diff options
26 files changed, 290 insertions, 46 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 2c91803b..26100639 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -426,6 +426,13 @@ topics: - file: environments/manila-vmax-config.yaml title: Deploys Manila with VMAX driver description: Deploys Manila and configures VMAX as its default backend. + - title: Manila with Isilon + description: > + Deploys Manila and configures it with the Isilon driver. + environments: + - file: environments/manila-isilon-config.yaml + title: Deploys Manila with Isilon driver + description: Deploys Manila and configures Isilon as its default backend. requires: - overcloud-resource-registry-puppet.yaml - title: Glance backends diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 5014a79b..79d5a280 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -123,6 +123,7 @@ parameter_defaults: CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' CephPoolDefaultSize: 1 + DockerCephDaemonImage: ceph/daemon:tag-build-master-jewel-centos-7 NovaEnableRbdBackend: true CinderEnableRbdBackend: true CinderBackupBackend: ceph diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index f0729425..73d3036c 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -5,7 +5,7 @@ # Per step puppet configuration of the baremetal host ##################################################### - name: Write the config_step hieradata - copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true + copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600 - name: Run puppet host configuration for step {{step}} command: >- puppet apply diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index 3af48464..1119fb60 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -190,29 +190,29 @@ resources: - name: Create /var/lib/tripleo-config directory file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest - copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes + copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600 # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - name: Write docker-puppet-tasks json files - copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes + copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600 # FIXME: can we move docker-puppet somewhere so it's installed via a package? - name: Write docker-puppet.py - copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes + copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600 # Here we are dumping all the docker container startup configuration data # so that we can have access to how they are started outside of heat # and docker-cmd. This lets us create command line tools to test containers. # FIXME do we need the docker-container-startup-configs.json or is the new per-step # data consumed by paunch enough? - name: Write docker-container-startup-configs - copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes + copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600 - name: Write per-step docker-container-startup-configs - copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes + copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600 with_dict: "{{docker_startup_configs}}" - name: Create /var/lib/kolla/config_files directory file: path=/var/lib/kolla/config_files state=directory - name: Write kolla config json files - copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes + copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600 with_dict: "{{kolla_config}}" ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id @@ -225,7 +225,7 @@ resources: - /var/lib/docker-puppet/docker-puppet-tasks*.json when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files - copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes + copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600 with_dict: "{{docker_puppet_tasks}}" when: deploy_server_id == bootstrap_server_id {%- endraw %} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 3344a812..7623eda6 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -82,6 +82,7 @@ - OS::TripleO::Services::ManilaApi - OS::TripleO::Services::ManilaScheduler - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity - OS::TripleO::Services::ManilaBackendCephFs diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 613adf10..0451ed51 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -366,6 +366,7 @@ for infile in infiles: outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile)) with open(outfile, 'w') as out_f: + os.chmod(out_f.name, 0600) json.dump(infile_data, out_f) if not success: diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index bf2c86c4..2a592869 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -118,7 +118,6 @@ parameters: DockerCephDaemonImage: description: image type: string - default: 'ceph/daemon:tag-build-master-jewel-centos-7' conditions: custom_registry_host: @@ -241,7 +240,7 @@ outputs: - - client - {get_param: ManilaCephFSNativeCephFSAuthId} key: {get_param: CephManilaClientKey} - mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create" + mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"' mds_cap: "allow *" osd_cap: "allow rw" mode: "0644" diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 980a8c6d..487b4c67 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -36,9 +36,19 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: + ContainersCommon: + type: ../containers-common.yaml + RedisBase: type: ../../../puppet/services/database/redis.yaml properties: @@ -56,6 +66,8 @@ outputs: map_merge: - {get_attr: [RedisBase, role_data, config_settings]} - redis::daemonize: false + tripleo::stunnel::manage_service: false + tripleo::stunnel::foreground: 'yes' step_config: &step_config get_attr: [RedisBase, role_data, step_config] service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} @@ -80,31 +92,60 @@ outputs: - path: /var/run/redis owner: redis:redis recurse: true + /var/lib/kolla/config_files/redis_tls_proxy.json: + command: stunnel /etc/stunnel/stunnel.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: - redis_init_logs: - start_order: 0 - detach: false - image: &redis_image {get_param: DockerRedisImage} - privileged: false - user: root - volumes: - - /var/log/containers/redis:/var/log/redis - command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] - redis: - start_order: 1 - image: *redis_image - net: host - privileged: false - restart: always - volumes: - - /run:/run - - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/redis:/var/log/redis - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - redis_init_logs: + start_order: 0 + detach: false + image: &redis_image {get_param: DockerRedisImage} + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] + - redis: + start_order: 1 + image: *redis_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/redis:/var/log/redis + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - redis_tls_proxy: + start_order: 2 + image: *redis_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro + - /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro + - /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + metadata_settings: + get_attr: [RedisBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml index 6a62f65e..2a6fcfe8 100644 --- a/docker/services/opendaylight-api.yaml +++ b/docker/services/opendaylight-api.yaml @@ -97,10 +97,21 @@ outputs: - - /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/opendaylight:/opt/opendaylight/data/log + - /var/lib/opendaylight/journal:/opt/opendaylight/journal + - /var/lib/opendaylight/snapshots:/opt/opendaylight/snapshots environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/opendaylight + - /var/lib/opendaylight/snapshots + - /var/lib/opendaylight/journal upgrade_tasks: - name: Stop and disable opendaylight_api service tags: step2 - service: name=opendaylight state=stopped enabled=no + service: name=opendaylight state=stopped enabled=no
\ No newline at end of file diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 2e5c7424..3cdc5255 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -88,6 +88,7 @@ outputs: - get_param: InternalTLSCAFile - get_param: HAProxyInternalTLSKeysDirectory - get_param: HAProxyInternalTLSCertsDirectory + - get_param: DeployedSSLCertificatePath tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory} tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory} # disable the use CRL file until we can restart the container when the file expires diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index 4b170751..bd697160 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -87,6 +87,7 @@ - OS::TripleO::Services::ManilaBackendGeneric - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendVNX - OS::TripleO::Services::ManilaBackendVMAX diff --git a/environments/manila-isilon-config.yaml b/environments/manila-isilon-config.yaml new file mode 100644 index 00000000..809900c8 --- /dev/null +++ b/environments/manila-isilon-config.yaml @@ -0,0 +1,17 @@ +# This environment file enables Manila with the Isilon backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendIsilon: ../puppet/services/manila-backend-isilon.yaml + +parameter_defaults: + ManilaIsilonBackendName: tripleo_isilon + ManilaIsilonDriverHandlesShareServers: true + ManilaIsilonNasLogin: '' + ManilaIsilonNasPassword: '' + ManilaIsilonNasServer: '' + ManilaIsilonNasRootDir: '' + ManilaIsilonNasServerPort: 8080 + ManilaIsilonNasServerSecure: '' diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml index d675252d..236b2fb9 100644 --- a/environments/neutron-opendaylight-dpdk.yaml +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -12,6 +12,7 @@ parameter_defaults: NeutronMechanismDrivers: 'opendaylight_v2' NeutronServicePlugins: 'odl-router_v2' NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + OpenDaylightSNATMechanism: 'controller' ComputeOvsDpdkParameters: OvsEnableDpdk: True diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index bc14adb0..8f4b4b48 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -231,6 +231,7 @@ resource_registry: OS::TripleO::Services::ManilaScheduler: OS::Heat::None OS::TripleO::Services::ManilaShare: OS::Heat::None OS::TripleO::Services::ManilaBackendGeneric: OS::Heat::None + OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 2a6a89e9..8436062a 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -38,6 +38,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -53,10 +59,20 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} + # Bind to localhost if internal TLS is enabled, since we put a TLs + # proxy in front. + redis::bind: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' - redis::sentinel::sentinel_bind: {get_param: [ServiceNetMap, RedisNetwork]} + redis::sentinel::sentinel_bind: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, RedisNetwork]} redis::ulimit: {get_param: RedisFDLimit} diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bdcc4fcd..810e467e 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -30,8 +30,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: + RedisBase: type: ./redis-base.yaml properties: @@ -41,6 +48,7 @@ resources: EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -55,8 +63,41 @@ outputs: dport: - 6379 - 26379 + tripleo::profile::base::database::redis::tls_proxy_bind_ip: + get_param: [ServiceNetMap, RedisNetwork] + tripleo::profile::base::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::base::database::redis::tls_proxy_port: 6379 + - if: + - use_tls_proxy + - redis_certificate_specs: + service_certificate: '/etc/pki/tls/certs/redis.crt' + service_key: '/etc/pki/tls/private/redis.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + principal: + str_replace: + template: "redis/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::redis + metadata_settings: + if: + - use_tls_proxy + - + - service: redis + network: {get_param: [ServiceNetMap, RabbitmqNetwork]} + type: vip + - null upgrade_tasks: - name: Check if redis is deployed command: systemctl is-enabled redis diff --git a/puppet/services/manila-backend-isilon.yaml b/puppet/services/manila-backend-isilon.yaml new file mode 100644 index 00000000..6d8a1fb6 --- /dev/null +++ b/puppet/services/manila-backend-isilon.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Openstack Manila isilon backend. + +parameters: + ManilaIsilonDriverHandlesShareServers: + type: string + default: true + ManilaIsilonBackendName: + type: string + default: tripleo_isilon + ManilaIsilonNasLogin: + type: string + default: '' + ManilaIsilonNasPassword: + type: string + default: '' + ManilaIsilonNasServer: + type: string + default: '' + ManilaIsilonNasRootDir: + type: string + default: '' + ManilaIsilonNasServerPort: + type: number + default: 8080 + ManilaIsilonNasServerSecure: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Manila Isilon backend. + value: + service_name: manila_backend_isilon + config_settings: + manila::backend::dellemc_isilon::title: {get_param: ManilaIsilonBackendName} + manila::backend::dellemc_isilon::emc_nas_login: {get_param: ManilaIsilonNasLogin} + manila::backend::dellemc_isilon::driver_handles_share_servers: {get_param: ManilaIsilonDriverHandlesShareServers} + manila::backend::dellemc_isilon::emc_nas_password: {get_param: ManilaIsilonNasPassword} + manila::backend::dellemc_isilon::emc_nas_server: {get_param: ManilaIsilonNasServer} + manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir} + manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort} + manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure} + step_config: diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml index 2774b03e..26380649 100644 --- a/puppet/services/neutron-plugin-nsx.yaml +++ b/puppet/services/neutron-plugin-nsx.yaml @@ -65,14 +65,14 @@ outputs: value: service_name: neutron_plugin_nsx config_settings: - neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz} - neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router} - neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers} - neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser} - neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword} - neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata} - neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid} - neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid} + neutron::plugins::nsx::default_overlay_tz: {get_param: DefaultOverlayTz} + neutron::plugins::nsx::default_tier0_router: {get_param: DefaultTier0Router} + neutron::plugins::nsx::nsx_api_managers: {get_param: NsxApiManagers} + neutron::plugins::nsx::nsx_api_user: {get_param: NsxApiUser} + neutron::plugins::nsx::nsx_api_password: {get_param: NsxApiPassword} + neutron::plugins::nsx::native_dhcp_metadata: {get_param: NativeDhcpMetadata} + neutron::plugins::nsx::dhcp_profile_uuid: {get_param: DhcpProfileUuid} + neutron::plugins::nsx::metadata_proxy_uuid: {get_param: MetadataProxyUuid} step_config: | - include tripleo::profile::base::neutron::plugins::nsx_v3 + include tripleo::profile::base::neutron::plugins::nsx diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 472dbcce..71536ff3 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -62,6 +62,14 @@ parameters: description: Whether to manage the OpenDaylight repository type: boolean default: false + OpenDaylightSNATMechanism: + description: SNAT mechanism to be used + default: 'conntrack' + type: string + constraints: + - allowed_values: + - conntrack + - controller outputs: role_data: @@ -84,6 +92,7 @@ outputs: - 6640 - 6653 - 2550 + opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism} step_config: | include tripleo::profile::base::neutron::opendaylight upgrade_tasks: diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index 66eb4b2a..e466f304 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -53,5 +53,16 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true + tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: + get_param: [ServiceNetMap, RedisNetwork] + tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379 step_config: | include ::tripleo::profile::pacemaker::database::redis + metadata_settings: + get_attr: [RedisBase, role_data, metadata_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index ba3a0984..a1a60201 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -122,6 +122,7 @@ outputs: rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} rabbitmq::ssl_port: 5672 rabbitmq::ssl_depth: 1 rabbitmq::ssl_only: {get_param: EnableInternalTLS} diff --git a/releasenotes/notes/configuring-snat-in-opendaylight-d5ed4d62275e1876.yaml b/releasenotes/notes/configuring-snat-in-opendaylight-d5ed4d62275e1876.yaml new file mode 100644 index 00000000..31564e09 --- /dev/null +++ b/releasenotes/notes/configuring-snat-in-opendaylight-d5ed4d62275e1876.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Configure OpenDaylight SNAT to use conntrack mechanism with OVS and controller + based mechanism with OVS-DPDK. diff --git a/releasenotes/notes/isilon_manila_e9677898724a11e7.yaml b/releasenotes/notes/isilon_manila_e9677898724a11e7.yaml new file mode 100644 index 00000000..8eb50b8f --- /dev/null +++ b/releasenotes/notes/isilon_manila_e9677898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC Isilon manila driver diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 603aec9d..88e4dfed 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -82,6 +82,7 @@ - OS::TripleO::Services::ManilaApi - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity - OS::TripleO::Services::ManilaBackendVNX diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 22ae5a9c..cc497822 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::ManilaApi - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity - OS::TripleO::Services::ManilaBackendVNX diff --git a/roles_data.yaml b/roles_data.yaml index d4a928c2..1cdaf262 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -85,6 +85,7 @@ - OS::TripleO::Services::ManilaApi - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity - OS::TripleO::Services::ManilaBackendVNX |