891 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -2,25 +2,67 @@ set -eu -start_or_enable_service rabbitmq -check_resource rabbitmq started 600 +cluster_form_timeout=600 +cluster_settle_timeout=1800 +galera_sync_timeout=600 + +if [[ -n $(is_bootstrap_node) ]]; then + pcs cluster start --all + + tstart=$(date +%s) + while pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > cluster_form_timeout )) ; then + echo_error "ERROR: timed out forming the cluster" + exit 1 + fi + done + + if ! timeout -k 10 $cluster_settle_timeout crm_resource --wait; then + echo_error "ERROR: timed out waiting for cluster to finish transition" + exit 1 + fi + + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do + pcs resource enable $vip + check_resource_pacemaker $vip started 60 + done +fi + +start_or_enable_service galera +check_resource galera started 600 start_or_enable_service redis check_resource redis started 600 -start_or_enable_service openstack-cinder-volume -check_resource openstack-cinder-volume started 600 - +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 -# Swift isn't controled by pacemaker -systemctl_swift start +if [[ -n $(is_bootstrap_node) ]]; then + tstart=$(date +%s) + while ! clustercheck; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > galera_sync_timeout )) ; then + echo_error "ERROR galera sync timed out" + exit 1 + fi + done -# We need to start the systemd services we explicitely stopped at step _1.sh -# FIXME: Should we let puppet during the convergence step do the service enabling or -# should we add it here? -services=$(services_to_migrate) -if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then - services=${services%%openstack-sahara*} + # Run all the db syncs + # TODO: check if this can be triggered in puppet and removed from here + ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types + cinder-manage db sync + glance-manage --config-file=/etc/glance/glance-registry.conf db_sync + heat-manage --config-file /etc/heat/heat.conf db_sync + keystone-manage db_sync + neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + nova-manage db sync + nova-manage api_db sync + nova-manage db online_data_migrations + sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi -for service in $services; do - manage_systemd_service start "${service%%-clone}" - check_resource_systemd "${service%%-clone}" started 600 -done diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh new file mode 100755 index 00000000..d2cb9553 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_4.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -eu + +start_or_enable_service rabbitmq +check_resource rabbitmq started 600 +start_or_enable_service redis +check_resource redis started 600 +start_or_enable_service openstack-cinder-volume +check_resource openstack-cinder-volume started 600 + +# start httpd so keystone is available for gnocchi +# upgrade to run. +systemctl start httpd + +# Swift isn't controled by pacemaker +systemctl_swift start diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh new file mode 100755 index 00000000..fa95f1f8 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_5.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -eu + +if [[ -n $(is_bootstrap_node) ]]; then + # run gnocchi upgrade + gnocchi-upgrade +fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh new file mode 100755 index 00000000..d569084d --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_6.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eu + +# We need to start the systemd services we explicitely stopped at step _1.sh +# FIXME: Should we let puppet during the convergence step do the service enabling or +# should we add it here? +services=$(services_to_migrate) +if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then + services=${services%%openstack-sahara*} +fi +for service in $services; do + manage_systemd_service start "${service%%-clone}" + check_resource_systemd "${service%%-clone}" started 600 +done diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 7c78d5ad..b0418a56 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -113,7 +113,20 @@ resources: config: list_join: - '' - - - get_file: pacemaker_common_functions.sh + - - str_replace: + template: | + #!/bin/bash + upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' + params: + UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - str_replace: + template: | + #!/bin/bash + mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' + params: + MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} + - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_check.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_2.sh @@ -132,6 +145,63 @@ resources: config: list_join: - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_3.sh + + ControllerPacemakerUpgradeDeployment_Step3: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step2 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step3} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step4: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_4.sh + + ControllerPacemakerUpgradeDeployment_Step4: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step3 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step4} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step5: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_5.sh + + ControllerPacemakerUpgradeDeployment_Step5: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step4 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step5} + input_values: {get_param: input_values} + + ControllerPacemakerUpgradeConfig_Step6: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' - - str_replace: template: | #!/bin/bash @@ -140,13 +210,12 @@ resources: KEEP_SAHARA_SERVICES_ON_UPGRADE: {get_param: KeepSaharaServicesOnUpgrade} - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_pacemaker_migrations.sh - - get_file: major_upgrade_controller_pacemaker_3.sh + - get_file: major_upgrade_controller_pacemaker_6.sh - ControllerPacemakerUpgradeDeployment_Step3: + ControllerPacemakerUpgradeDeployment_Step6: type: OS::Heat::SoftwareDeploymentGroup - depends_on: ControllerPacemakerUpgradeDeployment_Step2 + depends_on: ControllerPacemakerUpgradeDeployment_Step5 properties: servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerPacemakerUpgradeConfig_Step3} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step6} input_values: {get_param: input_values} - diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 7c9083a4..6d02acc8 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -179,3 +179,23 @@ function disable_standalone_ceilometer_api { fi fi } + + +# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton +# In newton we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" +# In ocata we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" +# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) +# Note that changing an attribute like this makes the rabbitmq resource restart +function rabbitmq_newton_ocata_upgrade { + if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then + # Number of controller is obtained by counting how many hostnames we + # have in controller_node_names hiera key + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + fi +} diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp index 1c376285..a8d43663 100644 --- a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp +++ b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp @@ -48,7 +48,13 @@ $mongodb_replset = hiera('mongodb::server::replset') $mongo_node_string = join($mongo_node_ips_with_port, ',') $database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" -include ::ceilometer +$rabbit_hosts = hiera('rabbitmq_node_ips', undef) +$rabbit_port = hiera('ceilometer::rabbit_port', 5672) +$rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + +class { '::ceilometer' : + rabbit_hosts => $rabbit_endpoints, +} class {'::ceilometer::db': database_connection => $database_connection, diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 4f17b69a..2c7dfc35 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -284,7 +284,7 @@ function systemctl_swift { services=$(systemctl | grep openstack-swift- | grep running | awk '{print $1}') ;; start) - enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage') + enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::swift::storage::enable_swift_storage) if [[ $enable_swift_storage != "true" ]]; then services=( openstack-swift-proxy ) fi diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index 3da7efec..49d39bc8 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -4,11 +4,14 @@ set -eux # Run if pacemaker is running, we're the bootstrap node, # and we're updating the deployment (not creating). -if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then + +RESTART_FOLDER="/var/lib/tripleo/pacemaker-restarts" + +if [[ -d "$RESTART_FOLDER" && -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then TIMEOUT=600 - SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)" PCS_STATUS_OUTPUT="$(pcs status)" + SERVICES_TO_RESTART="$(ls $RESTART_FOLDER)" for service in $SERVICES_TO_RESTART; do if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then @@ -20,6 +23,11 @@ if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then for service in $SERVICES_TO_RESTART; do echo "Restarting $service..." pcs resource restart --wait=$TIMEOUT $service - rm -f /var/lib/tripleo/pacemaker-restarts/$service + rm -f "$RESTART_FOLDER"/$service done + +fi + +if [ $(systemctl is-active haproxy) = "active" ]; then + systemctl reload haproxy fi diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index c2d7d58d..8a88ee64 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -62,6 +62,19 @@ if [[ "$pacemaker_status" == "active" && \ fi fi +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + mkdir OVS_UPGRADE || true + pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + echo "Updating openvswitch with nopostun option" + rpm -U --replacepkgs --nopostun ./*.rpm + popd +else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" +fi if [[ "$pacemaker_status" == "active" ]] ; then echo "Pacemaker running, stopping cluster node and doing full package update" @@ -73,27 +86,14 @@ if [[ "$pacemaker_status" == "active" ]] ; then pcs cluster stop fi else - echo "Upgrading openstack-puppet-modules" + echo "Upgrading openstack-puppet-modules and its dependencies" yum -q -y update openstack-puppet-modules + yum deplist openstack-puppet-modules | awk '/dependency/{print $2}' | xargs yum -q -y update echo "Upgrading other packages is handled by config management tooling" echo -n "true" > $heat_outputs_path.update_managed_packages exit 0 fi -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi - command=${command:-update} full_command="yum -q -y $command $command_arguments" echo "Running: $full_command" @@ -103,6 +103,17 @@ return_code=$? echo "$result" echo "yum return code: $return_code" +# Writes any changes caused by alterations to os-net-config and bounces the +# interfaces *before* restarting the cluster. +os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes +RETVAL=$? +if [[ $RETVAL == 2 ]]; then + echo "os-net-config: interface configuration files updated successfully" +elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed" + exit $RETVAL +fi + if [[ "$pacemaker_status" == "active" ]] ; then echo "Starting cluster node" pcs cluster start diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml index f8891b29..63d5bbf8 100644 --- a/firstboot/userdata_heat_admin.yaml +++ b/firstboot/userdata_heat_admin.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: 2016-10-14 parameters: # Can be overridden via parameter_defaults in the environment @@ -6,6 +6,10 @@ parameters: type: string default: heat-admin + node_admin_extra_ssh_keys: + type: comma_delimited_list + default: [] + description: > Uses cloud-init to create an additional user with a known name, in addition to the distro-default user created by the cloud-init default. @@ -23,6 +27,8 @@ resources: properties: cloud_config: user: {get_param: node_admin_username} + ssh_authorized_keys: {get_param: node_admin_extra_ssh_keys} + outputs: OS::stack_id: diff --git a/hosts-config.yaml b/hosts-config.yaml index df0addfd..b5a22b7f 100644 --- a/hosts-config.yaml +++ b/hosts-config.yaml @@ -3,7 +3,7 @@ description: 'All Hosts Config' parameters: hosts: - type: comma_delimited_list + type: string resources: @@ -12,10 +12,7 @@ resources: properties: group: os-apply-config config: - hosts: - list_join: - - "\n" - - {get_param: hosts} + hosts: {get_param: hosts} outputs: config_id: diff --git a/net-config-bond.yaml b/net-config-bond.yaml index ec881bdc..db6ff2c7 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -1,20 +1,22 @@ -heat_template_version: 2016-10-14 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. - parameters: BondInterfaceOvsOptions: default: '' - description: | - The ovs_options string for the bond interface. Set things like + description: 'The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + + ' type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ControlPlaneIp: default: '' description: IP address/subnet on the ctlplane network @@ -43,43 +45,35 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: ovs_bond + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 use_dhcp: true - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - # os-net-config translates nic1 => em1 (for example) - - - type: interface - name: nic1 - - - type: interface - name: nic2 - + - type: interface + name: nic1 + - type: interface + name: nic2 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index 4f7a19dc..e7b96695 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -32,35 +30,29 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index 0980803e..d8274f3c 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -35,43 +33,45 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string - default: '192.0.2.1' + default: 192.0.2.1 EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - default: '169.254.169.254/32' - - + default: 169.254.169.254/32 resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ControlPlaneIp} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + addresses: + - ip_netmask: + get_param: ControlPlaneIp + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - routes: - - - ip_netmask: 0.0.0.0/0 - next_hop: {get_param: ControlPlaneDefaultRoute} + routes: + - ip_netmask: 0.0.0.0/0 + next_hop: + get_param: ControlPlaneDefaultRoute default: true - - - ip_netmask: {get_param: EC2MetadataIp} - next_hop: {get_param: ControlPlaneDefaultRoute} - + - ip_netmask: + get_param: EC2MetadataIp + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index 6dbe5982..a1d86728 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,53 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: interface - # would like to do the following, but can't b/c of: - # https://bugs.launchpad.net/heat/+bug/1344284 - # name: - # list_join: - # - '/' - # - - {get_input: bridge_name} - # - ':0' - # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in - # controller.yaml anyway. - name: br-ex:0 - addresses: - - - ip_netmask: + - type: interface + name: br-ex:0 + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index a3d6d8b5..1e1498b3 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,42 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static.yaml b/net-config-static.yaml index 9de16cd8..c67b4e99 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -46,37 +44,39 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: {get_input: interface_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: interface_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 9f537c02..2f92f4b5 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the ceph storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,64 +88,63 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -161,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index b4d71fa3..0e53e202 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the cinder storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index 3fc764be..a9b314a4 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,8 +32,8 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string ExternalNetworkVlanID: default: 10 @@ -70,7 +67,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -84,71 +81,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -163,30 +159,25 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - - - type: ovs_user_bridge - name: br-link - members: - - - type: ovs_dpdk_bond + - type: ovs_user_bridge + name: br-link + members: + - type: ovs_dpdk_bond name: dpdkbond0 members: - - - type: ovs_dpdk_port - name: dpdk0 - members: - - - type: interface - name: nic4 - - - type: ovs_dpdk_port - name: dpdk1 - members: - - - type: interface - name: nic5 - + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic4 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic5 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index b2cfb0a2..4cac448b 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 4c3e59fa..46090974 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,79 +88,76 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -176,8 +172,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 1361d969..d07a26ff 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -1,11 +1,8 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role with IPv6 on the External - network. The IPv6 default route is on the External network, and the - IPv4 default route is on the Control Plane. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6 + on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control + Plane. parameters: ControlPlaneIp: default: '' @@ -36,15 +33,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -77,7 +76,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -91,91 +90,88 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -191,8 +187,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 677c90c5..e2973a72 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -34,15 +31,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,86 +88,85 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -184,8 +182,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index e16d6b6e..5bdba802 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the swift storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index c31c6e65..e9c34213 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the ceph storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,48 +76,48 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -135,8 +132,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index 4f8b7f64..f58f1168 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the cinder storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 77514745..9b0c8c02 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the compute role. - + Software Config to drive os-net-config to configure multiple interfaces for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,62 +76,58 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -150,8 +143,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index da1f95f1..a0ed9f78 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role with IPv6 on the External network. The IPv6 - default route is on the External network, and the IPv4 default route - is on the Control Plane. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External + network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,89 +77,81 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -180,8 +168,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 7a1f9e5f..e38c545c 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,84 +76,77 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -173,8 +163,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 05083105..1ad503a7 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the swift storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index fc8e8b6f..0a6faa79 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,54 +76,55 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -141,8 +139,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 6fb247ed..5abaea66 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index e31720d8..aa63dd3a 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,68 +76,69 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index 80125149..28cf6ced 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -63,7 +59,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,81 +77,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -163,7 +157,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -171,8 +165,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index aef5d4e3..566f1feb 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,81 +76,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -161,7 +156,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -169,8 +164,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index a5d2f966..fe948ad1 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 6fa288af..6e0a97da 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -53,7 +50,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -67,52 +64,53 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -126,8 +124,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index d1135776..f58665f7 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index bd3cef34..40264284 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index 8e8b0f5d..b9aec1ea 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. No external IP is configured. - + Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,64 +76,65 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -150,8 +148,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index ecbf2efb..4f065d1e 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,76 +77,74 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 - # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -165,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index c5979a89..4a615d91 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,71 +76,72 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -158,8 +156,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index 7b06580c..88f69b4d 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 1df3b665..aeda0a9f 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -37,6 +37,15 @@ Gnocchi: net_param: GnocchiApi port: 8041 +Panko: + Internal: + net_param: PankoApi + Public: + net_param: Public + Admin: + net_param: PankoApi + port: 8779 + Cinder: Internal: net_param: CinderApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 43fb20cc..5e582d41 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -70,6 +70,9 @@ parameters: NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} @@ -5311,6 +5314,249 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyPublic, port] + PankoAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoAdmin, port] + protocol: + get_param: [EndpointMap, PankoAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + PankoInternal: + host: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoInternal, port] + protocol: + get_param: [EndpointMap, PankoInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + PankoPublic: + host: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, PankoPublic, port] + protocol: + get_param: [EndpointMap, PankoPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] SaharaAdmin: host: str_replace: diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh new file mode 100755 index 00000000..fc1e6d54 --- /dev/null +++ b/network/scripts/run-os-net-config.sh @@ -0,0 +1,136 @@ +#!/bin/bash +# Note this script expects the following environment variables to be set +# normally these are provided by the calling SoftwareConfig resource, but +# they may also be set manually for testing +# $bridge_name : The bridge device name to apply +# $interface_name : The interface name to apply +# +# Also this token is replaced via a str_replace in the SoftwareConfig running +# the script - in future we may extend this to also work with a variable, e.g +# a deployment input via input_values +# $network_config : the json serialized os-net-config config to apply +# +set -ux + +function get_metadata_ip() { + + local METADATA_IP + + # Look for a variety of Heat transports + # FIXME: Heat should provide a way to obtain this in a single place + for URL in os-collect-config.cfn.metadata_url os-collect-config.heat.auth_url os-collect-config.request.metadata_url os-collect-config.zaqar.auth_url; do + METADATA_IP=$(os-apply-config --key $URL --key-default '' --type raw 2>/dev/null | sed -e 's|http.*://\([^:]*\).*|\1|') + [ -n "$METADATA_IP" ] && break + done + + echo $METADATA_IP + +} + +function is_local_ip() { + local IP_TO_CHECK=$1 + if ip -o a | grep "inet6\? $IP_TO_CHECK/" &>/dev/null; then + return 0 + else + return 1 + fi +} + +function ping_metadata_ip() { + local METADATA_IP=$(get_metadata_ip) + + if [ -n "$METADATA_IP" ] && ! is_local_ip $METADATA_IP; then + + echo -n "Trying to ping metadata IP ${METADATA_IP}..." + + local COUNT=0 + until ping -c 1 $METADATA_IP &> /dev/null; do + COUNT=$(( $COUNT + 1 )) + if [ $COUNT -eq 10 ]; then + echo "FAILURE" + echo "$METADATA_IP is not pingable." >&2 + exit 1 + fi + done + echo "SUCCESS" + + else + echo "No metadata IP found. Skipping." + fi +} + +function configure_safe_defaults() { + +[[ $? == 0 ]] && return 0 + +cat > /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT +# This file is an autogenerated safe defaults file for os-net-config +# which runs DHCP on all discovered interfaces to ensure connectivity +# back to the undercloud for updates +network_config: +EOF_CAT + + for iface in $(ls /sys/class/net | grep -v ^lo$); do + local mac_addr_type="$(cat /sys/class/net/${iface}/addr_assign_type)" + if [ "$mac_addr_type" != "0" ]; then + echo "Device has generated MAC, skipping." + else + ip link set dev $iface up &>/dev/null + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + + TRIES=10 + while [ "$HAS_LINK" == "0" -a $TRIES -gt 0 ]; do + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + if [ "$HAS_LINK" == "1" ]; then + break + else + sleep 1 + fi + TRIES=$(( TRIES - 1 )) + done + if [ "$HAS_LINK" == "1" ] ; then +cat >> /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT + - + type: interface + name: $iface + use_dhcp: true +EOF_CAT + fi + fi + done + os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: configuration of safe defaults failed." + fi +} + +if [ -n '$network_config' ]; then + trap configure_safe_defaults EXIT + + mkdir -p /etc/os-net-config + # Note these variables come from the calling heat SoftwareConfig + echo '$network_config' > /etc/os-net-config/config.json + sed -i "s/bridge_name/$bridge_name/" /etc/os-net-config/config.json + sed -i "s/interface_name/$interface_name/" /etc/os-net-config/config.json + + os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + + #NOTE: dprince this udev rule can apparently leak DHCP processes? + # https://bugs.launchpad.net/tripleo/+bug/1538259 + # until we discover the root cause we can simply disable the + # rule because networking has already been configured at this point + if [ -f /etc/udev/rules.d/99-dhcp-all-interfaces.rules ]; then + rm /etc/udev/rules.d/99-dhcp-all-interfaces.rules + fi + + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed." >&2 + exit 1 + fi +fi diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 61c97f13..0cb6571f 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -25,6 +25,7 @@ parameters: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api AodhApiNetwork: internal_api + PankoApiNetwork: internal_api BarbicanApiNetwork: internal_api GnocchiApiNetwork: internal_api MongodbNetwork: internal_api diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 980a7189..30b9f2b9 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -11,6 +11,7 @@ resource_registry: OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml {% for role in roles %} + OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None @@ -57,6 +58,9 @@ resource_registry: OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml + OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None + # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when # configuration with knowledge of all nodes in the cluster is required vs single @@ -121,6 +125,7 @@ resource_registry: OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml + OS::TripleO::Services::MySQLTLS: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml @@ -177,16 +182,15 @@ resource_registry: OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml - OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::FluentdClient: OS::Heat::None OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml - OS::Tripleo::Services::ManilaApi: OS::Heat::None - OS::Tripleo::Services::ManilaScheduler: OS::Heat::None - OS::Tripleo::Services::ManilaShare: OS::Heat::None - OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None - OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None - OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None + OS::TripleO::Services::ManilaApi: OS::Heat::None + OS::TripleO::Services::ManilaScheduler: OS::Heat::None + OS::TripleO::Services::ManilaShare: OS::Heat::None + OS::TripleO::Services::ManilaBackendGeneric: OS::Heat::None + OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None + OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::BarbicanApi: OS::Heat::None @@ -194,6 +198,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml + OS::TripleO::Services::PankoApi: OS::Heat::None OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None OS::TripleO::Services::MistralExecutor: OS::Heat::None @@ -214,3 +219,8 @@ resource_registry: parameter_defaults: EnablePackageInstall: false SoftwareConfigTransport: POLL_TEMP_URL + +{% for role in roles %} + # Parameters generated for {{role.name}} Role + {{role.name}}Services: {{role.ServicesDefault|default([])}} +{% endfor %} diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 3e4dae8c..ba1c6b36 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -121,7 +121,6 @@ parameters: resource_registry) which represent nested stacks for each service that should get installed on the {{role.name}} role. type: comma_delimited_list - default: {{role.ServicesDefault|default([])}} {{role.name}}Count: description: Number of {{role.name}} nodes to deploy @@ -171,9 +170,50 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + AddVipsToEtcHosts: + default: True + type: boolean + description: > + Set to true to append per network Vips to /etc/hosts on each node. + +conditions: + add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} resources: + VipHosts: + type: OS::Heat::Value + properties: + type: string + value: + list_join: + - '\n' + - - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, external]} + HOST: {get_param: CloudName} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, ctlplane]} + HOST: {get_param: CloudNameCtlplane} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, internal_api]} + HOST: {get_param: CloudNameInternal} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage]} + HOST: {get_param: CloudNameStorage} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} + HOST: {get_param: CloudNameStorageManagement} + HeatAuthEncryptionKey: type: OS::Heat::RandomString @@ -232,8 +272,19 @@ resources: config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} input_values: - bootstrap_nodeid: {get_attr: [{{role.name}}, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [{{role.name}}, resource.0.ip_address]} + # Note we have to use yaql to look up the first hostname/ip in the + # list because heat path based attributes operate on the attribute + # inside the ResourceGroup, not the exposed list ref discussion in + # https://bugs.launchpad.net/heat/+bug/1640488 + # The coalesce is needed because $.data is None during heat validation + bootstrap_nodeid: + yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{role.name}}, hostname]} + bootstrap_nodeid_ip: + yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{role.name}}, ip_address]} {{role.name}}AllNodesValidationDeployment: type: OS::Heat::StructuredDeployments @@ -300,7 +351,7 @@ resources: # - The outer one filters the map based on the services enabled for the role # then merges the result into one map. - yaql: - expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {}) data: map: yaql: @@ -318,8 +369,15 @@ resources: type: OS::TripleO::Hosts::SoftwareConfig properties: hosts: + list_join: + - '\n' + - - if: + - add_vips_to_etc_hosts + - {get_attr: [VipHosts, value]} + - '' + - {% for role in roles %} - - list_join: + - list_join: - '\n' - {get_attr: [{{role.name}}, hosts_entry]} {% endfor %} @@ -532,8 +590,8 @@ resources: # Post deployment steps for all roles AllNodesDeploySteps: type: OS::TripleO::PostDeploySteps -{% for role in roles %} depends_on: +{% for role in roles %} - {{role.name}}AllNodesDeployment {% endfor %} properties: @@ -556,60 +614,6 @@ outputs: KeystoneAdminVip: description: Keystone Admin VIP endpoint value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - PublicVip: - description: Controller VIP for public API endpoints - value: {get_attr: [VipMap, net_ip_map, external]} - AodhInternalVip: - description: VIP for Aodh API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} - BarbicanInternalVip: - description: VIP for Barbican API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, BarbicanApiNetwork]}]} - CeilometerInternalVip: - description: VIP for Ceilometer API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} - CephRgwInternalVip: - description: VIP for Ceph RGW internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephRgwNetwork]}]} - CinderInternalVip: - description: VIP for Cinder API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} - GlanceInternalVip: - description: VIP for Glance API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} - GnocchiInternalVip: - description: VIP for Gnocchi API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} - MistralInternalVip: - description: VIP for Mistral API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MistralApiNetwork]}]} - HeatInternalVip: - description: VIP for Heat API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} - IronicInternalVip: - description: VIP for Ironic API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} - KeystoneInternalVip: - description: VIP for Keystone API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - ManilaInternalVip: - description: VIP for Manila API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} - NeutronInternalVip: - description: VIP for Neutron API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} - NovaInternalVip: - description: VIP for Nova API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} - OpenDaylightInternalVip: - description: VIP for OpenDaylight API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} - SaharaInternalVip: - description: VIP for Sahara API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} - SwiftInternalVip: - description: VIP for Swift Proxy internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} EndpointMap: description: | Mapping of the resources with the needed info for their endpoints. @@ -625,32 +629,7 @@ outputs: list_join: - "\n" - - {get_attr: [hostsConfig, hosts_entries]} - - - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, external]} - HOST: {get_param: CloudName} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, ctlplane]} - HOST: {get_param: CloudNameCtlplane} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, internal_api]} - HOST: {get_param: CloudNameInternal} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, storage]} - HOST: {get_param: CloudNameStorage} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - HOST: {get_param: CloudNameStorageManagement} + - - {get_attr: [VipHosts, value]} EnabledServices: description: The services enabled on each role value: diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 8b695fff..34f10a21 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -66,6 +66,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 55b26336..0854330e 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -72,6 +72,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -253,6 +254,7 @@ resources: - extraconfig - service_names - service_configs + - ceph - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 4d77d6d3..070f19c5 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -87,6 +87,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain diff --git a/puppet/config.role.j2.yaml b/puppet/config.role.j2.yaml index e59a0216..552c59b2 100644 --- a/puppet/config.role.j2.yaml +++ b/puppet/config.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > A software config which runs puppet on the {{role}} role @@ -12,6 +12,14 @@ parameters: type: string description: Config manifests that will be used to step through the deployment. default: '' + PuppetTags: + type: string + description: List of comma-separated tags to limit puppet catalog to. + default: '' + +conditions: + + puppet_tags_empty: {equals : [{get_param: PuppetTags}, '']} resources: @@ -24,6 +32,13 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + tags: + if: + - puppet_tags_empty + - '' + - list_join: + - ',' + - ['file,concat,file_line', {get_param: PuppetTags}] outputs: - name: result inputs: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index b1433b04..3fc691a0 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -101,6 +101,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 22fde9a7..8bcbbf4c 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -8,7 +8,7 @@ trap cleanup EXIT if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do - curl -o $TMP_DATA/file_data "$artifact_urls" + curl --globoff -o $TMP_DATA/file_data "$artifact_urls" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then yum install -y $TMP_DATA/file_data elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index d7681d10..be638c56 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -66,6 +66,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 65c96ac2..582eb28d 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -47,73 +47,39 @@ resources: properties: StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - # Step through a series of configuration steps - {{role.name}}Deployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - properties: - name: {{role.name}}Deployment_Step1 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Deployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step1 - {% endfor %} + {% if role.name == 'Controller' %} + ControllerPrePuppet: + type: OS::TripleO::Tasks::ControllerPrePuppet properties: - name: {{role.name}}Deployment_Step2 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + servers: {get_param: [servers, Controller]} input_values: - step: 2 update_identifier: {get_param: DeployIdentifier} + {% endif %} - {{role.name}}Deployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step2 - {% endfor %} - properties: - name: {{role.name}}Deployment_Step3 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} + # Step through a series of configuration steps +{% for step in range(1, 6) %} + {% for role in roles %} - {{role.name}}Deployment_Step4: + {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% else %} depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step3 - {% endfor %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} properties: - name: {{role.name}}Deployment_Step4 + name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}Config} input_values: - step: 4 + step: {{step}} update_identifier: {get_param: DeployIdentifier} - {{role.name}}Deployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step4 {% endfor %} - properties: - name: {{role.name}}Deployment_Step5 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} +{% endfor %} {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig @@ -136,4 +102,16 @@ resources: type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} + + {% if role.name == 'Controller' %} + ControllerPostPuppet: + depends_on: + - ControllerExtraConfigPost + type: OS::TripleO::Tasks::ControllerPostPuppet + properties: + servers: {get_param: [servers, Controller]} + input_values: + update_identifier: {get_param: DeployIdentifier} + {% endif %} + {% endfor %} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index e4307001..ad5e4794 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -72,6 +72,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -259,6 +260,7 @@ resources: - extraconfig - service_names - service_configs + - {{role.lower()}} - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 48cc4af6..daed1665 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -21,11 +21,6 @@ parameters: MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string - EnableCombinationAlarms: - default: false - description: Combination alarms are deprecated in Newton, hence disabled - by default. To enable, set this parameter to true. - type: boolean EnableInternalTLS: type: boolean default: false @@ -83,7 +78,6 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} - tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} service_config_settings: get_attr: [AodhBase, role_data, service_config_settings] step_config: | diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index cf57680c..b266674f 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -52,6 +52,9 @@ parameters: default: guest description: The username for RabbitMQ type: string + EnableInternalTLS: + type: boolean + default: false resources: @@ -85,7 +88,7 @@ outputs: barbican::api::rabbit_heartbeat_timeout_threshold: 60 barbican::api::service_name: 'httpd' barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]} - barbican::wsgi::apache::ssl: false + barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS} barbican::wsgi::apache::workers: {get_param: BarbicanWorkers} barbican::wsgi::apache::servername: str_replace: @@ -125,3 +128,17 @@ outputs: barbican::keystone::auth::password: {get_param: BarbicanPassword} barbican::keystone::auth::region: {get_param: KeystoneRegion} barbican::keystone::auth::tenant: 'service' + nova_compute: + nova::compute::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + nova::compute::barbican_endpoint: + get_param: [EndpointMap, BarbicanInternal, uri] + nova::compute::barbican_auth_endpoint: + get_param: [EndpointMap, KeystoneV3Internal, uri] + cinder_api: + cinder::api::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + cinder::api::keymgr_encryption_api_url: + get_param: [EndpointMap, BarbicanInternal, uri] + cinder::api::keymgr_encryption_auth_url: + get_param: [EndpointMap, KeystoneV3Internal, uri] diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 4ace7526..ded1bc03 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -36,6 +36,12 @@ parameters: type: string constraints: - allowed_values: ['gnocchi', 'database'] + CeilometerEventDispatcher: + default: ['gnocchi'] + description: Comma-separated list of Dispatchers to process events data + type: comma_delimited_list + constraints: + - allowed_values: ['panko', 'gnocchi', 'database'] CeilometerWorkers: default: 0 description: Number of workers for Ceilometer service. @@ -102,6 +108,7 @@ outputs: ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher} ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 7d75074c..b708665f 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Ceph External service. @@ -27,9 +27,20 @@ parameters: GlanceRbdPoolName: default: images type: string + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaRbdPoolName: default: vms type: string @@ -51,6 +62,16 @@ parameters: default: 'overcloud-ceph-external' type: string +conditions: + glance_multiple_locations: + and: + - equals: + - get_param: GlanceBackend + - rbd + - equals: + - get_param: NovaEnableRbdBackend + - true + outputs: role_data: description: Role data for the Ceph External service. @@ -78,7 +99,16 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + ceph::profile::params::manage_repo: false + # FIXME(gfidente): we should not have to list the packages explicitly in + # the templates, but this should stay until the following is fixed: + # https://bugs.launchpad.net/puppet-ceph/+bug/1629933 + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd service_config_settings: - get_attr: [CephBase, role_data, service_config_settings] + glance_api: + glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} step_config: | include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 18a4b780..89c1a5ee 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -55,15 +55,9 @@ outputs: - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - ceph::profile::params::frontend_type: 'civetweb' - ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]} - ceph::profile::params::rgw_frontends: - list_join: - - '' - - - 'civetweb port=' - - '%{hiera("ceph_rgw_civetweb_bind_address")}' - - ':' - - {get_param: [EndpointMap, CephRgwInternal, port]} + tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} + tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} + ceph::params::user_radosgw: ceph tripleo.ceph_rgw.firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index fe48667a..803d8b83 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -43,6 +43,9 @@ parameters: type: string description: Set the number of workers for cinder::wsgi::apache default: '"%{::os_workers}"' + EnableInternalTLS: + type: boolean + default: false conditions: cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]} @@ -55,6 +58,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} CinderBase: type: ./cinder-base.yaml @@ -94,21 +98,26 @@ outputs: dport: - 8776 - 13776 + cinder::api::bind_host: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} + cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} + cinder::api::service_name: 'httpd' # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} - cinder::api::service_name: 'httpd' - cinder::wsgi::apache::ssl: false cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::servername: str_replace: template: '"%{::fqdn_$NETWORK}"' params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} - if: - cinder_workers_zero diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml new file mode 100644 index 00000000..3ba51fb6 --- /dev/null +++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-10-14 + +description: > + MySQL configurations for using TLS via certmonger. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + # The following parameters are not needed by the template but are + # required to pass the pep8 tests + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: MySQL configurations for using TLS via certmonger. + value: + service_name: mysql_internal_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 094a7c9f..651bf4b1 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -35,50 +35,60 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean +resources: + + MySQLTLS: + type: OS::TripleO::Services::MySQLTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} + outputs: role_data: description: Service MySQL using composable services. value: service_name: mysql config_settings: - # The Galera package should work in cluster and - # non-cluster modes based on the config file. - # We set the package name here explicitly so - # that it matches what we pre-install - # in tripleo-puppet-elements. - mysql::server::package_name: 'mariadb-galera-server' - mysql::server::manage_config_file: true - tripleo.mysql.firewall_rules: - '104 mysql galera': - dport: - - 873 - - 3306 - - 4444 - - 4567 - - 4568 - - 9200 - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql::server::root_password: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: MysqlRootPassword} - - {get_param: [DefaultPasswords, mysql_root_password]} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - enable_galera: {get_param: EnableGalera} - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::bind_address: - str_replace: - template: - '"%{::fqdn_$NETWORK}"' - params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + map_merge: + - get_attr: [MySQLTLS, role_data, config_settings] + - + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true + tripleo.mysql.firewall_rules: + '104 mysql galera': + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index e3397769..ac15de4f 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -41,6 +41,9 @@ parameters: default: tag: openstack.gnocchi.api path: /var/log/gnocchi/app.log + EnableInternalTLS: + type: boolean + default: false resources: @@ -57,6 +60,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -83,7 +87,7 @@ outputs: gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' - gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS} gnocchi::wsgi::apache::servername: str_replace: template: @@ -98,7 +102,12 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} - gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + gnocchi::api::host: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 04339f46..983d6c91 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -39,5 +39,9 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] + - tripleo.gnocchi_statsd.firewall_rules: + '140 gnocchi-statsd': + dport: 8125 + proto: 'udp' step_config: | include ::tripleo::profile::base::gnocchi::statsd diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 0813cb7e..c8edade5 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -34,16 +34,6 @@ parameters: description: The password for Redis type: string hidden: true - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string @@ -81,8 +71,6 @@ outputs: tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} - tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 1a86ec71..12d4a6a1 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -76,9 +76,11 @@ outputs: include ::tripleo::profile::base::heat::api_cfn service_config_settings: keystone: - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 2ea96fc0..b0cd16dd 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -76,9 +76,11 @@ outputs: include ::tripleo::profile::base::heat::api service_config_settings: keystone: - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 7eb58f56..a2a65d7d 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -77,3 +77,8 @@ outputs: heat::cron::purge_deleted::destination: '/dev/null' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 + service_config_settings: + keystone: + tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' + tripleo::profile::base::keystone::heat_admin_user: 'heat_stack_domain_admin' + tripleo::profile::base::keystone::heat_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 20415eef..3f0e4105 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -105,4 +105,4 @@ outputs: - "%{hiera('mysql_bind_host')}" keystone: # This is needed because the keystone profile handles creating the domain - heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 1e08415c..8eaf4044 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -24,7 +24,7 @@ parameters: type: json HorizonAllowedHosts: default: '*' - description: A list of IP/Hostname for the server Horizonis running on. + description: A list of IP/Hostname for the server Horizon is running on. Used for header checks. type: comma_delimited_list HorizonSecret: @@ -32,11 +32,6 @@ parameters: type: string hidden: true default: '' - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. @@ -45,6 +40,10 @@ parameters: default: 'overcloud-horizon' type: string +conditions: + + debug_empty: {equals : [{get_param: Debug}, '']} + outputs: role_data: description: Role data for the Horizon role. @@ -52,33 +51,36 @@ outputs: service_name: horizon monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} config_settings: - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - tripleo.horizon.firewall_rules: - '126 horizon': - dport: - - 80 - - 443 - horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache - horizon::django_session_engine: 'django.contrib.sessions.backends.cache' - horizon::vhost_extra_params: - add_listen: false - priority: 10 - access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} - horizon::django_debug: {get_param: Debug} - horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - horizon::secret_key: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: HorizonSecret} - - {get_param: [DefaultPasswords, horizon_secret]} - memcached_ipv6: {get_param: MemcachedIPv6} + map_merge: + - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + tripleo.horizon.firewall_rules: + '126 horizon': + dport: + - 80 + - 443 + horizon::disable_password_reveal: true + horizon::enforce_password_check: true + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} + - + if: + - debug_empty + - {} + - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 38cfbe22..fb0d32b6 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -19,14 +19,18 @@ parameters: via parameter_defaults in the resource registry. type: json ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. + default: '' + description: > + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string PublicVirtualInterface: - default: 'br-ex' + default: '' description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string MonitoringSubscriptionKeepalived: default: 'overcloud-keepalived' diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 1fc88bf1..69898718 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KernelPidMax: + default: 1048576 + description: Configures sysctl kernel.pid_max key + type: number outputs: role_data: @@ -49,5 +53,7 @@ outputs: value: 0 net.core.netdev_max_backlog: value: 10000 + kernel.pid_max: + value: {get_param: KernelPidMax} step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 1f83b680..fe023a6a 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Keystone service configured with Puppet @@ -32,6 +32,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + KeystoneTokenProvider: + description: The keystone token format + type: string + default: 'uuid' + constraints: + - allowed_values: ['uuid', 'fernet'] ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -85,7 +91,7 @@ parameters: description: Set the number of workers for keystone::wsgi::apache default: '"%{::os_workers}"' MonitoringSubscriptionKeystone: - default: 'overcloud-kestone' + default: 'overcloud-keystone' type: string KeystoneCredential0: type: string @@ -93,6 +99,12 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneFernetKey0: + type: string + description: The first Keystone fernet key. Must be a valid key. + KeystoneFernetKey1: + type: string + description: The second Keystone fernet key. Must be a valid key. KeystoneLoggingSource: type: json default: @@ -112,6 +124,9 @@ resources: EndpointMap: {get_param: EndpointMap} EnableInternalTLS: {get_param: EnableInternalTLS} +conditions: + keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + outputs: role_data: description: Role data for the Keystone role. @@ -138,6 +153,8 @@ outputs: keystone::roles::admin::password: {get_param: AdminPassword} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::token_provider: {get_param: KeystoneTokenProvider} + keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]} keystone::enable_proxy_headers_parsing: true keystone::enable_credential_setup: true keystone::credential_keys: @@ -145,6 +162,11 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} + keystone::fernet_keys: + '/etc/keystone/fernet-keys/0': + content: {get_param: KeystoneFernetKey0} + '/etc/keystone/fernet-keys/1': + content: {get_param: KeystoneFernetKey1} keystone::debug: {get_param: Debug} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 4d3fd47c..b4b3d480 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,6 +51,11 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' + tripleo.manila_api.firewall_rules: + '150 manila': + dport: + - 8786 + - 13786 # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -62,21 +67,15 @@ outputs: step_config: | include ::tripleo::profile::base::manila::api service_config_settings: - keystone: - manila::keystone::auth::tenant: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword} - manila::keystone::auth::region: {get_param: KeystoneRegion} - mysql: - manila::db::mysql::password: {get_param: ManilaPassword} - manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - manila::db::mysql::dbname: manila - manila::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" + map_merge: + - get_attr: [ManilaBase, role_data, service_config_settings] + - keystone: + manila::keystone::auth::tenant: 'service' + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index d228577a..844bd3a3 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -40,6 +40,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true outputs: role_data: @@ -54,3 +58,21 @@ outputs: manila::debug: {get_param: Debug} manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + service_config_settings: + mysql: + manila::db::mysql::password: {get_param: ManilaPassword} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + manila::db::mysql::dbname: manila + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 474cc24f..d96b677b 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -57,14 +57,5 @@ outputs: manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} - manila::sql_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://manila:' - - {get_param: ManilaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/manila' step_config: | include ::tripleo::profile::base::manila::scheduler diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index e42d2fae..49c69fc1 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -21,6 +21,10 @@ parameters: MonitoringSubscriptionManilaShare: default: 'overcloud-manila-share' type: string + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true resources: ManilaBase: @@ -40,5 +44,11 @@ outputs: map_merge: - get_attr: [ManilaBase, role_data, config_settings] - manila::volume::cinder::cinder_admin_tenant_name: 'service' + manila::keystone::authtoken::password: {get_param: ManilaPassword} + manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + manila::keystone::authtoken::project_name: 'service' + service_config_settings: + get_attr: [ManilaBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::manila::share diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index d7350d07..ea23b8b6 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -43,7 +43,19 @@ parameters: description: The RabbitMQ vhost used for monitoring purposes. type: string default: '/sensu' - + SensuRedactVariables: + description: Variables from Sensu configuration, which have to be redacted. + type: comma_delimited_list + default: + - password + - passwd + - pass + - api_key + - api_token + - access_key + - secret_key + - private_key + - secret outputs: role_data: @@ -61,8 +73,7 @@ outputs: sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL} sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName} sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost} - #sensu::redis_host: {get_param: MonitoringRedisHost} - #sensu::redis_password: {get_param: MonitoringRedisPassword} + sensu::redact: {get_param: SensuRedactVariables} sensu::sensu_plugin_provider: 'yum' sensu::sensu_plugin_name: 'rubygem-sensu-plugin' sensu::version: 'present' diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 408eb795..5fd9d7a2 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -57,26 +57,20 @@ parameters: default: tag: openstack.neutron.api path: /var/log/neutron/server.log - ControllerCount: - description: | - Under normal conditions, this should not be overridden manually and is - set at deployment time. The default value is present to allow the - template to be used in environments that do not override it. - default: 1 - type: number # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: - default: false + default: '' + type: string description: | - Whether to enable HA for virtual routers. While the default value is - 'false', L3 HA will be automatically enabled if the number of nodes - hosting controller configurations and DVR is disabled. This parameter is - being deprecated in Newton and is scheduled to be removed in Ocata. - Future releases will enable L3 HA by default if it is appropriate for the - deployment type. Alternate mechanisms will be available to override. - type: boolean + Whether to enable HA for virtual routers. When not set, L3 HA will be + automatically enabled if the number of nodes hosting controller + configurations and DVR is disabled. Valid values are 'true' or 'false' + This parameter is being deprecated in Newton and is scheduled to be + removed in Ocata. Future releases will enable L3 HA by default if it is + appropriate for the deployment type. Alternate mechanisms will be + available to override. parameter_groups: - label: deprecated @@ -97,18 +91,6 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} -conditions: - - auto_enable_l3_ha: - and: - - not: - equals: - - get_param: ControllerCount - - 1 - - equals: - - get_param: NeutronEnableDVR - - false - outputs: role_data: description: Role data for the Neutron Server agent service. @@ -135,7 +117,6 @@ outputs: neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} @@ -158,6 +139,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server service_config_settings: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 6bb4ba08..0b2cef07 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -50,16 +50,13 @@ parameters: to false may result in configuration remnants after updates/upgrades. NeutronGlobalPhysnetMtu: type: number - default: 1496 + default: 1500 description: | MTU of the underlying physical network. Neutron uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay - protocol overhead from this value. The default value of 1496 is - currently in effect to compensate for some additional overhead when - deploying with some network configurations (e.g. network isolation over - single network interfaces) + protocol overhead from this value. ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a89e3d75..a2157555 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Neutron L3 agent configured with Puppet @@ -43,6 +43,10 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -63,12 +67,16 @@ outputs: - neutron config_settings: map_merge: - - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::router_delete_namespaces: True + neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} + tripleo.neutron_l3.firewall_rules: + '106 neutron_l3 vrrp': + proto: vrrp + - + if: + - external_network_bridge_empty + - {} - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::router_delete_namespaces: True - neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} - tripleo.neutron_l3.firewall_rules: - '106 neutron_l3 vrrp': - proto: vrrp step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index bf479437..49bd84bc 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -51,6 +51,9 @@ parameters: default: tag: openstack.nova.api path: /var/log/nova/nova-api.log + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -62,6 +65,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -88,8 +92,6 @@ outputs: tripleo.nova_api.firewall_rules: '113 nova_api': dport: - - 6080 - - 13080 - 8773 - 3773 - 8774 @@ -103,21 +105,26 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true + nova::api::api_bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::service_name: 'httpd' + nova::wsgi::apache::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::api::service_name: 'httpd' - nova::wsgi::apache::ssl: false nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::wsgi::apache::servername: str_replace: template: '"%{::fqdn_$NETWORK}"' params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 8db00d8f..74a95d20 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova base service. Shared for all Nova services. @@ -66,6 +66,9 @@ parameters: type: string description: Nova Compute upgrade level default: '' +conditions: + + compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} outputs: role_data: @@ -73,45 +76,50 @@ outputs: value: service_name: nova_base config_settings: - nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_userid: {get_param: RabbitUserName} - nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - nova::rabbit_port: {get_param: RabbitClientPort} - nova::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova' - nova::api_database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova_api:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova_api' - nova::debug: {get_param: Debug} - nova::purge_config: {get_param: EnableConfigPurge} - nova::network::neutron::neutron_project_name: 'service' - nova::network::neutron::neutron_username: 'neutron' - nova::network::neutron::dhcp_domain: '' - nova::network::neutron::neutron_password: {get_param: NeutronPassword} - nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} - nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - nova::rabbit_heartbeat_timeout_threshold: 60 - nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' - nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. - nova::notify_on_state_change: 'vm_and_task_state' - nova::notification_driver: messagingv2 - nova::network::neutron::neutron_auth_type: 'v3password' - nova::db::database_db_max_retries: -1 - nova::db::database_max_retries: -1 - nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - nova::use_ipv6: {get_param: NovaIPv6} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} - nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + map_merge: + - nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova' + nova::api_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_api' + nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + - + if: + - compute_upgrade_level_empty + - {} + - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 31732580..70774bac 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -54,6 +54,9 @@ outputs: '200 nova_libvirt': dport: - 16509 + - 16514 + - '49152-49215' + - '5900-5999' step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index d89e3e11..d4e5fff6 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -58,7 +58,7 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - - nova::scheduler::filter::ram_allocation_ratio: '1.0' + - nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 85d59ae6..e6b0703f 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -57,5 +57,10 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} + tripleo.nova_vnc_proxy.firewall_rules: + '137 nova_vnc_proxy': + dport: + - 6080 + - 13080 step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 318c898e..253d63ef 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -59,6 +59,6 @@ outputs: opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} - opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]} + opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} step_config: | include tripleo::profile::base::neutron::opendaylight diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 268ca244..907ecddc 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -54,5 +54,11 @@ outputs: template: MAPPINGS params: MAPPINGS: {get_param: OpenDaylightProviderMappings} + tripleo.opendaylight_ovs.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 52104a71..e4115d64 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -38,7 +38,5 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true - enable_keepalived: false - tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml new file mode 100644 index 00000000..63f631a0 --- /dev/null +++ b/puppet/services/panko-api.yaml @@ -0,0 +1,84 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionPankoApi: + default: 'overcloud-ceilometer-panko-api' + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + PankoBase: + type: ./panko-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + +outputs: + role_data: + description: Role data for the Panko API service. + value: + service_name: panko_api + monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} + config_settings: + map_merge: + - get_attr: [PankoBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} + panko::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + panko::api::service_name: 'httpd' + panko::api::enable_proxy_headers_parsing: true + tripleo.panko_api.firewall_rules: + '140 panko-api': + dport: + - 8779 + - 13779 + panko::api::host: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} + service_config_settings: + get_attr: [PankoBase, role_data, service_config_settings] + step_config: | + include tripleo::profile::base::panko::api diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml new file mode 100644 index 00000000..32754a55 --- /dev/null +++ b/puppet/services/panko-base.yaml @@ -0,0 +1,74 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + PankoPassword: + description: The password for the panko services. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Panko role. + value: + service_name: panko_base + config_settings: + panko_redis_password: {get_param: RedisPassword} + panko::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://panko:' + - {get_param: PankoPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/panko' + panko::debug: {get_param: Debug} + panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::project_name: 'service' + panko::keystone::authtoken::password: {get_param: PankoPassword} + panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + panko::auth::auth_password: {get_param: PankoPassword} + panko::auth::auth_region: 'regionOne' + panko::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} + panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} + panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} + panko::keystone::auth::password: {get_param: PankoPassword} + panko::keystone::auth::region: {get_param: KeystoneRegion} + panko::keystone::auth::tenant: 'service' + mysql: + panko::db::mysql::user: panko + panko::db::mysql::password: {get_param: PankoPassword} + panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + panko::db::mysql::dbname: panko + panko::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 5fc8ed61..4072a150 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -44,6 +44,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + SaharaPlugins: + default: ["ambari","cdh","mapr","vanilla","spark","storm"] + description: Sahara enabled plugin list + type: comma_delimited_list outputs: role_data: @@ -69,13 +73,7 @@ outputs: sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true - sahara::plugins: - - ambari - - cdh - - mapr - - vanilla - - spark - - storm + sahara::plugins: {get_param: SaharaPlugins} sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' sahara::db::database_db_max_retries: -1 diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 176fd235..ffe2d2d4 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -54,8 +54,8 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} logging_sources: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some @@ -78,8 +78,9 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.where($ != null).select($.get('logging_source')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} @@ -93,17 +94,17 @@ outputs: groups: - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] - yaql: - expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) - data: {get_attr: [ServiceChain, role_data]} + expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} service_config_settings: yaql: - expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) - data: {get_attr: [ServiceChain, role_data]} + expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 35e21181..ba184ab0 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -74,9 +74,10 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::proxy::ceilometer::rabbit_host: {get_param: [ServiceNetMap, RabbitmqNetwork]} swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} + swift::proxy::ceilometer::nonblocking_notify: true tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -99,6 +100,11 @@ outputs: - 'authtoken' - 'keystone' - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' - 'versioned_writes' - 'ceilometer' - 'proxy-logging' diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index 8ed4e9f4..5c70b6ab 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -38,7 +38,10 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json - + SwiftUseLocalDir: + default: true + description: 'Use a local directory for Swift storage services when building rings' + type: boolean outputs: role_data: @@ -56,7 +59,7 @@ outputs: expression: $.data.raw_disk_lists.flatten() data: raw_disk_lists: - - [':%PORT%/d1'] + - {if: [{get_param: SwiftUseLocalDir}, [':%PORT%/d1'], []]} - repeat: template: ':%PORT%/DEVICE' for_each: diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml deleted file mode 100644 index a9d757ee..00000000 --- a/puppet/services/vip-hosts.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - If the deployer doesn't have a DNS server for the overcloud nodes. This will - populate the node-names and IPs for the VIPs of the overcloud. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: role data for the VIP hosts role - value: - service_name: vip_hosts - config_settings: - tripleo::vip_hosts::hosts_spec: - external: - name: "%{hiera('cloud_name_external')}" - ip: "%{hiera('public_virtual_ip')}" - ensure: present - comment: FQDN of the external VIP - internal_api: - name: "%{hiera('cloud_name_internal_api')}" - ip: "%{hiera('internal_api_virtual_ip')}" - ensure: present - comment: FQDN of the internal api VIP - storage: - name: "%{hiera('cloud_name_storage')}" - ip: "%{hiera('storage_virtual_ip')}" - ensure: present - comment: FQDN of the storage VIP - storage_mgmt: - name: "%{hiera('cloud_name_storage_mgmt')}" - ip: "%{hiera('storage_mgmt_virtual_ip')}" - ensure: present - comment: FQDN of the storage mgmt VIP - ctlplane: - name: "%{hiera('cloud_name_ctlplane')}" - ip: "%{hiera('controller_virtual_ip')}" - ensure: present - comment: FQDN of the ctlplane VIP - step_config: | - include ::tripleo::vip_hosts diff --git a/roles_data.yaml b/roles_data.yaml index 320bb706..d7ed80c5 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -73,12 +73,12 @@ - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd - - OS::Tripleo::Services::ManilaApi - - OS::Tripleo::Services::ManilaScheduler - - OS::Tripleo::Services::ManilaBackendGeneric - - OS::Tripleo::Services::ManilaBackendNetapp - - OS::Tripleo::Services::ManilaBackendCephFs - - OS::Tripleo::Services::ManilaShare + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhNotifier @@ -94,8 +94,8 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi - name: Compute CountDefault: 1 @@ -121,7 +121,6 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: BlockStorage ServicesDefault: @@ -135,7 +134,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: ObjectStorage ServicesDefault: @@ -150,7 +148,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: CephStorage ServicesDefault: @@ -158,9 +155,9 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts diff --git a/tools/yaml-nic-config-2-script.py b/tools/yaml-nic-config-2-script.py new file mode 100755 index 00000000..b8f07e4f --- /dev/null +++ b/tools/yaml-nic-config-2-script.py @@ -0,0 +1,219 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import collections +import copy +import os +import sys +import traceback +import yaml +import six +import re + + +#convert comments into 'comments<num>: ...' YAML +def to_commented_yaml(filename): + out_str = '' + last_non_comment_spaces = '' + with open(filename, 'r') as f: + comment_count = 0 + for line in f: + char_count = 0 + spaces = '' + for char in line: + char_count += 1 + if char == ' ': + spaces+=' ' + next; + elif char == '#': + comment_count += 1 + comment = line[char_count:-1] + out_str += "%scomment%i_%i: '%s'\n" % (last_non_comment_spaces, comment_count, len(spaces), comment) + break; + else: + last_non_comment_spaces = spaces + out_str += line + + #inline comments check + m = re.match(".*:.*#(.*)", line) + if m: + comment_count += 1 + out_str += "%s inline_comment%i: '%s'\n" % (last_non_comment_spaces, comment_count, m.group(1)) + break; + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + +#convert back to normal #commented YAML +def to_normal_yaml(filename): + + with open(filename, 'r') as f: + data = f.read() + + out_str = '' + next_line_break = False + for line in data.split('\n'): + m = re.match(" +comment[0-9]+_([0-9]+): '(.*)'.*", line) #normal comments + i = re.match(" +inline_comment[0-9]+: '(.*)'.*", line) #inline comments + if m: + if next_line_break: + out_str += '\n' + next_line_break = False + for x in range(0, int(m.group(1))): + out_str += " " + out_str += "#%s\n" % m.group(2) + elif i: + out_str += " #%s\n" % i.group(1) + next_line_break = False + else: + if next_line_break: + out_str += '\n' + out_str += line + next_line_break = True + + if next_line_break: + out_str += '\n' + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + + +class description(six.text_type): + pass + +# FIXME: Some of this duplicates code from build_endpoint_map.py, we should +# refactor to share the common code +class TemplateDumper(yaml.SafeDumper): + def represent_ordered_dict(self, data): + return self.represent_dict(data.items()) + + def description_presenter(self, data): + if '\n' in data: + style = '>' + else: + style = '' + return self.represent_scalar( + yaml.resolver.BaseResolver.DEFAULT_SCALAR_TAG, data, style=style) + + +# We load mappings into OrderedDict to preserve their order +class TemplateLoader(yaml.SafeLoader): + def construct_mapping(self, node): + self.flatten_mapping(node) + return collections.OrderedDict(self.construct_pairs(node)) + + +TemplateDumper.add_representer(description, + TemplateDumper.description_presenter) + +TemplateDumper.add_representer(collections.OrderedDict, + TemplateDumper.represent_ordered_dict) + + +TemplateLoader.add_constructor(yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, + TemplateLoader.construct_mapping) + +def write_template(template, filename=None): + with open(filename, 'w') as f: + yaml.dump(template, f, TemplateDumper, width=120, default_flow_style=False) + +def exit_usage(): + print('Usage %s <yaml file>' % sys.argv[0]) + sys.exit(1) + +def convert(filename): + print('Converting %s' % filename) + try: + tpl = yaml.load(open(filename).read(), Loader=TemplateLoader) + except Exception: + print(traceback.format_exc()) + return 0 + + # Check which path we need for run-os-net-config.sh because we have + # nic config templates in the top-level and network/config + script_paths = ['network/scripts/run-os-net-config.sh', + '../../scripts/run-os-net-config.sh'] + script_path = None + for p in script_paths: + check_path = os.path.join(os.path.dirname(filename), p) + if os.path.isfile(check_path): + print("Found %s, using %s" % (check_path, p)) + script_path = p + if script_path is None: + print("Error couldn't find run-os-net-config.sh relative to filename") + exit_usage() + + for r in six.iteritems(tpl.get('resources', {})): + if (r[1].get('type') == 'OS::Heat::StructuredConfig' and + r[1].get('properties', {}).get('group') == 'os-apply-config' and + r[1].get('properties', {}).get('config', {}).get('os_net_config')): + #print("match %s" % r[0]) + new_r = collections.OrderedDict() + new_r['type'] = 'OS::Heat::SoftwareConfig' + new_r['properties'] = collections.OrderedDict() + new_r['properties']['group'] = 'script' + old_net_config = r[1].get( + 'properties', {}).get('config', {}).get('os_net_config') + new_config = {'str_replace': collections.OrderedDict()} + new_config['str_replace']['template'] = {'get_file': script_path} + new_config['str_replace']['params'] = {'$network_config': old_net_config} + new_r['properties']['config'] = new_config + tpl['resources'][r[0]] = new_r + else: + print("No match %s" % r[0]) + return 0 + + # Preserve typical HOT template key ordering + od_result = collections.OrderedDict() + # Need to bump the HOT version so str_replace supports serializing to json + od_result['heat_template_version'] = "2016-10-14" + if tpl.get('description'): + od_result['description'] = description(tpl['description']) + od_result['parameters'] = tpl['parameters'] + od_result['resources'] = tpl['resources'] + od_result['outputs'] = tpl['outputs'] + #print('Result:') + #print('%s' % yaml.dump(od_result, Dumper=TemplateDumper, width=120, default_flow_style=False)) + #print('---') + #replace = raw_input( + #"Replace file %s? Answer y/n" % filename).lower() == 'y' + #if replace: + #print("Replace %s" % filename) + write_template(od_result, filename) + #else: + # print("NOT replacing %s" % filename) + # return 0 + return 1 + +if len(sys.argv) < 2: + exit_usage() + +path_args = sys.argv[1:] +exit_val = 0 +num_converted = 0 + +for base_path in path_args: + if os.path.isfile(base_path) and base_path.endswith('.yaml'): + to_commented_yaml(base_path) + num_converted += convert(base_path) + to_normal_yaml(base_path) + else: + print('Unexpected argument %s' % base_path) + exit_usage() +if num_converted == 0: + exit_val = 1 +sys.exit(exit_val) |