diff options
126 files changed, 2669 insertions, 1575 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 962dfb99..ae747621 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -41,17 +41,17 @@ root_template: overcloud.yaml root_environment: overcloud-resource-registry-puppet.yaml topics: - - title: Basic Configuration + - title: Base Resources Configuration description: environment_groups: - title: - description: Enable basic configuration required for OpenStack Deployment + description: Enable base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml - title: Default Configuration + title: Base resources configuration description: - - title: Deployment options + - title: Deployment Options description: environment_groups: - title: High Availability @@ -62,6 +62,15 @@ topics: description: Enable configuration of an Overcloud controller with Pacemaker requires: - overcloud-resource-registry-puppet.yaml + - title: Pacemaker options + description: + environments: + - file: environments/puppet-pacemaker-no-restart.yaml + title: Pacemaker No Restart + description: + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml - title: Docker RDO description: > Docker container with heat agents for containerized compute node @@ -71,26 +80,114 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Enable TLS + description: > + environments: + - file: environments/enable-tls.yaml + title: TLS + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + environments must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: > + environments: + - file: environments/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - title: External load balancer + description: > + Enable external load balancer + environments: + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Additional Services + description: Deploy additional Overcloud services + environment_groups: + - title: Manila + description: + environments: + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - title: Sahara + description: + environments: + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Ironic + description: + environments: + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Mistral + description: + environments: + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: # environment_groups: - - title: Overlay network Configuration + - title: Overlay Network Configuration description: environment_groups: - title: Network Isolation - description: > - Enable the creation of Neutron networks for - isolated Overcloud traffic and configure each role to assign ports - (related to that role) on these networks. + description: environments: - file: environments/network-isolation.yaml title: Network Isolation - description: Enable Network Isolation + description: > + Enable the creation of Neutron networks for + isolated Overcloud traffic and configure each role to assign ports + (related to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single nic or Bonding + - file: environments/network-isolation-v6.yaml + title: Network Isolation IPv6 + description: > + Enable the creation of IPv6 Neutron networks for isolated Overcloud + traffic and configure each role to assign ports (related + to that role) on these networks. + requires: + - overcloud-resource-registry-puppet.yaml + - title: Single NIC or Bonding description: > Configure roles to use pair of bonded nics or to use Vlans on a single nic. This option assumes use of Network Isolation. @@ -104,23 +201,105 @@ topics: requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-no-external.yaml + title: Bond with Vlans No External Ports + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-v6.yaml + title: Bond with Vlans IPv6 + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role, with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics.yaml + title: Multiple NICs + description: > + Configures each role to use a separate NIC for + each isolated network. + This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics-v6.yaml + title: Multiple NICs IPv6 + description: > + Configure each role to use a separate NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml - title: Single nic with Vlans + title: Single NIC with Vlans description: > - Configure each role to use Vlans on a single nic for + Configure each role to use Vlans on a single NIC for each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-no-external.yaml + title: Single NIC with Vlans No External Ports + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-linux-bridge-with-vlans.yaml + title: Single NIC with Linux Bridge Vlans + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-v6.yaml + title: Single NIC with Vlans IPv6 + description: > + Configures each role to use Vlans on a single NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6 + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - title: Management Network + description: > + Enable the creation of a system management network. This + creates a Neutron network for isolated Overcloud + system management traffic and configures each role to + assign a port (related to that role) on that network. + environments: + - file: environments/network-management.yaml + title: Management Network + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/network-management-v6.yaml + title: Management Network IPv6 + description: + requires: + - overcloud-resource-registry-puppet.yaml - title: Neutron Plugin Configuration description: environment_groups: - - title: BigSwitch extensions or Cisco N1KV backend - description: + - title: Neutron Plugins + description: > + Enable various Neutron plugins and backends environments: - file: environments/neutron-ml2-bigswitch.yaml - title: BigSwitch extensions + title: BigSwitch Extensions description: > Enable Big Switch extensions, configured via puppet requires: @@ -131,28 +310,101 @@ topics: Enable a Cisco N1KV backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Cisco Neutron plugin - description: > - Enable a Cisco Neutron plugin - environments: - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml title: Cisco Neutron plugin description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-midonet.yaml + title: Deploy MidoNet Services + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-nuage-config.yaml + title: Neutron Nuage backend + description: Enables Neutron Nuage backend on the controller + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opencontrail.yaml + title: OpenContrail Extensions + description: Enables OpenContrail extensions + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight.yaml + title: OpenDaylight + description: Enables OpenDaylight + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight-l3.yaml + title: OpenDaylight with L3 DVR + description: Enables OpenDaylight with L3 DVR + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dpdk.yaml + title: DPDK with OVS + description: Deploy DPDK with OVS + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dvr.yaml + title: DVR + description: Enables DVR in the Overcloud + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-plumgrid.yaml + title: PLUMgrid extensions + description: Enables PLUMgrid extensions + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Storage description: environment_groups: - - title: Cinder NetApp backend + - title: Cinder backup service + description: + environments: + - file: environments/cinder-backup.yaml + title: Cinder backup service + description: > + OpenStack Cinder Backup service with Pacemaker configured + with Puppet + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml + - title: Cinder backend description: > - Enable a Cinder NetApp backend, configured via puppet + Enable various Cinder backends environments: - file: environments/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellsc-config.yaml + title: Cinder Dell Storage Center ISCSI backend + description: > + Enables a Cinder Dell Storage Center ISCSI backend, configured + via puppet + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-eqlx-config.yaml + title: Cinder EQLX backend + description: > + Enables a Cinder EQLX backend, configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Externally managed Ceph description: > Enable the use of an externally managed Ceph cluster @@ -224,6 +476,14 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Manage Firewall + description: + environments: + - file: environments/manage-firewall.yaml + title: Manage Firewall + description: + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -236,3 +496,11 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Centralized logging support + description: Enable centralized logging clients (fluentd) + environments: + - file: environments/logging-environment.yaml + title: Enable fluentd client + description: + requires: + - overcloud-resource-registry-puppet.yaml diff --git a/environments/ceph-radosgw.yaml b/environments/ceph-radosgw.yaml new file mode 100644 index 00000000..a9221a2a --- /dev/null +++ b/environments/ceph-radosgw.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::CephRgw: ../puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml new file mode 100644 index 00000000..87ebb1d7 --- /dev/null +++ b/environments/hyperconverged-ceph.yaml @@ -0,0 +1,12 @@ +# If using an isolated StorageMgmt network, this will have to be uncommented to +# plug the network on the compute nodes as well. +#resource_registry: +# OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + +# Should match the default list of services for the compute node plus CephOSD +parameter_defaults: + ComputeServices: + - OS::TripleO::Services::CephOSD + +parameter_merge_strategies: + ComputeServices: merge
\ No newline at end of file diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml new file mode 100644 index 00000000..eefa7026 --- /dev/null +++ b/environments/logging-environment.yaml @@ -0,0 +1,29 @@ +## A Heat environment file which can be used to set up +## logging agents + +resource_registry: + OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml + +parameter_defaults: + +## Simple configuration +# +# LoggingServers: +# - host: log0.example.com +# port: 24224 +# - host: log1.example.com +# port: 24224 +# +## Example SSL configuration +## (note the use of port 24284 for ssl connections) +# +# LoggingServers: +# - host: 192.0.2.11 +# port: 24284 +# LoggingUsesSSL: true +# LoggingSharedKey: secret +# LoggingSSLCertificate: | +# -----BEGIN CERTIFICATE----- +# ...certificate data here... +# -----END CERTIFICATE----- + diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml new file mode 100644 index 00000000..2e496f89 --- /dev/null +++ b/environments/low-memory-usage.yaml @@ -0,0 +1,14 @@ +# Lower the memory usage of overcloud. +parameter_defaults: + CeilometerWorkers: 1 + CinderWorkers: 1 + GlanceWorkers: 1 + HeatWorkers: 1 + KeystoneWorkers: 1 + NeutronWorkers: 1 + NovaWorkers: 1 + SaharaWorkers: 1 + SwiftWorkers: 1 + + ApacheMaxRequestWorkers: 32 + ApacheServerLimit: 32 diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml index c1dbde42..9d6ce73e 100644 --- a/environments/major-upgrade-aodh-migration.yaml +++ b/environments/major-upgrade-aodh-migration.yaml @@ -3,8 +3,4 @@ resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml # no-op the rest - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index d97f8fc1..f4f361df 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 95f09666..9fb51a4d 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 7c8e850c..0a0996d3 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -8,6 +8,9 @@ parameter_defaults: CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 80595c6c..5a2b8839 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -8,6 +8,9 @@ parameter_defaults: CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} diff --git a/extraconfig/all_nodes/mac_hostname.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml index 7d8704e3..75ffc9e6 100644 --- a/extraconfig/all_nodes/mac_hostname.yaml +++ b/extraconfig/all_nodes/mac_hostname.j2.yaml @@ -9,15 +9,7 @@ description: > # out-of-tree templates they may require additional parameters if the # in-tree templates add a new role. parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # Note extra parameters can be defined, then passed data via the # environment parameter_defaults, without modifying the parent template @@ -37,47 +29,17 @@ resources: # FIXME(shardy): Long term it'd be better if Heat SoftwareDeployments accepted # list instead of a map, then we could join the lists of servers into one # deployment instead of requiring one deployment per-role. - CollectMacDeploymentsController: +{% for role in roles %} + CollectMacDeployments{{role.name}}: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: controller_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCompute: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCompute - servers: {get_param: compute_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsBlockStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsBlockStorage - servers: {get_param: blockstorage_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsObjectStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsObjectStorage - servers: {get_param: objectstorage_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCephStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCephStorage - servers: {get_param: cephstorage_servers} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE +{% endfor %} - # Now we distribute all-the-macs to all nodes + # Now we distribute all-the-macs to all Controller nodes DistributeMacConfig: type: OS::Heat::SoftwareConfig properties: @@ -101,7 +63,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: DistributeMacDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: DistributeMacConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these diff --git a/extraconfig/all_nodes/random_string.yaml b/extraconfig/all_nodes/random_string.j2.yaml index d38701e2..9ce2ca8a 100644 --- a/extraconfig/all_nodes/random_string.yaml +++ b/extraconfig/all_nodes/random_string.j2.yaml @@ -10,15 +10,7 @@ description: > # out-of-tree templates they may require additional parameters if the # in-tree templates add a new role. parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # Note extra parameters can be defined, then passed data via the # environment parameter_defaults, without modifying the parent template @@ -42,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: @@ -52,7 +44,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsCompute - servers: {get_param: compute_servers} + servers: {get_param: [servers, Compute]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml new file mode 100644 index 00000000..36076b0c --- /dev/null +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2014-10-16 + +description: > + Extra config to add swap space to nodes. + +# Parameters passed from the parent template - note if you maintain +# out-of-tree templates they may require additional parameters if the +# in-tree templates add a new role. +parameters: + servers: + type: json + swap_partition_label: + type: string + description: Swap partition label + default: 'swap1' + + +resources: + + SwapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) + swapon $swap_partition + echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + inputs: + - name: swap_partition_label + description: Swap partition label + default: 'swap1' + +{% for role in roles %} + {{role.name}}SwapDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: SwapConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + swap_partition_label: {get_param: swap_partition_label} + actions: ["CREATE"] +{% endfor %} diff --git a/extraconfig/all_nodes/swap-partition.yaml b/extraconfig/all_nodes/swap-partition.yaml deleted file mode 100644 index e6fa9eca..00000000 --- a/extraconfig/all_nodes/swap-partition.yaml +++ /dev/null @@ -1,86 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - Extra config to add swap space to nodes. - -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. -parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json - swap_partition_label: - type: string - description: Swap partition label - default: 'swap1' - - -resources: - - SwapConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: | - #!/bin/bash - set -eux - swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) - swapon $swap_partition - echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab - inputs: - - name: swap_partition_label - description: Swap partition label - default: 'swap1' - - ControllerSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: controller_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - ComputeSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: compute_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - BlockStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: blockstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - ObjectStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: objectstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - CephStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: cephstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml new file mode 100644 index 00000000..ce65dacb --- /dev/null +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -0,0 +1,58 @@ +heat_template_version: 2014-10-16 + +description: > + Extra config to add swap space to nodes. + +# Parameters passed from the parent template - note if you maintain +# out-of-tree templates they may require additional parameters if the +# in-tree templates add a new role. +parameters: + servers: + type: json + swap_size_megabytes: + type: string + description: Amount of swap space to allocate in megabytes + default: '4096' + swap_path: + type: string + description: Full path to location of swap file + default: '/swap' + + +resources: + + SwapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + if [ ! -f $swap_path ]; then + dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M + chmod 0600 $swap_path + mkswap $swap_path + swapon $swap_path + else + echo "$swap_path already exists" + fi + echo "$swap_path swap swap defaults 0 0" >> /etc/fstab + inputs: + - name: swap_size_megabytes + description: Amount of swap space to allocate in megabytes + default: '4096' + - name: swap_path + description: Full path to location of swap file + default: '/swap' + +{% for role in roles %} + {{role.name}}SwapDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: SwapConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + swap_size_megabytes: {get_param: swap_size_megabytes} + swap_path: {get_param: swap_path} + actions: ["CREATE"] +{% endfor %} diff --git a/extraconfig/all_nodes/swap.yaml b/extraconfig/all_nodes/swap.yaml deleted file mode 100644 index 5383ffc9..00000000 --- a/extraconfig/all_nodes/swap.yaml +++ /dev/null @@ -1,104 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - Extra config to add swap space to nodes. - -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. -parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json - swap_size_megabytes: - type: string - description: Amount of swap space to allocate in megabytes - default: '4096' - swap_path: - type: string - description: Full path to location of swap file - default: '/swap' - - -resources: - - SwapConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: | - #!/bin/bash - set -eux - if [ ! -f $swap_path ]; then - dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M - chmod 0600 $swap_path - mkswap $swap_path - swapon $swap_path - else - echo "$swap_path already exists" - fi - echo "$swap_path swap swap defaults 0 0" >> /etc/fstab - inputs: - - name: swap_size_megabytes - description: Amount of swap space to allocate in megabytes - default: '4096' - - name: swap_path - description: Full path to location of swap file - default: '/swap' - - ControllerSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: controller_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - ComputeSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: compute_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - BlockStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: blockstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - ObjectStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: objectstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - CephStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: cephstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh index b76dd7c3..21a2b5bc 100755 --- a/extraconfig/tasks/major_upgrade_ceph_mon.sh +++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh @@ -18,13 +18,13 @@ if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then fi CEPH_STATUS=$(ceph health | awk '{print $1}') -if [ ${CEPH_STATUS} = HEALTH_ERR ]; do +if [ ${CEPH_STATUS} = HEALTH_ERR ]; then echo ERROR: Ceph cluster status is HEALTH_ERR, cannot be upgraded exit 1 fi # Useful when upgrading with OSDs num < replica size -if [ $ignore_ceph_upgrade_warnings != "true" ]; then +if [ ${ignore_ceph_upgrade_warnings:-false} != "true" ]; then timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK; sleep 30; @@ -44,7 +44,7 @@ timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do done" # Update to Jewel -yum -y -q update ceph-mon +yum -y -q update ceph-mon ceph # Restart/Exit if not on Jewel, only in that case we need the changes UPDATED_VERSION=$(ceph --version | awk '{print $3}') @@ -54,7 +54,7 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # RPM could own some of these but we can't take risks on the pre-existing files for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do - chown -R ceph:ceph $d + chown -R ceph:ceph $d || echo WARNING: chown of $d failed done # Replay udev events with newer rules diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index 03a1c1c2..dc80a724 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -63,7 +63,7 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # RPM could own some of these but we can't take risks on the pre-existing files for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do - chown -R ceph:ceph $d + chown -R ceph:ceph $d || echo WARNING: chown of $d failed done # Replay udev events with newer rules diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh new file mode 100755 index 00000000..dc7ec71a --- /dev/null +++ b/extraconfig/tasks/major_upgrade_check.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +set -eu + +check_cluster() +{ + if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then + echo_error "ERROR: upgrade cannot start with some cluster nodes being offline" + exit 1 + fi +} + +check_pcsd() +{ + if pcs status 2>&1 | grep -E 'Offline'; then + echo_error "ERROR: upgrade cannot start with some pcsd daemon offline" + exit 1 + fi +} + +check_disk_for_mysql_dump() +{ + # Where to backup current database if mysql need to be upgraded + MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp + MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup + # Spare disk ratio for extra safety + MYSQL_BACKUP_SIZE_RATIO=1.2 + + # Shall we upgrade mysql data directory during the stack upgrade? + if [ "$mariadb_do_major_upgrade" = "auto" ]; then + ret=$(is_mysql_upgrade_needed) + if [ $ret = "1" ]; then + DO_MYSQL_UPGRADE=1 + else + DO_MYSQL_UPGRADE=0 + fi + echo "mysql upgrade required: $DO_MYSQL_UPGRADE" + elif [ "$mariadb_do_major_upgrade" = "no" ]; then + DO_MYSQL_UPGRADE=0 + else + DO_MYSQL_UPGRADE=1 + fi + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + + if [ -d "$MYSQL_BACKUP_DIR" ]; then + echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously" + exit 1 + fi + mkdir "$MYSQL_BACKUP_DIR" + if [ $? -ne 0 ]; then + echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR" + exit 1 + fi + + # the /root/.my.cnf is needed because we set the mysql root + # password from liberty onwards + backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction" + # While not ideal, this step allows us to calculate exactly how much space the dump + # will need. Our main goal here is avoiding any chance of corruption due to disk space + # exhaustion + backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c) + database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }') + free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1) + + # we need at least space for a new mysql database + dump of the existing one, + # times a small factor for additional safety room + # note: bash doesn't do floating point math or floats in if statements, + # so use python to apply the ratio and cast it back to integer + required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))") + if [ $required_space -ge $free_space ]; then + echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)" + exit 1 + fi + fi + fi +} + +check_python_rpm() +{ + # If for some reason rpm-python are missing we want to error out early enough + if ! rpm -q rpm-python &> /dev/null; then + echo_error "ERROR: upgrade cannot start without rpm-python installed" + exit 1 + fi +} + +check_clean_cluster() +{ + if crm_mon -1 | grep -A3 Failed; then + echo_error "ERROR: upgrade cannot start with failed resources on the cluster. Clean them up before starting: pcs resource cleanup." + exit 1 + fi +} + +check_galera_root_password() +{ + # BZ: 1357112 + if [ ! -e /root/.my.cnf ]; then + echo_error "ERROR: upgrade cannot be started, the galera password is missing. The overcloud needs update." + exit 1 + fi +} diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index 78628c8c..a1df695f 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -12,6 +12,8 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the compute nodes as part of the ### tripleo upgrades workflow +set -eu + # pin nova to kilo (messaging +-1) for the nova-compute service crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 0b702630..0c590a42 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -4,11 +4,12 @@ set -eu cluster_sync_timeout=1800 -if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then - echo_error "ERROR: upgrade cannot start with some cluster nodes being offline" - exit 1 -fi - +check_cluster +check_pcsd +check_clean_cluster +check_python_rpm +check_galera_root_password +check_disk_for_mysql_dump # We want to disable fencing during the cluster --stop as it might fence # nodes where a service fails to stop, which could be fatal during an upgrade @@ -17,12 +18,39 @@ fi STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') pcs property set stonith-enabled=false -# If for some reason rpm-python are missing we want to error out early enough -if ! rpm -q rpm-python &> /dev/null; then - echo_error "ERROR: upgrade cannot start without rpm-python installed" - exit 1 +# Migrate to HA NG +if [[ -n $(is_bootstrap_node) ]]; then + migrate_full_to_ng_ha fi +# After migrating the cluster to HA-NG the services not under pacemaker's control +# are still up and running. We need to stop them explicitely otherwise during the yum +# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which +# is going to take a long time because rabbit is down. By having the service stopped +# systemctl try-restart is a noop + +for service in $(services_to_migrate); do + manage_systemd_service stop "${service%%-clone}" + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + + done +done + # In case the mysql package is updated, the database on disk must be # upgraded as well. This typically needs to happen during major # version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) @@ -35,75 +63,16 @@ fi # on mysql package versionning, but this can be overriden manually # to support specific upgrade scenario -# Where to backup current database if mysql need to be upgraded -MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp -MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup -# Spare disk ratio for extra safety -MYSQL_BACKUP_SIZE_RATIO=1.2 - -# Shall we upgrade mysql data directory during the stack upgrade? -if [ "$mariadb_do_major_upgrade" = "auto" ]; then - ret=$(is_mysql_upgrade_needed) - if [ $ret = "1" ]; then - DO_MYSQL_UPGRADE=1 - else - DO_MYSQL_UPGRADE=0 - fi - echo "mysql upgrade required: $DO_MYSQL_UPGRADE" -elif [ "$mariadb_do_major_upgrade" = "no" ]; then - DO_MYSQL_UPGRADE=0 -else - DO_MYSQL_UPGRADE=1 -fi - -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - if [ -d "$MYSQL_BACKUP_DIR" ]; then - echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously" - exit 1 - fi - mkdir "$MYSQL_BACKUP_DIR" - if [ $? -ne 0 ]; then - echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR" - exit 1 - fi - - # the /root/.my.cnf is needed because we set the mysql root - # password from liberty onwards - backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction" - # While not ideal, this step allows us to calculate exactly how much space the dump - # will need. Our main goal here is avoiding any chance of corruption due to disk space - # exhaustion - backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c) - database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }') - free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1) - - # we need at least space for a new mysql database + dump of the existing one, - # times a small factor for additional safety room - # note: bash doesn't do floating point math or floats in if statements, - # so use python to apply the ratio and cast it back to integer - required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))") - if [ $required_space -ge $free_space ]; then - echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)" - exit 1 - fi - mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" fi - pcs resource disable httpd - check_resource httpd stopped 1800 - pcs resource disable openstack-core - check_resource openstack-core stopped 1800 pcs resource disable redis check_resource redis stopped 600 - pcs resource disable mongod - check_resource mongod stopped 600 pcs resource disable rabbitmq check_resource rabbitmq stopped 600 - pcs resource disable memcached - check_resource memcached stopped 600 pcs resource disable galera check_resource galera stopped 600 # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: @@ -115,7 +84,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) pcs cluster stop --all fi -# Swift isn't controled by pacemaker + +# Swift isn't controlled by pacemaker systemctl_swift stop tstart=$(date +%s) @@ -206,3 +176,5 @@ crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" # LP: 1615035, required only for M/N upgrade. crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager + +crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index bc708cce..6055a3f9 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -3,10 +3,10 @@ set -eu cluster_form_timeout=600 -cluster_settle_timeout=600 +cluster_settle_timeout=1800 galera_sync_timeout=600 -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then pcs cluster start --all tstart=$(date +%s) @@ -26,14 +26,21 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do pcs resource enable $vip - check_resource $vip started 60 + check_resource_pacemaker $vip started 60 done +fi - pcs resource enable galera - check_resource galera started 600 - pcs resource enable mongod - check_resource mongod started 600 +start_or_enable_service galera +check_resource galera started 600 +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 +if [[ -n $(is_bootstrap_node) ]]; then tstart=$(date +%s) while ! clustercheck; do sleep 5 @@ -54,18 +61,22 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head nova-manage db sync nova-manage api_db sync - - pcs resource enable memcached - check_resource memcached started 600 - pcs resource enable rabbitmq - check_resource rabbitmq started 600 - pcs resource enable redis - check_resource redis started 600 - pcs resource enable openstack-core - check_resource openstack-core started 1800 - pcs resource enable httpd - check_resource httpd started 1800 + #TODO(marios):someone from sahara needs to check this: + # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi -# Swift isn't controled by heat +start_or_enable_service rabbitmq +check_resource rabbitmq started 600 +start_or_enable_service redis +check_resource redis started 600 + +# Swift isn't controled by pacemaker systemctl_swift start + +# We need to start the systemd services we explicitely stopped at step _1.sh +# FIXME: Should we let puppet during the convergence step do the service enabling or +# should we add it here? +for service in $(services_to_migrate); do + manage_systemd_service start "${service%%-clone}" + check_resource_systemd "${service%%-clone}" started 600 +done diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 931f4f42..f82457ce 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -12,6 +12,7 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the swift-storage nodes as part of the ### tripleo upgrades workflow +set -eu function systemctl_swift { action=\$1 diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 598d22d0..a2a1bb5d 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -1,16 +1,8 @@ -heat_template_version: 2014-10-16 +heat_template_version: 2016-10-14 description: 'Upgrade for Pacemaker deployments' parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json input_values: type: json @@ -54,9 +46,10 @@ resources: CephMonUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: CephMonUpgradeConfig} input_values: {get_param: input_values} + update_policy: batch_create: max_batch_size: 1 rolling_update: @@ -82,6 +75,7 @@ resources: params: MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_check.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_1.sh @@ -89,7 +83,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: CephMonUpgradeDeployment properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} @@ -103,7 +97,7 @@ resources: BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: blockstorage_servers} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: BlockStorageUpgradeConfig} input_values: {get_param: input_values} @@ -122,7 +116,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: BlockStorageUpgradeDeployment properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml index 623549a0..f6aa3066 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml @@ -3,15 +3,7 @@ description: 'Upgrade for Pacemaker deployments' parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json input_values: type: json @@ -43,45 +35,12 @@ resources: - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand - UpgradeInitControllerDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: controller_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitComputeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: compute_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitBlockStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: blockstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitObjectStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: objectstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitCephStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: cephstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - # TODO(jistr): for Mitaka->Newton upgrades and further we can use # map_merge with input_values instead of feeding params into scripts # via str_replace on bash snippets + # FIXME(shardy) we have hard-coded per-role *ScriptConfig's here + # Would be better to have a common config for all roles ComputeDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: @@ -97,35 +56,32 @@ resources: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - get_file: major_upgrade_compute.sh - ComputeDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: compute_servers} - config: {get_resource: ComputeDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - ObjectStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: major_upgrade_object_storage.sh} - ObjectStorageDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: objectstorage_servers} - config: {get_resource: ObjectStorageDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - CephStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: major_upgrade_ceph_storage.sh} - CephStorageDeliverUpgradeScriptDeployment: +{% for role in roles %} + UpgradeInit{{role.name}}Deployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + {% if not role.name in ['Controller', 'BlockStorage'] %} + {{role.name}}DeliverUpgradeScriptDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: cephstorage_servers} - config: {get_resource: CephStorageDeliverUpgradeScriptConfig} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} input_values: {get_param: input_values} + {% endif %} +{% endfor %} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 7ed7012d..d974bb79 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -56,3 +56,120 @@ function is_mysql_upgrade_needed { fi echo "1" } + +# This function returns the list of services to be migrated away from pacemaker +# and to systemd. The reason to have these services in a separate function is because +# this list is needed in three different places: major_upgrade_controller_pacemaker_{1,2} +# and in the function to migrate the cluster from full HA to HA NG +function services_to_migrate { + # The following PCMK resources the ones the we are going to delete + PCMK_RESOURCE_TODELETE=" + httpd-clone + memcached-clone + mongod-clone + neutron-dhcp-agent-clone + neutron-l3-agent-clone + neutron-metadata-agent-clone + neutron-netns-cleanup-clone + neutron-openvswitch-agent-clone + neutron-ovs-cleanup-clone + neutron-server-clone + openstack-aodh-evaluator-clone + openstack-aodh-listener-clone + openstack-aodh-notifier-clone + openstack-ceilometer-api-clone + openstack-ceilometer-central-clone + openstack-ceilometer-collector-clone + openstack-ceilometer-notification-clone + openstack-cinder-api-clone + openstack-cinder-scheduler-clone + openstack-glance-api-clone + openstack-glance-registry-clone + openstack-gnocchi-metricd-clone + openstack-gnocchi-statsd-clone + openstack-heat-api-cfn-clone + openstack-heat-api-clone + openstack-heat-api-cloudwatch-clone + openstack-heat-engine-clone + openstack-nova-api-clone + openstack-nova-conductor-clone + openstack-nova-consoleauth-clone + openstack-nova-novncproxy-clone + openstack-nova-scheduler-clone + openstack-sahara-api-clone + openstack-sahara-engine-clone + " + echo $PCMK_RESOURCE_TODELETE +} + +# This function will migrate a mitaka system where all the resources are managed +# via pacemaker to a newton setup where only a few services will be managed by pacemaker +# On a high-level it will operate as follows: +# 1. Set the cluster in maintenance-mode so no start/stop action will actually take place +# during the conversion +# 2. Remove all the colocation constraints and then the ordering constraints, except the +# ones related to haproxy/VIPs which exist in Newton as well +# 3. Take the cluster out of maintenance-mode and do a resource cleanup +# 4. Remove all the resources that won't be managed by pacemaker in newton. The +# outcome will be +# that they are stopped and removed from pacemakers control +# 5. Do a resource cleanup to make sure the cluster is in a clean state +function migrate_full_to_ng_ha { + if [[ -n $(pcmk_running) ]]; then + pcs property set maintenance-mode=true + # We are making sure here that the property has propagated everywhere + if ! timeout -k 10 300 crm_resource --wait; then + echo_error "ERROR: cluster remained unstable after setting maintenance-mode for more than 300 seconds, exiting." + exit 1 + fi + # First we go through all the colocation constraints (except the ones we want to keep, i.e. the haproxy/ip ones) + # and we remove those + COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) + for constraint in $COL_CONSTRAINTS; do + log_debug "Deleting colocation constraint $constraint from CIB" + pcs constraint remove "$constraint" + done + + # Now we kill all the ordering constraints (except the haproxy/ip ones) + ORD_CONSTRAINTS=$(pcs config show | sed -n '/^Ordering Constraints:/,/^Colocation Constraints:$/p' | grep -v "Ordering Constraints:" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) + for constraint in $ORD_CONSTRAINTS; do + log_debug "Deleting ordering constraint $constraint from CIB" + pcs constraint remove "$constraint" + done + # At this stage all the pacemaker resources are removed from the CIB. + # Once we remove the maintenance-mode those systemd resources will keep + # on running. They shall be systemd enabled via the puppet converge + # step later on + pcs property set maintenance-mode=false + + # At this stage there are no constraints whatsoever except the haproxy/ip ones + # which we want to keep. We now disable and then delete each resource + # that will move to systemd. + # We want the systemd resources be stopped before doing "yum update", + # that way "systemctl try-restart <service>" is no-op because the + # service was down already + PCS_STATUS_OUTPUT="$(pcs status)" + for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do + if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then + log_debug "Deleting $resource from the CIB" + if ! pcs resource disable "$resource" --wait=600; then + echo_error "ERROR: resource $resource failed to be disabled" + exit 1 + fi + pcs resource delete --force "$resource" + else + log_debug "Service $service not found as a pacemaker resource, not trying to delete." + fi + done + + # We need to do a pcs resource cleanup here + crm_resource --wait to + # make sure the cluster is in a clean state before we stop everything, + # upgrade and restart everything + pcs resource cleanup + # We are making sure here that the cluster is stable before proceeding + if ! timeout -k 10 600 crm_resource --wait; then + echo_error "ERROR: cluster remained unstable after resource cleanup for more than 600 seconds, exiting." + exit 1 + fi + fi +} diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml index 9414ac19..b9a87d33 100644 --- a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml +++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml @@ -4,15 +4,7 @@ description: > Software-config for performing aodh data migration parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json input_values: type: json @@ -28,6 +20,6 @@ resources: AodhMysqlMigrationScriptDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: AodhMysqlMigrationScriptConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 7d794c97..4f17b69a 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -2,51 +2,286 @@ set -eu -function check_resource { +DEBUG="true" # set false if the verbosity is a problem +SCRIPT_NAME=$(basename $0) +function log_debug { + if [[ $DEBUG = "true" ]]; then + echo "`date` $SCRIPT_NAME tripleo-upgrade $(facter hostname) $1" + fi +} + +function is_bootstrap_node { + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + log_debug "Node is bootstrap" + echo "true" + fi +} +function check_resource_pacemaker { if [ "$#" -ne 3 ]; then - echo_error "ERROR: check_resource function expects 3 parameters, $# given" - exit 1 + echo_error "ERROR: check_resource function expects 3 parameters, $# given" + exit 1 fi - service=$1 - state=$2 - timeout=$3 + local service=$1 + local state=$2 + local timeout=$3 + + if [[ -z $(is_bootstrap_node) ]] ; then + log_debug "Node isn't bootstrap, skipping check for $service to be $state here " + return + else + log_debug "Node is bootstrap checking $service to be $state here" + fi if [ "$state" = "stopped" ]; then - match_for_incomplete='Started' + match_for_incomplete='Started' else # started - match_for_incomplete='Stopped' + match_for_incomplete='Stopped' fi nodes_local=$(pcs status | grep ^Online | sed 's/.*\[ \(.*\) \]/\1/g' | sed 's/ /\|/g') if timeout -k 10 $timeout crm_resource --wait; then - node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } ) - if echo "$node_states" | grep -q "$match_for_incomplete"; then - echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting." - exit 1 - else - echo "$service has $state" - fi - else - echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting." + node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } ) + if echo "$node_states" | grep -q "$match_for_incomplete"; then + echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting." exit 1 + else + echo "$service has $state" + fi + else + echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting." + exit 1 + fi + +} + +function pcmk_running { + if [[ $(systemctl is-active pacemaker) = "active" ]] ; then + echo "true" + fi +} + +function is_systemd_unknown { + local service=$1 + if [[ $(systemctl is-active "$service") = "unknown" ]]; then + log_debug "$service found to be unkown to systemd" + echo "true" + fi +} + +function grep_is_cluster_controlled { + local service=$1 + if [[ -n $(systemctl status $service -l | grep Drop-In -A 5 | grep pacemaker) || + -n $(systemctl status $service -l | grep "Cluster Controlled $service") ]] ; then + log_debug "$service is pcmk managed from systemctl grep" + echo "true" + fi +} + + +function is_systemd_managed { + local service=$1 + #if we have pcmk check to see if it is managed there + if [[ -n $(pcmk_running) ]]; then + if [[ -z $(pcs status --full | grep $service) && -z $(is_systemd_unknown $service) ]] ; then + log_debug "$service found to be systemd managed from pcs status" + echo "true" + fi + else + # if it is "unknown" to systemd, then it is pacemaker managed + if [[ -n $(is_systemd_unknown $service) ]] ; then + return + elif [[ -z $(grep_is_cluster_controlled $service) ]] ; then + echo "true" + fi + fi +} + +function is_pacemaker_managed { + local service=$1 + #if we have pcmk check to see if it is managed there + if [[ -n $(pcmk_running) ]]; then + if [[ -n $(pcs status --full | grep $service) ]]; then + log_debug "$service found to be pcmk managed from pcs status" + echo "true" + fi + else + # if it is unknown to systemd, then it is pcmk managed + if [[ -n $(is_systemd_unknown $service) ]]; then + echo "true" + elif [[ -n $(grep_is_cluster_controlled $service) ]] ; then + echo "true" + fi + fi +} + +function is_managed { + local service=$1 + if [[ -n $(is_pacemaker_managed $service) || -n $(is_systemd_managed $service) ]]; then + echo "true" + fi +} + +function check_resource_systemd { + + if [ "$#" -ne 3 ]; then + echo_error "ERROR: check_resource function expects 3 parameters, $# given" + exit 1 fi + local service=$1 + local state=$2 + local timeout=$3 + local check_interval=3 + + if [ "$state" = "stopped" ]; then + match_for_incomplete='active' + else # started + match_for_incomplete='inactive' + fi + + log_debug "Going to check_resource_systemd for $service to be $state" + + #sanity check is systemd managed: + if [[ -z $(is_systemd_managed $service) ]]; then + echo "ERROR - $service not found to be systemd managed." + exit 1 + fi + + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active $service)" = $match_for_incomplete ]]; then + echo "$service not yet $state, sleeping $check_interval seconds." + sleep $check_interval + else + echo "$service is $state" + return + fi + done + + echo "Timed out waiting for $service to go to $state after $timeout seconds" + exit 1 +} + + +function check_resource { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING" + return + fi + + if [[ -n $pcmk_managed ]]; then + check_resource_pacemaker $@ + return + elif [[ -n $systemd_managed ]]; then + check_resource_systemd $@ + return + fi + log_debug "ERROR cannot check_resource for $service, not managed here?" +} + +function manage_systemd_service { + local action=$1 + local service=$2 + log_debug "Going to systemctl $action $service" + systemctl $action $service +} + +function manage_pacemaker_service { + local action=$1 + local service=$2 + # not if pacemaker isn't running! + if [[ -z $(pcmk_running) ]]; then + echo "$(facter hostname) pacemaker not active, skipping $action $service here" + elif [[ -n $(is_bootstrap_node) ]]; then + log_debug "Going to pcs resource $action $service" + pcs resource $action $service + fi +} + +function stop_or_disable_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "Skipping stop_or_disable $service due to management conflict" + return + fi + + log_debug "Stopping or disabling $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service disable $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service stop $service + return + fi + log_debug "ERROR: $service not managed here?" +} + +function start_or_enable_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "Skipping start_or_enable $service due to management conflict" + return + fi + + log_debug "Starting or enabling $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service enable $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service start $service + return + fi + log_debug "ERROR $service not managed here?" +} + +function restart_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING" + return + fi + + log_debug "Restarting $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service restart $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service restart $service + return + fi + log_debug "ERROR $service not managed here?" } function echo_error { echo "$@" | tee /dev/fd2 } +# swift is a special case because it is/was never handled by pacemaker +# when stand-alone swift is used, only swift-proxy is running on controllers function systemctl_swift { services=( openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy ) - action=$1 + local action=$1 case $action in stop) - services=$(systemctl | grep swift | grep running | awk '{print $1}') + services=$(systemctl | grep openstack-swift- | grep running | awk '{print $1}') ;; start) enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage') @@ -54,9 +289,11 @@ function systemctl_swift { services=( openstack-swift-proxy ) fi ;; - *) services=() ;; # for safetly, should never happen + *) echo "Unknown action $action passed to systemctl_swift" + exit 1 + ;; # shouldn't ever happen... esac - for S in ${services[@]}; do - systemctl $action $S + for service in ${services[@]}; do + manage_systemd_service $action $service done } diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index fd1fd0dc..3da7efec 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -2,12 +2,9 @@ set -eux -pacemaker_status=$(systemctl is-active pacemaker) - # Run if pacemaker is running, we're the bootstrap node, # and we're updating the deployment (not creating). -if [ "$pacemaker_status" = "active" -a \ - "$(hiera bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then TIMEOUT=600 SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)" @@ -25,5 +22,4 @@ if [ "$pacemaker_status" = "active" -a \ pcs resource restart --wait=$TIMEOUT $service rm -f /var/lib/tripleo/pacemaker-restarts/$service done - fi diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 84b03c7e..fb01925b 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -199,6 +199,21 @@ Swift: S3: port: 8080 +CephRgw: + Internal: + net_param: CephRgw + uri_suffixes: + '': /swift/v1 + Public: + net_param: Public + uri_suffixes: + '': /swift/v1 + Admin: + net_param: CephRgw + uri_suffixes: + '': /swift/v1 + port: 8080 + Sahara: Internal: net_param: SaharaApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index dd29bcde..734b6431 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -25,6 +25,9 @@ parameters: CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} + CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} @@ -563,6 +566,252 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerPublic, port] + CephRgwAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CephRgwNetwork] + port: + get_param: [EndpointMap, CephRgwAdmin, port] + protocol: + get_param: [EndpointMap, CephRgwAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwAdmin, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwAdmin, port] + CephRgwInternal: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CephRgwNetwork] + port: + get_param: [EndpointMap, CephRgwInternal, port] + protocol: + get_param: [EndpointMap, CephRgwInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwInternal, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwInternal, port] + CephRgwPublic: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, CephRgwPublic, port] + protocol: + get_param: [EndpointMap, CephRgwPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwPublic, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwPublic, port] CinderAdmin: host: str_replace: diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index baa544e7..e541049d 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 8d0a91b6..afb144ba 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index d9ac6046..4c1cc216 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index 328f8385..18faf1bd 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 50470c92..e1145a31 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index bbe6f736..d4f0d29c 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -48,4 +48,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/service_net_map.yaml b/network/service_net_map.yaml index a61af1b3..6e5c2449 100644 --- a/network/service_net_map.yaml +++ b/network/service_net_map.yaml @@ -45,6 +45,7 @@ parameters: MysqlNetwork: internal_api CephClusterNetwork: storage_mgmt CephMonNetwork: storage + CephRgwNetwork: storage ControllerHostnameResolveNetwork: internal_api ComputeHostnameResolveNetwork: internal_api BlockStorageHostnameResolveNetwork: internal_api diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 8420dbc2..f0a6035a 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -139,6 +139,7 @@ resource_registry: OS::TripleO::Services::Apache: puppet/services/apache.yaml OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephRgw: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None OS::TripleO::Services::CephClient: OS::Heat::None OS::TripleO::Services::CephExternal: OS::Heat::None @@ -187,6 +188,7 @@ resource_registry: OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml + OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml @@ -211,6 +213,8 @@ resource_registry: OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml # Services that are disabled by default (use relevant environment files): + OS::TripleO::Services::FluentdClient: OS::Heat::None + OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml OS::Tripleo::Services::ManilaApi: OS::Heat::None OS::Tripleo::Services::ManilaScheduler: OS::Heat::None OS::Tripleo::Services::ManilaShare: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index d9dcaee9..e2ff4c14 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -99,15 +99,8 @@ parameters: the overcloud. It's accessible via the Nova metadata API. type: json - # Controller-specific params - ControllerCount: - type: number - default: 1 - # Compute-specific params - ComputeCount: - type: number - default: 1 +# FIXME(shardy) handle these deprecated names as they don't match compute.yaml HypervisorNeutronPhysicalBridge: default: 'br-ex' description: > @@ -122,56 +115,39 @@ parameters: # Jinja loop for Role in role_data.yaml {% for role in roles %} - # Resources generated for {{role.name}} Role + # Parameters generated for {{role.name}} Role {{role.name}}Services: description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the {{role.name}} role. type: comma_delimited_list - {% if role.ServicesDefault %} - default: {{role.ServicesDefault}} - {% endif %} -{% endfor %} - -# Block storage specific parameters - BlockStorageCount: - type: number - default: 0 + default: {{role.ServicesDefault|default([])}} -# Object storage specific parameters - ObjectStorageCount: + {{role.name}}Count: + description: Number of {{role.name}} nodes to deploy type: number - default: 0 + default: {{role.CountDefault|default(0)}} -# Ceph storage specific parameters - CephStorageCount: - type: number - default: 0 - - # Hostname format for each role - # Note %index% is translated into the index of the node, e.g 0/1/2 etc - # and %stackname% is replaced with OS::stack_name in the template below. - # If you want to use the heat generated names, pass '' (empty string). - ControllerHostnameFormat: - type: string - description: Format for Controller node hostnames - default: '%stackname%-controller-%index%' - ComputeHostnameFormat: - type: string - description: Format for Compute node hostnames - default: '%stackname%-novacompute-%index%' - BlockStorageHostnameFormat: - type: string - description: Format for BlockStorage node hostnames - default: '%stackname%-blockstorage-%index%' - ObjectStorageHostnameFormat: + {{role.name}}HostnameFormat: type: string - description: Format for SwiftStorage node hostnames - default: '%stackname%-objectstorage-%index%' - CephStorageHostnameFormat: - type: string - description: Format for CephStorage node hostnames - default: '%stackname%-cephstorage-%index%' + description: > + Format for {{role.name}} node hostnames + Note %index% is translated into the index of the node, e.g 0/1/2 etc + and %stackname% is replaced with the stack name e.g overcloud + {% if role.HostnameFormatDefault %} + default: "{{role.HostnameFormatDefault}}" + {% else %} + default: "%stackname%-{{role.name.lower()}}-%index%" + {% endif %} + + {{role.name}}RemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from {{role.name}} ResourceGroup when + doing an update which requires removal of specific resources. + Example format ComputeRemovalPolicies: [{'resource_list': ['0']}] +{% endfor %} # Identifiers to trigger tasks on nodes UpdateIdentifier: @@ -187,41 +163,6 @@ parameters: Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. - # If you want to remove a specific node from a resource group, you can pass - # the node name or id as a <Group>RemovalPolicies parameter, for example: - # ComputeRemovalPolicies: [{'resource_list': ['0']}] - ControllerRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ControllerResourceGroup when - doing an update which requires removal of specific resources. - ComputeRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ComputeResourceGroup when - doing an update which requires removal of specific resources. - BlockStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from BlockStorageResourceGroup when - doing an update which requires removal of specific resources. - ObjectStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ObjectStorageResourceGroup when - doing an update which requires removal of specific resources. - CephStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from CephStorageResourceGroup when - doing an update which requires removal of specific resources. - - resources: HeatAuthEncryptionKey: @@ -296,158 +237,50 @@ resources: ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} -{% endfor %} - - Controller: + {{role.name}}: type: OS::Heat::ResourceGroup depends_on: Networks properties: - count: {get_param: ControllerCount} - removal_policies: {get_param: ControllerRemovalPolicies} + count: {get_param: {{role.name}}Count} + removal_policies: {get_param: {{role.name}}RemovalPolicies} resource_def: - type: OS::TripleO::Controller + type: OS::TripleO::{{role.name}} properties: CloudDomain: {get_param: CloudDomain} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} Hostname: str_replace: - template: {get_param: ControllerHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - NodeIndex: '%index%' - ServiceConfigSettings: - map_merge: - - get_attr: [ControllerServiceChain, role_data, config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - - get_attr: [ComputeServiceChain, role_data, global_config_settings] - - get_attr: [BlockStorageServiceChain, role_data, global_config_settings] - - get_attr: [ObjectStorageServiceChain, role_data, global_config_settings] - - get_attr: [CephStorageServiceChain, role_data, global_config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ControllerServiceChain, role_data, monitoring_subscriptions]} - - Compute: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ComputeCount} - removal_policies: {get_param: ComputeRemovalPolicies} - resource_def: - type: OS::TripleO::Compute - properties: - CloudDomain: {get_param: CloudDomain} - NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} - NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - Hostname: - str_replace: - template: {get_param: ComputeHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - NodeIndex: '%index%' - ServiceConfigSettings: - map_merge: - - get_attr: [ComputeServiceChain, role_data, config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - - get_attr: [ComputeServiceChain, role_data, global_config_settings] - - get_attr: [BlockStorageServiceChain, role_data, global_config_settings] - - get_attr: [ObjectStorageServiceChain, role_data, global_config_settings] - - get_attr: [CephStorageServiceChain, role_data, global_config_settings] - ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ComputeServiceChain, role_data, monitoring_subscriptions]} - - BlockStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: BlockStorageCount} - removal_policies: {get_param: BlockStorageRemovalPolicies} - resource_def: - type: OS::TripleO::BlockStorage - properties: - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: BlockStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - NodeIndex: '%index%' - ServiceConfigSettings: - map_merge: - - get_attr: [BlockStorageServiceChain, role_data, config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - - get_attr: [ComputeServiceChain, role_data, global_config_settings] - - get_attr: [BlockStorageServiceChain, role_data, global_config_settings] - - get_attr: [ObjectStorageServiceChain, role_data, global_config_settings] - - get_attr: [CephStorageServiceChain, role_data, global_config_settings] - ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [BlockStorageServiceChain, role_data, monitoring_subscriptions]} - - ObjectStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ObjectStorageCount} - removal_policies: {get_param: ObjectStorageRemovalPolicies} - resource_def: - type: OS::TripleO::ObjectStorage - properties: - UpdateIdentifier: {get_param: UpdateIdentifier} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - Hostname: - str_replace: - template: {get_param: ObjectStorageHostnameFormat} + template: {get_param: {{role.name}}HostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} NodeIndex: '%index%' ServiceConfigSettings: map_merge: - - get_attr: [ObjectStorageServiceChain, role_data, config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - - get_attr: [ComputeServiceChain, role_data, global_config_settings] - - get_attr: [BlockStorageServiceChain, role_data, global_config_settings] - - get_attr: [ObjectStorageServiceChain, role_data, global_config_settings] - - get_attr: [CephStorageServiceChain, role_data, global_config_settings] - ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ObjectStorageServiceChain, role_data, monitoring_subscriptions]} - - CephStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: CephStorageCount} - removal_policies: {get_param: CephStorageRemovalPolicies} - resource_def: - type: OS::TripleO::CephStorage - properties: - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: CephStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - NodeIndex: '%index%' - ServiceConfigSettings: - map_merge: - - get_attr: [CephStorageServiceChain, role_data, config_settings] - - get_attr: [ControllerServiceChain, role_data, global_config_settings] - - get_attr: [ComputeServiceChain, role_data, global_config_settings] - - get_attr: [BlockStorageServiceChain, role_data, global_config_settings] - - get_attr: [ObjectStorageServiceChain, role_data, global_config_settings] - - get_attr: [CephStorageServiceChain, role_data, global_config_settings] - ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [CephStorageServiceChain, role_data, monitoring_subscriptions]} + - get_attr: [{{role.name}}ServiceChain, role_data, config_settings] + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] + {% endfor %} + # This next step combines two yaql passes: + # - The inner one does a deep merge on the service_config_settings for all roles + # - The outer one filters the map based on the services enabled for the role + # then merges the result into one map. + - yaql: + expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + data: + map: + yaql: + expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) + data: + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings] + {% endfor %} + services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} + LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} + LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} +{% endfor %} allNodesConfig: type: OS::TripleO::AllNodes::SoftwareConfig @@ -458,29 +291,17 @@ resources: cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement} cloud_name_ctlplane: {get_param: CloudNameCtlplane} hosts: +{% for role in roles %} - list_join: - '\n' - - {get_attr: [Compute, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [Controller, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [BlockStorage, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [ObjectStorage, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [CephStorage, hosts_entry]} + - {get_attr: [{{role.name}}, hosts_entry]} +{% endfor %} enabled_services: list_join: - ',' - - {get_attr: [ControllerServiceChain, role_data, service_names]} - - {get_attr: [ComputeServiceChain, role_data, service_names]} - - {get_attr: [BlockStorageServiceChain, role_data, service_names]} - - {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - - {get_attr: [CephStorageServiceChain, role_data, service_names]} +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} controller_ips: {get_attr: [Controller, ip_address]} controller_names: {get_attr: [Controller, hostname]} service_ips: @@ -492,21 +313,17 @@ resources: expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) data: l: - - {get_attr: [ControllerIpListMap, service_ips]} - - {get_attr: [ComputeIpListMap, service_ips]} - - {get_attr: [BlockStorageIpListMap, service_ips]} - - {get_attr: [ObjectStorageIpListMap, service_ips]} - - {get_attr: [CephStorageIpListMap, service_ips]} +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, service_ips]} +{% endfor %} service_node_names: yaql: expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) data: l: - - {get_attr: [ControllerIpListMap, service_hostnames]} - - {get_attr: [ComputeIpListMap, service_hostnames]} - - {get_attr: [BlockStorageIpListMap, service_hostnames]} - - {get_attr: [ObjectStorageIpListMap, service_hostnames]} - - {get_attr: [CephStorageIpListMap, service_hostnames]} +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, service_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} @@ -626,11 +443,10 @@ resources: UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} input_values: deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} @@ -641,34 +457,26 @@ resources: type: OS::TripleO::AllNodesExtraConfig depends_on: - UpdateWorkflow - - ComputeAllNodesValidationDeployment - - BlockStorageAllNodesValidationDeployment - - ObjectStorageAllNodesValidationDeployment - - CephStorageAllNodesValidationDeployment - - ControllerAllNodesValidationDeployment +{% for role in roles %} + - {{role.name}}AllNodesValidationDeployment +{% endfor %} properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} +{% for role in roles %} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} # Post deployment steps for all roles AllNodesDeploySteps: type: OS::TripleO::PostDeploySteps properties: servers: - Controller: {get_attr: [Controller, attributes, nova_server_resource]} - Compute: {get_attr: [Compute, attributes, nova_server_resource]} - BlockStorage: {get_attr: [BlockStorage, attributes, nova_server_resource]} - ObjectStorage: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - CephStorage: {get_attr: [CephStorage, attributes, nova_server_resource]} +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} role_data: - Controller: {get_attr: [ControllerServiceChain, role_data]} - Compute: {get_attr: [ComputeServiceChain, role_data]} - BlockStorage: {get_attr: [BlockStorageServiceChain, role_data]} - ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data]} - CephStorage: {get_attr: [CephStorageServiceChain, role_data]} +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} outputs: ManagedEndpoints: @@ -689,6 +497,9 @@ outputs: CeilometerInternalVip: description: VIP for Ceilometer API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} + CephRgwInternalVip: + description: VIP for Ceph RGW internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephRgwNetwork]}]} CinderInternalVip: description: VIP for Cinder API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} @@ -740,8 +551,6 @@ outputs: EnabledServices: description: The services enabled on each role value: - Controller: {get_attr: [ControllerServiceChain, role_data, service_names]} - Compute: {get_attr: [ComputeServiceChain, role_data, service_names]} - BlockStorage: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - CephStorage: {get_attr: [CephStorageServiceChain, role_data, service_names]} +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml index 9b31b448..e455c4cb 100644 --- a/puppet/blockstorage-config.yaml +++ b/puppet/blockstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 17825aaa..03a53b00 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -97,6 +102,12 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: CephStorage: @@ -270,6 +281,8 @@ resources: ceph: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml index 4bad4a16..3f428609 100644 --- a/puppet/cephstorage-config.yaml +++ b/puppet/cephstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 41d5ef8e..a66ea08b 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -48,6 +48,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -91,6 +96,12 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: BlockStorage: @@ -266,6 +277,8 @@ resources: volume: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml index 9e128d3a..2314c47d 100644 --- a/puppet/compute-config.yaml +++ b/puppet/compute-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 05b8d065..0205d0a6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -114,6 +114,12 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: @@ -289,6 +295,8 @@ resources: compute: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index 811c544d..99c7b26e 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -26,6 +26,9 @@ resources: modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules outputs: - name: result + inputs: + - name: step + type: Number config: list_join: - '' diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 33ed51c0..ccb517f8 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -128,6 +128,12 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] parameter_groups: - label: deprecated @@ -349,6 +355,8 @@ resources: # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index aa5c3c43..6a2ea4d5 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -4,15 +4,7 @@ description: Configure hieradata for all MidoNet nodes parameters: # Parameters passed from the parent template - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json EnableZookeeperOnController: @@ -102,10 +94,10 @@ resources: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} NetworkMidonetDeploymentComputes: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: compute_servers} + servers: {get_param: [servers, Compute]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index e924fc87..7bda0cd5 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -4,15 +4,7 @@ description: Configure hieradata for Network Cisco configuration parameters: # Parameters passed from the parent template - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # extra parameters passed via parameter_defaults @@ -140,7 +132,7 @@ resources: properties: name: NetworkCiscoDeployment config: {get_resource: NetworkCiscoConfig} - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} input_values: UCSM_ip: {get_param: NetworkUCSMIp} UCSM_username: {get_param: NetworkUCSMUsername} @@ -187,7 +179,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -195,7 +187,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCompute - servers: {get_param: compute_servers} + servers: {get_param: [servers, Compute]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -203,7 +195,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsBlockStorage - servers: {get_param: blockstorage_servers} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -211,7 +203,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsObjectStorage - servers: {get_param: objectstorage_servers} + servers: {get_param: [servers, ObjectStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -219,7 +211,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCephStorage - servers: {get_param: cephstorage_servers} + servers: {get_param: [servers, CephStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -294,7 +286,7 @@ resources: type: OS::Heat::SoftwareDeployment properties: name: MappingToNexusDeploymentsController - server: {get_param: [controller_servers, '0']} + server: {get_param: [servers, Controller, '0']} config: {get_resource: MappingToNexusConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these @@ -338,7 +330,7 @@ resources: depends_on: MappingToNexusDeploymentsController properties: name: MappingToUCSMDeploymentsController - server: {get_param: [controller_servers, '0']} + server: {get_param: [servers, Controller, '0']} config: {get_resource: MappingToUCSMConfig} input_values: ucsm_config: {get_param: NetworkUCSMHostList} diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml index e496553a..f5b1f0e6 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml @@ -32,6 +32,18 @@ resources: contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' + contrail::vnc_api::vnc_api_config: + 'auth/AUTHN_TYPE': + value: keystone + 'auth/AUTHN_PROTOCOL': + value: http + 'auth/AUTHN_SERVER': + value: "%{hiera('keystone_admin_api_vip')}" + 'auth/AUTHN_PORT': + value: 35357 + 'auth/AUTHN_URL': + value: '/v2.0/tokens' + ComputeContrailDeployment: type: OS::Heat::StructuredDeployment properties: diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml index 1dee8e60..33480544 100644 --- a/puppet/objectstorage-config.yaml +++ b/puppet/objectstorage-config.yaml @@ -24,6 +24,9 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number outputs: - name: result config: diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml new file mode 100644 index 00000000..65c96ac2 --- /dev/null +++ b/puppet/post.j2.yaml @@ -0,0 +1,139 @@ +heat_template_version: 2016-10-14 + +description: > + Post-deploy configuration steps via puppet for all roles, + as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + +resources: + +{% for role in roles %} + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number + # {{role.name}} Role steps + {{role.name}}ArtifactsConfig: + type: deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + + # Step through a series of configuration steps + {{role.name}}Deployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}Deployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 1 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step1 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step3: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step2 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step3 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step4: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step3 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step4 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step5: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step4 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step5 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 5 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} +{% endfor %} diff --git a/puppet/post.yaml b/puppet/post.yaml deleted file mode 100644 index 8f57b34e..00000000 --- a/puppet/post.yaml +++ /dev/null @@ -1,644 +0,0 @@ -heat_template_version: 2016-10-14 - -description: > - Post-deploy configuration steps via puppet for all roles, - Controller, Compute, BlockStorage, SwiftStorage and CephStorage. - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - -resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number - # Controller Role steps - ControllerArtifactsConfig: - type: deploy-artifacts.yaml - - ControllerArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerArtifactsConfig} - - ControllerPreConfig: - type: OS::TripleO::Tasks::ControllerPreConfig - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - ControllerConfig: - type: OS::TripleO::ControllerConfig - properties: - StepConfig: {get_param: [role_data, Controller, step_config]} - - # Step through a series of configuration steps - ControllerDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [ControllerPreConfig, ControllerArtifactsDeploy] - properties: - name: ControllerDeployment_Step1 - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerConfig} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - ControllerDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step1 - - ComputeDeployment_Step1 - - BlockStorageDeployment_Step1 - - ObjectStorageDeployment_Step1 - - CephStorageDeployment_Step1 - properties: - name: ControllerDeployment_Step2 - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerConfig} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - ControllerDeployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step2 - - ComputeDeployment_Step2 - - BlockStorageDeployment_Step2 - - ObjectStorageDeployment_Step2 - - CephStorageDeployment_Step2 - properties: - name: ControllerDeployment_Step3 - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerConfig} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} - - ControllerDeployment_Step4: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step3 - - ComputeDeployment_Step3 - - BlockStorageDeployment_Step3 - - ObjectStorageDeployment_Step3 - - CephStorageDeployment_Step3 - properties: - name: ControllerDeployment_Step4 - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerConfig} - input_values: - step: 4 - update_identifier: {get_param: DeployIdentifier} - - ControllerDeployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step4 - - ComputeDeployment_Step4 - - BlockStorageDeployment_Step4 - - ObjectStorageDeployment_Step4 - - CephStorageDeployment_Step4 - properties: - name: ControllerDeployment_Step5 - servers: {get_param: [servers, Controller]} - config: {get_resource: ControllerConfig} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} - - ControllerPostConfig: - type: OS::TripleO::Tasks::ControllerPostConfig - depends_on: - - ControllerDeployment_Step5 - - ComputeDeployment_Step5 - - BlockStorageDeployment_Step5 - - ObjectStorageDeployment_Step5 - - CephStorageDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ControllerExtraConfigPost: - depends_on: - - ControllerPostConfig - - ComputePostConfig - - BlockStoragePostConfig - - ObjectStoragePostConfig - - CephStoragePostConfig - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, Controller]} - - # Compute Role steps - ComputeArtifactsConfig: - type: deploy-artifacts.yaml - - ComputeArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeArtifactsConfig} - - ComputePreConfig: - type: OS::TripleO::Tasks::ComputePreConfig - properties: - servers: {get_param: [servers, Compute]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - ComputeConfig: - type: OS::TripleO::ComputeConfig - properties: - StepConfig: {get_param: [role_data, Compute, step_config]} - - # Step through a series of configuration steps - ComputeDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [ComputePreConfig, ComputeArtifactsDeploy] - properties: - name: ComputeDeployment_Step1 - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeConfig} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - ComputeDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step1 - - ComputeDeployment_Step1 - - BlockStorageDeployment_Step1 - - ObjectStorageDeployment_Step1 - - CephStorageDeployment_Step1 - properties: - name: ComputeDeployment_Step2 - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeConfig} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - ComputeDeployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step2 - - ComputeDeployment_Step2 - - BlockStorageDeployment_Step2 - - ObjectStorageDeployment_Step2 - - CephStorageDeployment_Step2 - properties: - name: ComputeDeployment_Step3 - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeConfig} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} - - ComputeDeployment_Step4: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step3 - - ComputeDeployment_Step3 - - BlockStorageDeployment_Step3 - - ObjectStorageDeployment_Step3 - - CephStorageDeployment_Step3 - properties: - name: ComputeDeployment_Step4 - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeConfig} - input_values: - step: 4 - update_identifier: {get_param: DeployIdentifier} - - ComputeDeployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step4 - - ComputeDeployment_Step4 - - BlockStorageDeployment_Step4 - - ObjectStorageDeployment_Step4 - - CephStorageDeployment_Step4 - properties: - name: ComputeDeployment_Step5 - servers: {get_param: [servers, Compute]} - config: {get_resource: ComputeConfig} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} - - ComputePostConfig: - type: OS::TripleO::Tasks::ComputePostConfig - depends_on: - - ControllerDeployment_Step5 - - ComputeDeployment_Step5 - - BlockStorageDeployment_Step5 - - ObjectStorageDeployment_Step5 - - CephStorageDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ComputeExtraConfigPost: - depends_on: - - ControllerPostConfig - - ComputePostConfig - - BlockStoragePostConfig - - ObjectStoragePostConfig - - CephStoragePostConfig - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, Compute]} - - # BlockStorage Role steps - BlockStorageArtifactsConfig: - type: deploy-artifacts.yaml - - BlockStorageArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageArtifactsConfig} - - BlockStoragePreConfig: - type: OS::TripleO::Tasks::BlockStoragePreConfig - properties: - servers: {get_param: [servers, BlockStorage]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - BlockStorageConfig: - type: OS::TripleO::BlockStorageConfig - properties: - StepConfig: {get_param: [role_data, BlockStorage, step_config]} - - # Step through a series of configuration steps - BlockStorageDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [BlockStoragePreConfig, BlockStorageArtifactsDeploy] - properties: - name: BlockStorageDeployment_Step1 - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageConfig} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - BlockStorageDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step1 - - ComputeDeployment_Step1 - - BlockStorageDeployment_Step1 - - ObjectStorageDeployment_Step1 - - CephStorageDeployment_Step1 - properties: - name: BlockStorageDeployment_Step2 - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageConfig} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - BlockStorageDeployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step2 - - ComputeDeployment_Step2 - - BlockStorageDeployment_Step2 - - ObjectStorageDeployment_Step2 - - CephStorageDeployment_Step2 - properties: - name: BlockStorageDeployment_Step3 - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageConfig} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} - - BlockStorageDeployment_Step4: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step3 - - ComputeDeployment_Step3 - - BlockStorageDeployment_Step3 - - ObjectStorageDeployment_Step3 - - CephStorageDeployment_Step3 - properties: - name: BlockStorageDeployment_Step4 - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageConfig} - input_values: - step: 4 - update_identifier: {get_param: DeployIdentifier} - - BlockStorageDeployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step4 - - ComputeDeployment_Step4 - - BlockStorageDeployment_Step4 - - ObjectStorageDeployment_Step4 - - CephStorageDeployment_Step4 - properties: - name: BlockStorageDeployment_Step5 - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageConfig} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} - - BlockStoragePostConfig: - type: OS::TripleO::Tasks::BlockStoragePostConfig - depends_on: - - ControllerDeployment_Step5 - - ComputeDeployment_Step5 - - BlockStorageDeployment_Step5 - - ObjectStorageDeployment_Step5 - - CephStorageDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - BlockStorageExtraConfigPost: - depends_on: - - ControllerPostConfig - - ComputePostConfig - - BlockStoragePostConfig - - ObjectStoragePostConfig - - CephStoragePostConfig - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, BlockStorage]} - - # ObjectStorage Role steps - ObjectStorageArtifactsConfig: - type: deploy-artifacts.yaml - - ObjectStorageArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageArtifactsConfig} - - ObjectStoragePreConfig: - type: OS::TripleO::Tasks::ObjectStoragePreConfig - properties: - servers: {get_param: [servers, ObjectStorage]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - ObjectStorageConfig: - type: OS::TripleO::ObjectStorageConfig - properties: - StepConfig: {get_param: [role_data, ObjectStorage, step_config]} - - # Step through a series of configuration steps - ObjectStorageDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [ObjectStoragePreConfig, ObjectStorageArtifactsDeploy] - properties: - name: ObjectStorageDeployment_Step1 - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageConfig} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - ObjectStorageDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step1 - - ComputeDeployment_Step1 - - BlockStorageDeployment_Step1 - - ObjectStorageDeployment_Step1 - - CephStorageDeployment_Step1 - properties: - name: ObjectStorageDeployment_Step2 - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageConfig} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - ObjectStorageDeployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step2 - - ComputeDeployment_Step2 - - BlockStorageDeployment_Step2 - - ObjectStorageDeployment_Step2 - - CephStorageDeployment_Step2 - properties: - name: ObjectStorageDeployment_Step3 - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageConfig} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} - - ObjectStorageDeployment_Step4: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step3 - - ComputeDeployment_Step3 - - BlockStorageDeployment_Step3 - - ObjectStorageDeployment_Step3 - - CephStorageDeployment_Step3 - properties: - name: ObjectStorageDeployment_Step4 - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageConfig} - input_values: - step: 4 - update_identifier: {get_param: DeployIdentifier} - - ObjectStorageDeployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step4 - - ComputeDeployment_Step4 - - BlockStorageDeployment_Step4 - - ObjectStorageDeployment_Step4 - - CephStorageDeployment_Step4 - properties: - name: ObjectStorageDeployment_Step5 - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: ObjectStorageConfig} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} - - ObjectStoragePostConfig: - type: OS::TripleO::Tasks::ObjectStoragePostConfig - depends_on: - - ControllerDeployment_Step5 - - ComputeDeployment_Step5 - - BlockStorageDeployment_Step5 - - ObjectStorageDeployment_Step5 - - CephStorageDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ObjectStorageExtraConfigPost: - depends_on: - - ControllerPostConfig - - ComputePostConfig - - BlockStoragePostConfig - - ObjectStoragePostConfig - - CephStoragePostConfig - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, ObjectStorage]} - - # CephStorage Role steps - CephStorageArtifactsConfig: - type: deploy-artifacts.yaml - - CephStorageArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageArtifactsConfig} - - CephStoragePreConfig: - type: OS::TripleO::Tasks::CephStoragePreConfig - properties: - servers: {get_param: [servers, CephStorage]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - CephStorageConfig: - type: OS::TripleO::CephStorageConfig - properties: - StepConfig: {get_param: [role_data, CephStorage, step_config]} - - # Step through a series of configuration steps - CephStorageDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [CephStoragePreConfig, CephStorageArtifactsDeploy] - properties: - name: CephStorageDeployment_Step1 - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageConfig} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - CephStorageDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step1 - - ComputeDeployment_Step1 - - BlockStorageDeployment_Step1 - - ObjectStorageDeployment_Step1 - - CephStorageDeployment_Step1 - properties: - name: CephStorageDeployment_Step2 - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageConfig} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - CephStorageDeployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step2 - - ComputeDeployment_Step2 - - BlockStorageDeployment_Step2 - - ObjectStorageDeployment_Step2 - - CephStorageDeployment_Step2 - properties: - name: CephStorageDeployment_Step3 - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageConfig} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} - - CephStorageDeployment_Step4: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step3 - - ComputeDeployment_Step3 - - BlockStorageDeployment_Step3 - - ObjectStorageDeployment_Step3 - - CephStorageDeployment_Step3 - properties: - name: CephStorageDeployment_Step4 - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageConfig} - input_values: - step: 4 - update_identifier: {get_param: DeployIdentifier} - - CephStorageDeployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - ControllerDeployment_Step4 - - ComputeDeployment_Step4 - - BlockStorageDeployment_Step4 - - ObjectStorageDeployment_Step4 - - CephStorageDeployment_Step4 - properties: - name: CephStorageDeployment_Step5 - servers: {get_param: [servers, CephStorage]} - config: {get_resource: CephStorageConfig} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} - - CephStoragePostConfig: - type: OS::TripleO::Tasks::CephStoragePostConfig - depends_on: - - ControllerDeployment_Step5 - - ComputeDeployment_Step5 - - BlockStorageDeployment_Step5 - - ObjectStorageDeployment_Step5 - - CephStorageDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - CephStorageExtraConfigPost: - depends_on: - - ControllerPostConfig - - ComputePostConfig - - BlockStoragePostConfig - - ObjectStoragePostConfig - - CephStoragePostConfig - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, CephStorage]} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 65afffad..d3d9b5ad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string + EnableCombinationAlarms: + default: false + description: Combination alarms are deprecated in Newton, hence disabled + by default. To enable, set this parameter to true. + type: boolean resources: AodhBase: @@ -48,6 +53,12 @@ outputs: - get_attr: [AodhBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' tripleo.aodh_api.firewall_rules: '128 aodh-api': @@ -62,5 +73,8 @@ outputs: # internal_api_subnet - > IP/CIDR aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} + tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} + service_config_settings: + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 187345ad..5314b837 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -87,12 +87,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} - aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} - aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} - aodh::keystone::auth::password: {get_param: AodhPassword} - aodh::keystone::auth::region: {get_param: KeystoneRegion} - aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -102,3 +96,11 @@ outputs: - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 7595e4c3..c9792019 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -5,6 +5,14 @@ description: > automatically via other services which run via Apache. parameters: + ApacheMaxRequestWorkers: + default: 256 + description: Maximum number of simultaneously processed requests. + type: number + ApacheServerLimit: + default: 256 + description: Maximum number of Apache processes. + type: number ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,5 +46,7 @@ outputs: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } + apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 5d980d79..2ae46d0e 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionCeilometerCentral: default: 'overcloud-ceilometer-agent-central' type: string + CeilometerAgentCentralLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.central + path: /var/log/ceilometer/central.log resources: CeilometerServiceBase: @@ -40,6 +45,9 @@ outputs: value: service_name: ceilometer_agent_central monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} + logging_source: {get_param: CeilometerAgentCentralLoggingSource} + logging_groups: + - ceilometer config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index bedb8b04..ea403aa1 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerNotification: default: 'overcloud-ceilometer-agent-notification' type: string + CeilometerAgentNotificationLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.notification + path: /var/log/ceilometer/agent-notification.log resources: @@ -37,6 +42,9 @@ outputs: value: service_name: ceilometer_agent_notification monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} + logging_source: {get_param: CeilometerAgentNotificationLoggingSource} + logging_groups: + - ceilometer config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 5df9f2b3..50431e3d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerApi: default: 'overcloud-ceilometer-api' type: string + CeilometerApiLoggingSource: + type: json + default: + tag: openstack.ceilometer.api + path: /var/log/ceilometer/api.log resources: @@ -44,6 +49,9 @@ outputs: value: service_name: ceilometer_api monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} + logging_source: {get_param: CeilometerApiLoggingSource} + logging_groups: + - ceilometer config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -63,5 +71,13 @@ outputs: ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::ssl: false + ceilometer::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 62fdd5c1..25fccd9e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -107,12 +107,6 @@ outputs: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer::keystone::auth::password: {get_param: CeilometerPassword} - ceilometer::keystone::auth::region: {get_param: KeystoneRegion} - ceilometer::keystone::auth::tenant: 'service' ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -127,3 +121,11 @@ outputs: ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} + service_config_settings: + keystone: + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 9dbb2759..4d15be8e 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerCollector: default: 'overcloud-ceilometer-collector' type: string + CeilometerCollectorLoggingSource: + type: json + default: + tag: openstack.ceilometer.collector + path: /var/log/ceilometer/collector.log resources: CeilometerServiceBase: @@ -30,13 +35,25 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + MongoDbBase: + type: ./database/mongodb-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Ceilometer Collector role. value: service_name: ceilometer_collector monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} + logging_source: {get_param: CeilometerCollectorLoggingSource} + logging_groups: + - ceilometer config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index a2b3f13e..552086ab 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -76,6 +76,9 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::mon_key: {get_param: CephMonKey} + ceph::profile::params::osd_pool_default_pg_num: 32 + ceph::profile::params::osd_pool_default_pgp_num: 32 + ceph::profile::params::osd_pool_default_size: 3 # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: map_merge: @@ -90,9 +93,9 @@ outputs: - {get_param: GnocchiRbdPoolName} template: <%pool%>: - pg_num: 32 - pgp_num: 32 - size: 3 + pg_num: "%{hiera('ceph::profile::params::osd_pool_default_pg_num')}" + pgp_num: "%{hiera('ceph::profile::params::osd_pool_default_pgp_num')}" + size: "%{hiera('ceph::profile::params::osd_pool_default_size')}" - {get_param: CephPools} tripleo.ceph_mon.firewall_rules: '110 ceph_mon': diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml new file mode 100644 index 00000000..18a4b780 --- /dev/null +++ b/puppet/services/ceph-rgw.yaml @@ -0,0 +1,79 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph RadosGW service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + SwiftPassword: + description: The password for the swift service account, used by the Ceph RGW services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} + tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} + tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ceph::profile::params::frontend_type: 'civetweb' + ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]} + ceph::profile::params::rgw_frontends: + list_join: + - '' + - - 'civetweb port=' + - '%{hiera("ceph_rgw_civetweb_bind_address")}' + - ':' + - {get_param: [EndpointMap, CephRgwInternal, port]} + tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + step_config: | + include ::tripleo::profile::base::ceph::rgw + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 94c94a65..875a3aa1 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -34,6 +34,11 @@ parameters: MonitoringSubscriptionCinderApi: default: 'overcloud-cinder-api' type: string + CinderApiLoggingSource: + type: json + default: + tag: openstack.cinder.api + path: /var/log/cinder/cinder-api.log resources: @@ -50,6 +55,9 @@ outputs: value: service_name: cinder_api monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi} + logging_source: {get_param: CinderApiLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] @@ -57,19 +65,8 @@ outputs: cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} cinder::keystone::authtoken::project_name: 'service' - cinder::keystone::auth::tenant: 'service' - cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} - cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} - cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} - cinder::keystone::auth::password: {get_param: CinderPassword} - cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder cinder::config: @@ -90,3 +87,17 @@ outputs: cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} step_config: | include ::tripleo::profile::base::cinder::api + service_config_settings: + keystone: + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 1326e267..94c263ea 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCinderScheduler: default: 'overcloud-cinder-scheduler' type: string + CinderSchedulerLoggingSource: + type: json + default: + tag: openstack.cinder.scheduler + path: /var/log/cinder/cinder-scheduler.log resources: @@ -37,6 +42,9 @@ outputs: value: service_name: cinder_scheduler monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler} + logging_source: {get_param: CinderSchedulerLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index c84c784e..82e16f39 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -59,6 +59,11 @@ parameters: MonitoringSubscriptionCinderVolume: default: 'overcloud-cinder-volume' type: string + CinderVolumeLoggingSource: + type: json + default: + tag: openstack.cinder.volume + path: /var/log/cinder/cinder-volume.log resources: @@ -75,6 +80,9 @@ outputs: value: service_name: cinder_volume monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume} + logging_source: {get_param: CinderVolumeLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 36962a34..01daeafe 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -19,6 +19,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MongoDbLoggingSource: + type: json + description: Fluentd logging configuration for mongodb. + default: + tag: database.mongodb + path: /var/log/mongodb/mongodb.log + format: >- + /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4}) + (?<message>.*)$/ resources: MongoDbBase: @@ -33,6 +42,9 @@ outputs: description: Service mongodb using composable services. value: service_name: mongodb + logging_groups: + - mongodb + logging_source: {get_param: MongoDbLoggingSource} config_settings: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index b0eea481..094a7c9f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -74,5 +74,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index adc1b4cb..c399bf4e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -45,9 +45,16 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of API worker processes for Glance. If left unset (empty string), the + default value will result in the configuration being left unset and a + system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of + processes on systems with a large number of CPUs resulting in excess + memory consumption. It is recommended that a suitable non-default value + be selected on such systems. + type: string GlanceRbdPoolName: default: images type: string @@ -76,6 +83,11 @@ parameters: MonitoringSubscriptionGlanceApi: default: 'overcloud-glance-api' type: string + GlanceApiLoggingSource: + type: json + default: + tag: openstack.glance.api + path: /var/log/glance/api.log outputs: role_data: @@ -83,6 +95,9 @@ outputs: value: service_name: glance_api monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi} + logging_source: {get_param: GlanceApiLoggingSource} + logging_groups: + - glance config_settings: glance::api::database_connection: list_join: @@ -101,6 +116,7 @@ outputs: template: "'REGISTRY_HOST'" params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} @@ -119,11 +135,6 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } - glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: @@ -131,7 +142,6 @@ outputs: dport: - 9292 - 13292 - glance::keystone::auth::tenant: 'service' glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true @@ -144,3 +154,11 @@ outputs: glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index d5f01d46..2b7b4345 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -27,12 +27,24 @@ parameters: type: string hidden: true GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of worker processes for glance registry. If left unset (empty + string), the default value will result in the configuration being left + unset and a system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of processes + on systems with a large number of CPUs resulting in excess memory + consumption. It is recommended that a suitable non-default value be + selected on such systems. + type: string MonitoringSubscriptionGlanceRegistry: default: 'overcloud-glance-registry' type: string + GlanceRegistryLoggingSource: + type: json + default: + tag: openstack.glance.registry + path: /var/log/glance/registry.log outputs: role_data: @@ -40,6 +52,9 @@ outputs: value: service_name: glance_registry monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} + logging_source: {get_param: GlanceRegistryLoggingSource} + logging_groups: + - glance config_settings: glance::registry::database_connection: list_join: diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 650865e2..481a44cb 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -36,6 +36,11 @@ parameters: MonitoringSubscriptionGnocchiApi: default: 'overcloud-gnocchi-api' type: string + GnocchiApiLoggingSource: + type: json + default: + tag: openstack.gnocchi.api + path: /var/log/gnocchi/app.log resources: @@ -59,6 +64,9 @@ outputs: value: service_name: gnocchi_api monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + logging_source: {get_param: GnocchiApiLoggingSource} + logging_groups: + - gnocchi config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -70,17 +78,17 @@ outputs: - 13041 gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} - gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples @@ -96,3 +104,11 @@ outputs: gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} step_config: | include ::tripleo::profile::base::gnocchi::api + service_config_settings: + keystone: + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 61a69078..a47fec5a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionHeatApiCnf: default: 'overcloud-heat-api-cfn' type: string + HeatApiCfnLoggingSource: + type: json + default: + tag: openstack.heat.api.cfn + path: /var/log/heat/heat-api-cfn.log resources: HeatBase: @@ -48,16 +53,13 @@ outputs: value: service_name: heat_api_cfn monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} + logging_source: {get_param: HeatApiCfnLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api_cfn.firewall_rules: '125 heat_cfn': dport: @@ -72,3 +74,11 @@ outputs: heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn + service_config_settings: + keystone: + heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index c12e56ef..6dfeaaf3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionHeatApiCloudwatch: default: 'overcloud-heat-api-cloudwatch' type: string + HeatApiCloudwatchLoggingSource: + type: json + default: + tag: openstack.heat.api.cloudwatch + path: /var/log/heat/heat-api-cloudwatch.log resources: HeatBase: @@ -40,6 +45,9 @@ outputs: value: service_name: heat_api_cloudwatch monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch} + logging_source: {get_param: HeatApiCloudwatchLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 64b0c53b..2ea96fc0 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionHeatApi: default: 'overcloud-heat-api' type: string + HeatApiLoggingSource: + type: json + default: + tag: openstack.heat.api + path: /var/log/heat/heat-api.log resources: HeatBase: @@ -48,16 +53,13 @@ outputs: value: service_name: heat_api monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} + logging_source: {get_param: HeatApiLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api.firewall_rules: '125 heat_api': dport: @@ -72,3 +74,11 @@ outputs: heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api + service_config_settings: + keystone: + heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 089bf531..1e7bec23 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -43,6 +43,11 @@ parameters: MonitoringSubscriptionHeatEngine: default: 'overcloud-heat-engine' type: string + HeatEngineLoggingSource: + type: json + default: + tag: openstack.heat.engine + path: /var/log/heat/heat-engine.log resources: HeatBase: @@ -58,6 +63,9 @@ outputs: value: service_name: heat_engine monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} + logging_source: {get_param: HeatEngineLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 5c3f370e..19e54f5b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -58,12 +58,6 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::auth_name: 'ironic' - ironic::keystone::auth::password: {get_param: IronicPassword } - ironic::keystone::auth::tenant: 'service' tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -71,3 +65,11 @@ outputs: - 13385 step_config: | include ::tripleo::profile::base::ironic::api + service_config_settings: + keystone: + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::keystone::auth::auth_name: 'ironic' + ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b321ecbe..b7a807fa 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -93,6 +93,11 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneLoggingSource: + type: json + default: + tag: openstack.keystone + path: /var/log/keystone/keystone.log resources: @@ -109,7 +114,9 @@ outputs: value: service_name: keystone monitoring_subscription: {get_param: MonitoringSubscriptionKeystone} - config_settings: + logging_source: {get_param: KeystoneLoggingSource} + logging_groups: + - keystone config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -148,7 +155,6 @@ outputs: keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} keystone::db::mysql::user: keystone keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} keystone::db::mysql::dbname: keystone @@ -165,7 +171,18 @@ outputs: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' keystone::wsgi::apache::ssl: false - + keystone::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::servername_admin: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml new file mode 100644 index 00000000..c8f67556 --- /dev/null +++ b/puppet/services/logging/fluentd-base.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: Fluentd base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +outputs: + role_data: + description: Role data for the Fluentd role. + value: + service_name: fluentd_base + config_settings: + fluentd::package_name: fluentd + fluentd::service_name: fluentd + fluentd::config_file: /etc/fluentd/fluent.conf + fluentd::config_owner: fluentd + fluentd::config_group: fluentd + fluentd::config_path: /etc/fluentd/config.d + fluentd::plugin_provider: yum + fluentd::service_provider: systemd + fluentd::repo_install: false diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml new file mode 100644 index 00000000..3ae7110f --- /dev/null +++ b/puppet/services/logging/fluentd-client.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-10-14 + +description: Fluentd client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + FluentdBase: + type: ./fluentd-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + +outputs: + role_data: + description: Role data for the Fluentd client role. + value: + service_name: fluentd_client + config_settings: + map_merge: + - get_attr: [FluentdBase, role_data, config_settings] + - tripleo::profile::base::logging::fluentd::fluentd_servers: + get_attr: [LoggingConfiguration, LoggingServers] + tripleo::profile::base::logging::fluentd::fluentd_filters: + yaql: + expression: > + $.data.filters.flatten().where($) + data: + filters: + - get_attr: [LoggingConfiguration, LoggingDefaultFilters] + - get_attr: [LoggingConfiguration, LoggingExtraFilters] + tripleo::profile::base::logging::fluentd::fluentd_pos_file_path: + get_attr: [LoggingConfiguration, LoggingPosFilePath] + tripleo::profile::base::logging::fluentd::fluentd_use_ssl: + get_attr: [LoggingConfiguration, LoggingUsesSSL] + tripleo::profile::base::logging::fluentd::fluentd_ssl_certificate: + get_attr: [LoggingConfiguration, LoggingSSLCertificate] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key: + get_attr: [LoggingConfiguration, LoggingSSLKey] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key_passphrase: + get_attr: [LoggingConfiguration, LoggingSSLKeyPassphrase] + tripleo::profile::base::logging::fluentd::fluentd_shared_key: + get_attr: [LoggingConfiguration, LoggingSharedKey] + step_config: | + include ::tripleo::profile::base::logging::fluentd diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml new file mode 100644 index 00000000..e051781e --- /dev/null +++ b/puppet/services/logging/fluentd-config.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2016-10-14 + +description: Fluentd logging configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + LoggingDefaultFormat: + description: > + Default format used to parse messages from log files. + type: string + default: >- + /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+) + (?<pid>\d+) + (?<priority>\S+) + (?<message>.*)$/ + LoggingPosFilePath: + description: > + Directory in which to place fluentd pos_file files (used to track + file position for the 'tail' input type). + type: string + default: /var/cache/fluentd + LoggingDefaultGroups: + description: > + Make fluentd user a member of these groups. Only override this parameter + if you want to modify the default list of groups. Use + LoggingExtraGroups to add the fluentd user to additional groups. + type: comma_delimited_list + default: + - root + LoggingExtraGroups: + description: > + Make fluentd user a member of these groups (in addition to + LoggingDefaultGroups and the groups provided by individual + composable services). + type: comma_delimited_list + default: [] + LoggingServers: + description: | + A list of destinations to which fluentd will forward log messages. Expects + a list of dictionaries of the form: + + - host: loghost1.example.com + port: 24224 + - host: loghost2.example.com + port: 24224 + type: json + default: [] + LoggingDefaultFilters: + description: > + A list of fluentd default filters. This will be passed verbatim + to the 'filter' key of a fluentd::config resource. Only override this + if you do not want the default set of filters; use LoggingExtraFilters + if you just want to add additional servers. + type: json + default: + - tag_pattern: '**' + type: record_transformer + record: + nodename: '${hostname}' + + - tag_pattern: 'openstack.**' + type: record_transformer + record: + component: '${tag_parts[1]}' + LoggingExtraFilters: + description: > + A list of additional fluentd filters. This will be passed + verbatim to the 'filter' key of a fluentd::config resource. + type: json + default: [] + LoggingUsesSSL: + description: > + A boolean value indicating whether or not we should forward log messages + use the secure_forward plugin. + type: boolean + default: false + LoggingSSLCertificate: + description: > + PEM-encoded SSL CA certificate for fluentd. + type: string + default: "" + LoggingSSLKey: + description: > + PEM-encoded key for fluentd CA certificate (used by in_secure_forward). + type: string + default: "" + LoggingSSLKeyPassphrase: + description: > + Passphrase for LoggingSSLKey (used by in_secure_forward). + type: string + default: "" + LoggingSharedKey: + description: > + Shared secret for fluentd secure-forward plugin. + type: string + default: "" + LoggingDefaultSources: + description: > + A list of default logging sources for fluentd. You should only override + this parameter if you wish to disable the default logging sources. Use + LoggingExtraSources to define additional source configurations. + type: json + default: [] + LoggingExtraSources: + description: > + A list of additional logging sources for fluentd. These will be combined + with the LoggingDefaultSources and any logging sources defined by + composable services. + type: json + default: [] + +outputs: + LoggingDefaultFormat: + value: {get_param: LoggingDefaultFormat} + LoggingDefaultFilters: + value: {get_param: LoggingDefaultFilters} + LoggingExtraFilters: + value: {get_param: LoggingExtraFilters} + LoggingDefaultGroups: + value: {get_param: LoggingDefaultGroups} + LoggingExtraGroups: + value: {get_param: LoggingExtraGroups} + LoggingPosFilePath: + value: {get_param: LoggingPosFilePath} + LoggingSSLCertificate: + value: {get_param: LoggingSSLCertificate} + LoggingSSLKey: + value: {get_param: LoggingSSLKey} + LoggingSSLKeyPassphrase: + value: {get_param: LoggingSSLKeyPassphrase} + LoggingServers: + value: {get_param: LoggingServers} + LoggingSharedKey: + value: {get_param: LoggingSharedKey} + LoggingUsesSSL: + value: {get_param: LoggingUsesSSL} + LoggingDefaultSources: + value: {get_param: LoggingDefaultSources} + LoggingExtraSources: + value: {get_param: LoggingExtraSources} diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 2e43730d..531b4b0b 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,14 +51,6 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword } - manila::keystone::auth::region: {get_param: KeystoneRegion } # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -66,6 +58,16 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} + manila::api::enable_proxy_headers_parsing: true step_config: | include ::tripleo::profile::base::manila::api - + service_config_settings: + keystone: + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index e4ca489a..8cfa20bd 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Neutron Server configured with Puppet @@ -39,7 +39,10 @@ parameters: type: string NeutronL3HA: default: false - description: Whether to enable HA for virtual routers + description: | + Whether to enable HA for virtual routers. While the default value is + 'false', L3 HA will be automatically enabled if the number of nodes hosting + controller configurations and DVR is disabled. type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. @@ -56,6 +59,18 @@ parameters: MonitoringSubscriptionNeutronServer: default: 'overcloud-neutron-server' type: string + NeutronApiLoggingSource: + type: json + default: + tag: openstack.neutron.api + path: /var/log/neutron/server.log + ControllerCount: + description: | + Under normal conditions, this should not be overridden manually and is + set at deployment time. The default value is present to allow the + template to be used in environments that do not override it. + default: 1 + type: number resources: @@ -66,12 +81,27 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} +conditions: + + auto_enable_l3_ha: + and: + - not: + equals: + - get_param: ControllerCount + - 1 + - equals: + - get_param: NeutronEnableDVR + - false + outputs: role_data: description: Role data for the Neutron Server agent service. value: service_name: neutron_api monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} + logging_source: {get_param: NeutronApiLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -84,18 +114,12 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - neutron::keystone::auth::tenant: 'service' - neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} - neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron::keystone::auth::password: {get_param: NeutronPassword} - neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {get_param: NeutronL3HA} + neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } @@ -131,3 +155,11 @@ outputs: neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server + service_config_settings: + keystone: + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index b2ad5dab..2cd08f98 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -34,6 +34,11 @@ parameters: MonitoringSubscriptionNeutronDhcp: default: 'overcloud-neutron-dhcp' type: string + NeutronDhcpAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.dhcp + path: /var/log/neutron/dhcp-agent.log resources: @@ -50,6 +55,9 @@ outputs: value: service_name: neutron_dhcp monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp} + logging_source: {get_param: NeutronDhcpAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 5eb3e252..b6c29116 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -29,6 +29,11 @@ parameters: MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string + NeutronL3ComputeAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3-compute + path: /var/log/neutron/l3-agent.log resources: @@ -45,6 +50,9 @@ outputs: value: service_name: neutron_l3_compute_dvr monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr} + logging_source: {get_param: NeutronL3ComputeAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index de62a507..9e223374 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -37,6 +37,11 @@ parameters: MonitoringSubscriptionNeutronL3: default: 'overcloud-neutron-l3-agent' type: string + NeutronL3AgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3 + path: /var/log/neutron/l3-agent.log resources: @@ -53,6 +58,9 @@ outputs: value: service_name: neutron_l3 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3} + logging_source: {get_param: NeutronL3AgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 320ae0ce..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -23,9 +23,16 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string @@ -33,6 +40,11 @@ parameters: MonitoringSubscriptionNeutronMetadata: default: 'overcloud-neutron-metadata' type: string + NeutronMetadataAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.metadata + path: /var/log/neutron/metadata-agent.log resources: @@ -49,6 +61,9 @@ outputs: value: service_name: neutron_metadata monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} + logging_source: {get_param: NeutronMetadataAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -57,11 +72,6 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index ade322ed..cbe65638 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -64,6 +64,11 @@ parameters: examples are: noop, openvswitch, iptables_hybrid. The default value of an empty string will result in a default supported configuration. type: string + NeutronOpenVswitchAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.openvswitch + path: /var/log/neutron/openvswitch-agent.log resources: @@ -80,6 +85,9 @@ outputs: value: service_name: neutron_ovs_agent monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} + logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index e1dbd8e1..25ae0176 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -46,6 +46,11 @@ parameters: MonitoringSubscriptionNovaApi: default: 'overcloud-nova-api' type: string + NovaApiLoggingSource: + type: json + default: + tag: openstack.nova.api + path: /var/log/nova/nova-api.log resources: NovaBase: @@ -61,6 +66,9 @@ outputs: value: service_name: nova_api monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi} + logging_source: {get_param: NovaApiLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -86,12 +94,6 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true - nova::keystone::auth::tenant: 'service' - nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova::keystone::auth::password: {get_param: NovaPassword} - nova::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -105,3 +107,11 @@ outputs: step_config: | include tripleo::profile::base::nova::api + service_config_settings: + keystone: + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index d1d7ae60..f7f2510e 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -70,6 +70,11 @@ parameters: MonitoringSubscriptionNovaCompute: default: 'overcloud-nova-compute' type: string + NovaComputeLoggingSource: + type: json + default: + tag: openstack.nova.compute + path: /var/log/nova/nova-compute.log resources: NovaBase: @@ -85,6 +90,9 @@ outputs: value: service_name: nova_compute monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} + logging_source: {get_param: NovaComputeLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -129,6 +137,9 @@ outputs: # internal_api_subnet - > IP/CIDR nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | # TODO(emilien): figure how to deal with libvirt profile. # We'll probably treat it like we do with Neutron plugins. diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 5dbc7cac..2671cdd3 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log resources: NovaBase: @@ -40,6 +45,9 @@ outputs: value: service_name: nova_conductor monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 13e3a26a..85e60420 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionNovaConsoleauth: default: 'overcloud-nova-consoleauth' type: string + NovaConsoleauthLoggingSource: + type: json + default: + tag: openstack.nova.consoleauth + path: /var/log/nova/nova-consoleauth.log resources: NovaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: nova_consoleauth monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth} + logging_source: {get_param: NovaConsoleauthLoggingSource} + logging_groups: + - nova config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml new file mode 100644 index 00000000..92373c56 --- /dev/null +++ b/puppet/services/nova-metadata.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + +outputs: + role_data: + description: Role data for the Nova Metadata service. + value: + service_name: nova_metadata + config_settings: + nova::api::metadata_workers: {get_param: NovaWorkers} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + step_config: "" diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 3ffc9c5a..d89e3e11 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -32,6 +32,11 @@ parameters: MonitoringSubscriptionNovaScheduler: default: 'overcloud-nova-scheduler' type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log resources: NovaBase: @@ -47,6 +52,9 @@ outputs: value: service_name: nova_scheduler monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 899fa353..85d59ae6 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionNovaVNCProxy: default: 'overcloud-nova-vncproxy' type: string + NovaVncproxyLoggingSource: + type: json + default: + tag: openstack.nova.vncproxy + path: /var/log/nova/nova-vncproxy.log resources: NovaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: nova_vnc_proxy monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy} + logging_source: {get_param: NovaVncproxyLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 5d1d666a..abfb9c80 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -66,6 +66,16 @@ parameters: ] } type: json + PacemakerLoggingSource: + type: json + default: + tag: system.pacemaker + path: /var/log/pacemaker.log,/var/log/cluster/corosync.log + format: >- + /^(?<time>[^ ]*\s*[^ ]* [^ ]*) + \[(?<pid>[^ ]*)\] + (?<host>[^ ]*) + (?<message>.*)$/ outputs: role_data: @@ -73,6 +83,9 @@ outputs: value: service_name: pacemaker monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker} + logging_groups: + - haclient + logging_source: {get_param: PacemakerLoggingSource} config_settings: pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index e4bcfc3e..6823789e 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_api monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderApiBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index eb578e5c..15e44be2 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_scheduler monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index d5dedf34..11b9bf8f 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_volume monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderVolumeBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderVolumeBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d555ed0a..f6d4be20 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -35,6 +35,13 @@ outputs: value: service_name: mysql config_settings: - get_attr: [MysqlBase, role_data, config_settings] + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index 684785af..20a439f6 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -58,6 +58,8 @@ outputs: value: service_name: glance_api monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 5bcabcab..41f89fdd 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: glance_registry monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index eae01b58..dd25905b 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api_cfn monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 5608ae91..18d2a0d5 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api_cloudwatch monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 6fd790c4..43122cb0 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index b8c962a8..54bfdad2 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: heat_engine monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 0a479c9a..908b9bbd 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: keystone monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]} + logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 9b9e5849..7fca73d6 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_dhcp monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index 21ac02d4..cdb87f50 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_l3 monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]} + logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 8c22d42d..49a31eb5 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_metadata monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index 18d60735..a2bd7c83 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_ovs_agent monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]} config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 3d565348..b86e438a 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_api monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index 9d55a48a..a0a766ec 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_conductor monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index 814505fb..5d51eb47 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_consoleauth monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index 27692268..8828ee11 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_scheduler monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml index d0c4f1d0..ebe84a03 100644 --- a/puppet/services/pacemaker/nova-vnc-proxy.yaml +++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_vnc_proxy monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index 214e8dbb..3dfb7d94 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: sahara_api monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index aa85115d..a06d11b3 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: sahara_engine monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index a0669dcd..52300a2f 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -58,7 +58,7 @@ outputs: dport: - 4369 - 5672 - - 35672 + - 25672 rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::port: '5672' @@ -66,10 +66,10 @@ outputs: rabbitmq::repos_ensure: false rabbitmq_environment: RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: - inet_dist_listen_min: '35672' - inet_dist_listen_max: '35672' + inet_dist_listen_min: '25672' + inet_dist_listen_max: '25672' rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7f15ca72..4f139b5f 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionSaharaApi: default: 'overcloud-sahara-api' type: string + SaharaApiLoggingSource: + type: json + default: + tag: openstack.sahara.api + path: /var/log/sahara/sahara-api.log resources: SaharaBase: @@ -48,16 +53,14 @@ outputs: value: service_name: sahara_api monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi} + logging_source: {get_param: SaharaApiLoggingSource} + logging_groups: + - sahara config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} sahara::service::api::api_workers: {get_param: SaharaWorkers} - sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara::keystone::auth::password: {get_param: SaharaPassword } - sahara::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -71,3 +74,11 @@ outputs: - 13386 step_config: | include ::tripleo::profile::base::sahara::api + service_config_settings: + keystone: + sahara::keystone::auth::tenant: 'service' + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c1ab8e8b..c3986b77 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -85,6 +85,5 @@ outputs: - storm sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' - sahara::keystone::auth::tenant: 'service' sahara::db::database_db_max_retries: -1 sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 9224fd5f..287c1c05 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionSaharaEngine: default: 'overcloud-sahara-engine' type: string + SaharaEngineLoggingSource: + type: json + default: + tag: openstack.sahara.engine + path: /var/log/sahara/sahara-engine.log resources: SaharaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: sahara_engine monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine} + logging_source: {get_param: SaharaEngineLoggingSource} + logging_groups: + - sahara config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index b54a6d7a..7b5fa40c 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -39,6 +39,9 @@ resources: EndpointMap: {get_param: EndpointMap} DefaultPasswords: {get_param: DefaultPasswords} + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + outputs: role_data: description: Combined Role data for this set of services. @@ -51,12 +54,56 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.subscriptions.where($ != null)) - data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} + expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + logging_sources: + # Transform the individual logging_source configuration from + # each service in the chain into a global list, adding some + # default configuration at the same time. + yaql: + expression: > + let( + default_format => $.data.default_format, + pos_file_path => $.data.pos_file_path, + sources => $.data.sources.flatten() + ) -> + $sources.where($ != null).select({ + 'type' => 'tail', + 'tag' => $.tag, + 'path' => $.path, + 'format' => $.get('format', $default_format), + 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos') + }) + data: + sources: + - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} + default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} + pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} + logging_groups: + # Build a list of unique groups to which we should add the + # fluentd user. + yaql: + expression: > + set($.data.groups.flatten()).where($) + data: + groups: + - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] + - yaql: + expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.configs.where($ != null)) - data: {configs: {get_attr: [ServiceChain, role_data, global_config_settings]}} + expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + service_config_settings: + yaql: + expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {get_attr: [ServiceChain, role_data]} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index d7b0cd7c..8b990bcd 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -66,25 +66,11 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} - swift::keystone::auth::password: {get_param: SwiftPassword} - swift::keystone::auth::region: {get_param: KeystoneRegion} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: - 8080 - 13808 - swift::keystone::auth::tenant: 'service' - swift::keystone::auth::configure_s3_endpoint: false - swift::keystone::auth::operator_roles: - - admin - - swiftoperator - - ResellerAdmin swift::proxy::keystone::operator_roles: - admin - swiftoperator @@ -113,3 +99,19 @@ outputs: swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ff0012ff..899ba66d 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json Hostname: type: string default: '' # Defaults to Heat created hostname @@ -91,6 +96,12 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: @@ -255,6 +266,8 @@ resources: object: mapped_data: # data supplied directly to this deployment configuration, etc tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} SwiftStorageHieraDeploy: diff --git a/roles_data.yaml b/roles_data.yaml index 523033cd..fe98d827 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -1,8 +1,30 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + - name: Controller + CountDefault: 1 ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephRgw - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -32,6 +54,7 @@ - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::MongoDb - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy @@ -69,9 +92,12 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::OpenDaylight - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::VipHosts - name: Compute + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephClient @@ -92,6 +118,7 @@ - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::VipHosts - name: BlockStorage @@ -105,6 +132,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::VipHosts - name: ObjectStorage @@ -119,6 +147,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::VipHosts - name: CephStorage @@ -131,4 +160,5 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::VipHosts |