diff options
| -rw-r--r-- | environments/neutron-ovs-dvr.yaml | 8 | ||||
| -rw-r--r-- | extraconfig/tasks/major_upgrade_ceph_storage.sh | 77 | ||||
| -rw-r--r-- | network/ports/net_ip_list_map.yaml | 19 | ||||
| -rw-r--r-- | overcloud-without-mergepy.yaml | 1038 | ||||
| -rw-r--r-- | overcloud.yaml | 122 | ||||
| -rw-r--r-- | puppet/all-nodes-config.yaml | 37 | ||||
| -rw-r--r-- | puppet/ceph-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/cinder-storage.yaml | 12 | ||||
| -rw-r--r-- | puppet/compute-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/controller-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/controller.yaml | 92 | ||||
| -rw-r--r-- | puppet/services/horizon.yaml | 13 | ||||
| -rw-r--r-- | puppet/services/pacemaker.yaml | 57 | ||||
| -rw-r--r-- | puppet/services/snmp.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/tripleo-firewall.yaml | 11 | ||||
| -rw-r--r-- | puppet/swift-devices-and-proxy-config.yaml | 10 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/vip-config.yaml | 93 |
19 files changed, 320 insertions, 1278 deletions
diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index 223c2531..f60edb01 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -22,3 +22,11 @@ parameter_defaults: # We also need to set the proper agent mode for the L3 agent. This will only # affect the agent on the controller node. NeutronL3AgentMode: 'dvr_snat' + + # L3 HA isn't supported for DVR enabled routers. If upgrading from a system + # where L3 HA is enabled and has neutron routers configured, it is + # recommended setting this value to true until such time all routers can be + # migrated to DVR routers. Once migration of the routers is complete, + # NeutronL3HA can be returned to false. All new systems should be deployed + # with NeutronL3HA set to false. + NeutronL3HA: false diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index de42b16d..03a1c1c2 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -4,32 +4,89 @@ # major upgrade workflow. # set -eu +set -o pipefail UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh -cat > $UPGRADE_SCRIPT << ENDOFCAT +cat > $UPGRADE_SCRIPT << 'ENDOFCAT' +#!/bin/bash ### DO NOT MODIFY THIS FILE ### This file is automatically delivered to the ceph-storage nodes as part of the ### tripleo upgrades workflow +set -eu + +echo INFO: starting $(basename "$0") +# Exit if not running +if ! pidof ceph-osd; then + echo INFO: ceph-osd is not running, skipping + exit 0 +fi -function systemctl_ceph { - action=\$1 - systemctl \$action ceph -} +# Exit if not Hammer +INSTALLED_VERSION=$(ceph --version | awk '{print $3}') +if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then + echo INFO: version of Ceph installed is not 0.94, skipping + exit 0 +fi -# "so that mirrors aren't rebalanced as if the OSD died" - gfidente +OSD_PIDS=$(pidof ceph-osd) +OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }') + +# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb ceph osd set noout +ceph osd set norebalance +ceph osd set nodeep-scrub +ceph osd set noscrub + +# Stop daemon using Hammer sysvinit script +for OSD_ID in $OSD_IDS; do + service ceph stop osd.${OSD_ID} +done + +# Nice guy will return non-0 only when all failed +timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do + sleep 2; +done" -systemctl_ceph stop +# Update (Ceph to Jewel) yum -y install python-zaqarclient # needed for os-collect-config yum -y update -systemctl_ceph start -ceph osd unset noout +# Restart/Exit if not on Jewel, only in that case we need the changes +UPDATED_VERSION=$(ceph --version | awk '{print $3}') +if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then + echo WARNING: Ceph was not upgraded, restarting daemon + for OSD_ID in $OSD_IDS; do + service ceph start osd.${OSD_ID} + done +elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then + # RPM could own some of these but we can't take risks on the pre-existing files + for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do + chown -R ceph:ceph $d + done + + # Replay udev events with newer rules + udevadm trigger && udevadm settle + + # Enable systemd unit + systemctl enable ceph-osd.target + for OSD_ID in $OSD_IDS; do + systemctl enable ceph-osd@${OSD_ID} + systemctl start ceph-osd@${OSD_ID} + done + echo INFO: Ceph was upgraded to Jewel +else + echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention + exit 1 +fi + +ceph osd unset noout +ceph osd unset norebalance +ceph osd unset nodeep-scrub +ceph osd unset noscrub ENDOFCAT # ensure the permissions are OK chmod 0755 $UPGRADE_SCRIPT - diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 36f3358e..07e2de4c 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -28,6 +28,9 @@ parameters: ServiceNetMap: default: {} type: json + ServiceHostnameList: + default: [] + type: comma_delimited_list outputs: net_ip_map: @@ -71,3 +74,19 @@ outputs: storage_mgmt: {get_param: StorageMgmtIpList} tenant: {get_param: TenantIpList} management: {get_param: ManagementIpList} + service_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_node_names: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_param: EnabledServices} diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml deleted file mode 100644 index a85c57c0..00000000 --- a/overcloud-without-mergepy.yaml +++ /dev/null @@ -1,1038 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Deploy an OpenStack environment, consisting of several node types (roles), - Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage - roles enable independent scaling of the storage components, but the minimal - deployment is one Controller and one Compute node. - - -# TODO(shadower): we should probably use the parameter groups to put -# some order in here. -parameters: - - # Common parameters (not specific to a role) - CloudName: - default: overcloud - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - CloudNameInternal: - default: overcloud.internalapi.localdomain - description: > - The DNS name of this cloud's internal API endpoint. E.g. - 'ci-overcloud.internalapi.tripleo.org'. - type: string - CloudNameStorage: - default: overcloud.storage.localdomain - description: > - The DNS name of this cloud's storage endpoint. E.g. - 'ci-overcloud.storage.tripleo.org'. - type: string - CloudNameStorageManagement: - default: overcloud.storagemgmt.localdomain - description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.storagemgmt.tripleo.org'. - type: string - CloudNameManagement: - default: overcloud.management.localdomain - description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. - type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json - InternalApiVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the InternalApiVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - NeutronControlPlaneID: - default: 'ctlplane' - type: string - description: Neutron ID or name for ctlplane network. - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - PublicVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - StorageVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the StorageVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - StorageMgmtVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - RedisVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the virtual IP used by Redis. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. - type: json - - # Controller-specific params - ControllerCount: - type: number - default: 1 - controllerExtraConfig: - default: {} - description: | - Deprecated. Use ControllerExtraConfig via parameter_defaults instead. - type: json - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The format required - may be implementation specific, e.g puppet hieradata. Any role specific - ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. - type: json - -# Compute-specific params - ComputeCount: - type: number - default: 1 - HypervisorNeutronPhysicalBridge: - default: 'br-ex' - description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. - type: string - HypervisorNeutronPublicInterface: - default: nic1 - description: What interface to add to the HypervisorNeutronPhysicalBridge. - type: string - - ControllerServices: - default: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::CinderApi - - OS::TripleO::Services::CinderBackup - - OS::TripleO::Services::CinderScheduler - - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Core - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone - - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - - OS::TripleO::Services::HeatApi - - OS::TripleO::Services::HeatApiCfn - - OS::TripleO::Services::HeatApiCloudwatch - - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::MySQL - - OS::TripleO::Services::NeutronDhcpAgent - - OS::TripleO::Services::NeutronL3Agent - - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin - - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb - - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - - OS::TripleO::Services::NovaVncproxy - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::CeilometerApi - - OS::TripleO::Services::CeilometerCollector - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::Tripleo::Services::ManilaApi - - OS::Tripleo::Services::ManilaScheduler - - OS::Tripleo::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylight - - OS::TripleO::Services::SensuClient - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the Controllers. - type: comma_delimited_list - - ComputeServices: - default: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CephClient - - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent - - OS::TripleO::Services::ComputeCeilometerAgent - - OS::TripleO::Services::ComputeNeutronL3Agent - - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::NeutronSriovAgent - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the Compute Nodes. - type: comma_delimited_list - -# Block storage specific parameters - BlockStorageCount: - type: number - default: 0 - BlockStorageExtraConfig: - default: {} - description: | - BlockStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - BlockStorageServices: - default: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the BlockStorage nodes. - type: comma_delimited_list - -# Object storage specific parameters - ObjectStorageCount: - type: number - default: 0 - ObjectStorageExtraConfig: - default: {} - description: | - ObjectStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - ObjectStorageServices: - default: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the ObjectStorage nodes. - Note this role currently only supports steps 2, 3 and 4 configuration. - type: comma_delimited_list - - -# Ceph storage specific parameters - CephStorageCount: - type: number - default: 0 - CephStorageExtraConfig: - default: {} - description: | - CephStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - CephStorageServices: - default: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CephOSD - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the CephStorage nodes. - type: comma_delimited_list - - # Hostname format for each role - # Note %index% is translated into the index of the node, e.g 0/1/2 etc - # and %stackname% is replaced with OS::stack_name in the template below. - # If you want to use the heat generated names, pass '' (empty string). - ControllerHostnameFormat: - type: string - description: Format for Controller node hostnames - default: '%stackname%-controller-%index%' - ComputeHostnameFormat: - type: string - description: Format for Compute node hostnames - default: '%stackname%-novacompute-%index%' - BlockStorageHostnameFormat: - type: string - description: Format for BlockStorage node hostnames - default: '%stackname%-blockstorage-%index%' - ObjectStorageHostnameFormat: - type: string - description: Format for SwiftStorage node hostnames - default: '%stackname%-objectstorage-%index%' - CephStorageHostnameFormat: - type: string - description: Format for CephStorage node hostnames - default: '%stackname%-cephstorage-%index%' - - # Identifiers to trigger tasks on nodes - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - - # If you want to remove a specific node from a resource group, you can pass - # the node name or id as a <Group>RemovalPolicies parameter, for example: - # ComputeRemovalPolicies: [{'resource_list': ['0']}] - ControllerRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ControllerResourceGroup when - doing an update which requires removal of specific resources. - ComputeRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ComputeResourceGroup when - doing an update which requires removal of specific resources. - BlockStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from BlockStorageResourceGroup when - doing an update which requires removal of specific resources. - ObjectStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ObjectStorageResourceGroup when - doing an update which requires removal of specific resources. - CephStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from CephStorageResourceGroup when - doing an update which requires removal of specific resources. - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - - -resources: - - HeatAuthEncryptionKey: - type: OS::Heat::RandomString - - PcsdPassword: - type: OS::Heat::RandomString - properties: - length: 16 - - HorizonSecret: - type: OS::Heat::RandomString - properties: - length: 10 - - ServiceNetMap: - type: OS::TripleO::ServiceNetMap - - EndpointMap: - type: OS::TripleO::EndpointMap - properties: - CloudEndpoints: - external: {get_param: CloudName} - internal_api: {get_param: CloudNameInternal} - storage: {get_param: CloudNameStorage} - storage_mgmt: {get_param: CloudNameStorageManagement} - management: {get_param: CloudNameManagement} - NetIpMap: {get_attr: [VipMap, net_ip_map]} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - - ControllerServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: ControllerServices} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} - - Controller: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ControllerCount} - removal_policies: {get_param: ControllerRemovalPolicies} - resource_def: - type: OS::TripleO::Controller - properties: - CloudDomain: {get_param: CloudDomain} - controllerExtraConfig: {get_param: controllerExtraConfig} - PcsdPassword: {get_resource: PcsdPassword} - RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} - RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - Hostname: - str_replace: - template: {get_param: ControllerHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]} - ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ControllerServiceChain, role_data, monitoring_subscriptions]} - - ComputeServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: ComputeServices} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} - - Compute: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ComputeCount} - removal_policies: {get_param: ComputeRemovalPolicies} - resource_def: - type: OS::TripleO::Compute - properties: - CloudDomain: {get_param: CloudDomain} - NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} - NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - Hostname: - str_replace: - template: {get_param: ComputeHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]} - ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ComputeServiceChain, role_data, monitoring_subscriptions]} - - BlockStorageServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: BlockStorageServices} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} - - BlockStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: BlockStorageCount} - removal_policies: {get_param: BlockStorageRemovalPolicies} - resource_def: - type: OS::TripleO::BlockStorage - properties: - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: BlockStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - ExtraConfig: {get_param: ExtraConfig} - BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]} - ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [BlockStorageServiceChain, role_data, monitoring_subscriptions]} - - ObjectStorageServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: ObjectStorageServices} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} - - ObjectStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ObjectStorageCount} - removal_policies: {get_param: ObjectStorageRemovalPolicies} - resource_def: - type: OS::TripleO::ObjectStorage - properties: - UpdateIdentifier: {get_param: UpdateIdentifier} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - Hostname: - str_replace: - template: {get_param: ObjectStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]} - ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [ObjectStorageServiceChain, role_data, monitoring_subscriptions]} - - CephStorageServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: CephStorageServices} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} - - CephStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: CephStorageCount} - removal_policies: {get_param: CephStorageRemovalPolicies} - resource_def: - type: OS::TripleO::CephStorage - properties: - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: CephStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - CephStorageExtraConfig: {get_param: CephStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]} - ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]} - MonitoringSubscriptions: {get_attr: [CephStorageServiceChain, role_data, monitoring_subscriptions]} - - ControllerIpListMap: - type: OS::TripleO::Network::Ports::NetIpListMap - properties: - ControlPlaneIpList: {get_attr: [Controller, ip_address]} - ExternalIpList: {get_attr: [Controller, external_ip_address]} - InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} - StorageIpList: {get_attr: [Controller, storage_ip_address]} - StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]} - TenantIpList: {get_attr: [Controller, tenant_ip_address]} - ManagementIpList: {get_attr: [Controller, management_ip_address]} - EnabledServices: {get_attr: [ControllerServiceChain, role_data, service_names]} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} - - allNodesConfig: - type: OS::TripleO::AllNodes::SoftwareConfig - properties: - hosts: - - list_join: - - '\n' - - {get_attr: [Compute, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [Controller, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [BlockStorage, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [ObjectStorage, hosts_entry]} - - list_join: - - '\n' - - {get_attr: [CephStorage, hosts_entry]} - enabled_services: - list_join: - - ',' - - {get_attr: [ControllerServiceChain, role_data, service_names]} - - {get_attr: [ComputeServiceChain, role_data, service_names]} - - {get_attr: [BlockStorageServiceChain, role_data, service_names]} - - {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - - {get_attr: [CephStorageServiceChain, role_data, service_names]} - controller_ips: {get_attr: [Controller, ip_address]} - controller_names: {get_attr: [Controller, hostname]} - service_ips: {get_attr: [ControllerIpListMap, service_ips]} - # FIXME(shardy): These require further work to move into service_ips - rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitmqNetwork]}]} - memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} - keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - ceph_mon_node_names: {get_attr: [Controller, hostname]} - DeployIdentifier: {get_param: DeployIdentifier} - UpdateIdentifier: {get_param: UpdateIdentifier} - - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: {get_param: RabbitCookieSalt} - - DefaultPasswords: - type: OS::TripleO::DefaultPasswords - properties: - DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - DefaultRabbitCookie: {get_attr: [RabbitCookie, value]} - DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]} - DefaultPcsdPassword: {get_attr: [PcsdPassword, value]} - DefaultHorizonSecret: {get_attr: [HorizonSecret, value]} - - # creates the network architecture - Networks: - type: OS::TripleO::Network - - ControlVirtualIP: - type: OS::Neutron::Port - depends_on: Networks - properties: - name: control_virtual_ip - network: {get_param: NeutronControlPlaneID} - fixed_ips: {get_param: ControlFixedIPs} - replacement_policy: AUTO - - RedisVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::RedisVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: redis_virtual_ip - NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]} - ServiceName: redis - FixedIPs: {get_param: RedisVirtualFixedIPs} - - # The public VIP is on the External net, falls back to ctlplane - PublicVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::ExternalVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: public_virtual_ip - FixedIPs: {get_param: PublicVirtualFixedIPs} - - InternalApiVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::InternalApiVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: internal_api_virtual_ip - FixedIPs: {get_param: InternalApiVirtualFixedIPs} - - StorageVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::StorageVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_virtual_ip - FixedIPs: {get_param: StorageVirtualFixedIPs} - - StorageMgmtVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::StorageMgmtVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_management_virtual_ip - FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} - - VipMap: - type: OS::TripleO::Network::Ports::NetVipMap - properties: - ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} - ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} - InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} - StorageIp: {get_attr: [StorageVirtualIP, ip_address]} - StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} - StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} - # No tenant or management VIP required - - VipConfig: - type: OS::TripleO::VipConfig - - VipDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: VipDeployment - config: {get_resource: VipConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - input_values: - # service VIP mappings - keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} - cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} - glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} - glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceRegistryNetwork]}]} - swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} - nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} - nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaMetadataNetwork]}]} - ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} - aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} - gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} - heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} - horizon_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HorizonNetwork]}]} - redis_vip: {get_attr: [RedisVirtualIP, ip_address]} - manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} - mysql_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]} - rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitMqNetwork]}]} - # direct configuration of Virtual IPs for each network - control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} - public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} - internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} - sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} - ironic_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} - opendaylight_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} - storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} - storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - - ControllerSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerSwiftDeployment - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ObjectStorageSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ObjectStorageSwiftDeployment - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - SwiftDevicesAndProxyConfig: - type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig - properties: - controller_swift_devices: {get_attr: [Controller, swift_device]} - object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} - controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} - - ControllerAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - input_values: - bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} - - ComputeAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ComputeAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - input_values: - bootstrap_nodeid: {get_attr: [Compute, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [Compute, resource.0.ip_address]} - - BlockStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: BlockStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - input_values: - bootstrap_nodeid: {get_attr: [BlockStorage, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [BlockStorage, resource.0.ip_address]} - - ObjectStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ObjectStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - input_values: - bootstrap_nodeid: {get_attr: [ObjectStorage, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [ObjectStorage, resource.0.ip_address]} - - CephStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: CephStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - input_values: - bootstrap_nodeid: {get_attr: [CephStorage, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [CephStorage, resource.0.ip_address]} - - # All Nodes Validations - AllNodesValidationConfig: - type: OS::TripleO::AllNodes::Validation - properties: - PingTestIps: - list_join: - - ' ' - - - {get_attr: [Controller, resource.0.external_ip_address]} - - {get_attr: [Controller, resource.0.internal_api_ip_address]} - - {get_attr: [Controller, resource.0.storage_ip_address]} - - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} - - {get_attr: [Controller, resource.0.tenant_ip_address]} - - {get_attr: [Controller, resource.0.management_ip_address]} - - ControllerAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ControllerAllNodesDeployment - properties: - name: ControllerAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ComputeAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ComputeAllNodesDeployment - properties: - name: ComputeAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - BlockStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: BlockStorageAllNodesDeployment - properties: - name: BlockStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - - ObjectStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ObjectStorageAllNodesDeployment - properties: - name: ObjectStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - CephStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: CephStorageAllNodesDeployment - properties: - name: CephStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - UpdateWorkflow: - type: OS::TripleO::Tasks::UpdateWorkflow - properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - input_values: - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - - # Optional ExtraConfig for all nodes - all roles are passed in here, but - # the nested template may configure each role differently (or not at all) - AllNodesExtraConfig: - type: OS::TripleO::AllNodesExtraConfig - depends_on: - - UpdateWorkflow - - ComputeAllNodesValidationDeployment - - BlockStorageAllNodesValidationDeployment - - ObjectStorageAllNodesValidationDeployment - - CephStorageAllNodesValidationDeployment - - ControllerAllNodesValidationDeployment - properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # Nested stack deployment runs after all other controller deployments - ControllerNodesPostDeployment: - type: OS::TripleO::ControllerPostDeployment - depends_on: [ControllerAllNodesDeployment, ControllerSwiftDeployment] - properties: - servers: {get_attr: [Controller, attributes, nova_server_resource]} - RoleData: {get_attr: [ControllerServiceChain, role_data]} - - ComputeNodesPostDeployment: - type: OS::TripleO::ComputePostDeployment - depends_on: [ComputeAllNodesDeployment] - properties: - servers: {get_attr: [Compute, attributes, nova_server_resource]} - RoleData: {get_attr: [ComputeServiceChain, role_data]} - - ObjectStorageNodesPostDeployment: - type: OS::TripleO::ObjectStoragePostDeployment - depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment] - properties: - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - RoleData: {get_attr: [ObjectStorageServiceChain, role_data]} - - BlockStorageNodesPostDeployment: - type: OS::TripleO::BlockStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment] - properties: - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - RoleData: {get_attr: [BlockStorageServiceChain, role_data]} - - CephStorageNodesPostDeployment: - type: OS::TripleO::CephStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, CephStorageAllNodesDeployment] - properties: - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - RoleData: {get_attr: [CephStorageServiceChain, role_data]} - - -outputs: - ManagedEndpoints: - description: Asserts that the keystone endpoints have been provisioned. - value: true - KeystoneURL: - description: URL for the Overcloud Keystone service - value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} - KeystoneAdminVip: - description: Keystone Admin VIP endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - PublicVip: - description: Controller VIP for public API endpoints - value: {get_attr: [VipMap, net_ip_map, external]} - AodhInternalVip: - description: VIP for Aodh API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} - CeilometerInternalVip: - description: VIP for Ceilometer API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} - CinderInternalVip: - description: VIP for Cinder API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} - GlanceInternalVip: - description: VIP for Glance API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} - GnocchiInternalVip: - description: VIP for Gnocchi API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} - HeatInternalVip: - description: VIP for Heat API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} - IronicInternalVip: - description: VIP for Ironic API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} - KeystoneInternalVip: - description: VIP for Keystone API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - ManilaInternalVip: - description: VIP for Manila API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} - NeutronInternalVip: - description: VIP for Neutron API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} - NovaInternalVip: - description: VIP for Nova API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} - OpenDaylightInternalVip: - description: VIP for OpenDaylight API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} - SaharaInternalVip: - description: VIP for Sahara API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} - SwiftInternalVip: - description: VIP for Swift Proxy internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} - EndpointMap: - description: | - Mapping of the resources with the needed info for their endpoints. - This includes the protocol used, the IP, port and also a full - representation of the URI. - value: {get_attr: [EndpointMap, endpoint_map]} - HostsEntry: - description: | - The content that should be appended to your /etc/hosts if you want to get - hostname-based access to the deployed nodes (useful for testing without - setting up a DNS). - value: {get_attr: [allNodesConfig, hosts_entries]} - EnabledServices: - description: The services enabled on each role - value: - Controller: {get_attr: [ControllerServiceChain, role_data, service_names]} - Compute: {get_attr: [ComputeServiceChain, role_data, service_names]} - BlockStorage: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - CephStorage: {get_attr: [CephStorageServiceChain, role_data, service_names]} diff --git a/overcloud.yaml b/overcloud.yaml index a85c57c0..84ac2f44 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Deploy an OpenStack environment, consisting of several node types (roles), @@ -13,7 +13,7 @@ parameters: # Common parameters (not specific to a role) CloudName: - default: overcloud + default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string CloudNameInternal: @@ -440,9 +440,7 @@ resources: properties: CloudDomain: {get_param: CloudDomain} controllerExtraConfig: {get_param: controllerExtraConfig} - PcsdPassword: {get_resource: PcsdPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} - RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} Hostname: @@ -598,6 +596,63 @@ resources: ManagementIpList: {get_attr: [Controller, management_ip_address]} EnabledServices: {get_attr: [ControllerServiceChain, role_data, service_names]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [Controller, hostname]} + + ComputeIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [Compute, ip_address]} + ExternalIpList: {get_attr: [Compute, external_ip_address]} + InternalApiIpList: {get_attr: [Compute, internal_api_ip_address]} + StorageIpList: {get_attr: [Compute, storage_ip_address]} + StorageMgmtIpList: {get_attr: [Compute, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [Compute, tenant_ip_address]} + ManagementIpList: {get_attr: [Compute, management_ip_address]} + EnabledServices: {get_attr: [ComputeServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [Compute, hostname]} + + BlockStorageIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [BlockStorage, ip_address]} + ExternalIpList: {get_attr: [BlockStorage, external_ip_address]} + InternalApiIpList: {get_attr: [BlockStorage, internal_api_ip_address]} + StorageIpList: {get_attr: [BlockStorage, storage_ip_address]} + StorageMgmtIpList: {get_attr: [BlockStorage, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [BlockStorage, tenant_ip_address]} + ManagementIpList: {get_attr: [BlockStorage, management_ip_address]} + EnabledServices: {get_attr: [BlockStorageServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [BlockStorage, hostname]} + + ObjectStorageIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [ObjectStorage, ip_address]} + ExternalIpList: {get_attr: [ObjectStorage, external_ip_address]} + InternalApiIpList: {get_attr: [ObjectStorage, internal_api_ip_address]} + StorageIpList: {get_attr: [ObjectStorage, storage_ip_address]} + StorageMgmtIpList: {get_attr: [ObjectStorage, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [ObjectStorage, tenant_ip_address]} + ManagementIpList: {get_attr: [ObjectStorage, management_ip_address]} + EnabledServices: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [ObjectStorage, hostname]} + + CephStorageIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [CephStorage, ip_address]} + ExternalIpList: {get_attr: [CephStorage, external_ip_address]} + InternalApiIpList: {get_attr: [CephStorage, internal_api_ip_address]} + StorageIpList: {get_attr: [CephStorage, storage_ip_address]} + StorageMgmtIpList: {get_attr: [CephStorage, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [CephStorage, tenant_ip_address]} + ManagementIpList: {get_attr: [CephStorage, management_ip_address]} + EnabledServices: {get_attr: [CephStorageServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [CephStorage, hostname]} allNodesConfig: type: OS::TripleO::AllNodes::SoftwareConfig @@ -628,13 +683,34 @@ resources: - {get_attr: [CephStorageServiceChain, role_data, service_names]} controller_ips: {get_attr: [Controller, ip_address]} controller_names: {get_attr: [Controller, hostname]} - service_ips: {get_attr: [ControllerIpListMap, service_ips]} + service_ips: + # Note (shardy) this somewhat complex yaql may be replaced + # with a map_deep_merge function in ocata. It merges the + # list of maps, but appends to colliding lists when a service + # is deployed on more than one role + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: + - {get_attr: [ControllerIpListMap, service_ips]} + - {get_attr: [ComputeIpListMap, service_ips]} + - {get_attr: [BlockStorageIpListMap, service_ips]} + - {get_attr: [ObjectStorageIpListMap, service_ips]} + - {get_attr: [CephStorageIpListMap, service_ips]} + service_node_names: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: + - {get_attr: [ControllerIpListMap, service_hostnames]} + - {get_attr: [ComputeIpListMap, service_hostnames]} + - {get_attr: [BlockStorageIpListMap, service_hostnames]} + - {get_attr: [ObjectStorageIpListMap, service_hostnames]} + - {get_attr: [CephStorageIpListMap, service_hostnames]} # FIXME(shardy): These require further work to move into service_ips - rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitmqNetwork]}]} memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - ceph_mon_node_names: {get_attr: [Controller, hostname]} DeployIdentifier: {get_param: DeployIdentifier} UpdateIdentifier: {get_param: UpdateIdentifier} @@ -732,6 +808,17 @@ resources: VipConfig: type: OS::TripleO::VipConfig + properties: + NetIpMap: {get_attr: [VipMap, net_ip_map]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + EnabledServices: + list_join: + - ',' + - {get_attr: [ControllerServiceChain, role_data, service_names]} + - {get_attr: [ComputeServiceChain, role_data, service_names]} + - {get_attr: [BlockStorageServiceChain, role_data, service_names]} + - {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + - {get_attr: [CephStorageServiceChain, role_data, service_names]} VipDeployment: type: OS::Heat::StructuredDeployments @@ -740,32 +827,12 @@ resources: config: {get_resource: VipConfig} servers: {get_attr: [Controller, attributes, nova_server_resource]} input_values: - # service VIP mappings keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} - neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} - cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} - glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} - glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceRegistryNetwork]}]} - swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} - nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} - nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaMetadataNetwork]}]} - ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} - aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} - gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} - heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} - horizon_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HorizonNetwork]}]} - redis_vip: {get_attr: [RedisVirtualIP, ip_address]} - manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} - mysql_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]} - rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitMqNetwork]}]} # direct configuration of Virtual IPs for each network control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} - sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} - ironic_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} - opendaylight_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} @@ -788,7 +855,6 @@ resources: properties: controller_swift_devices: {get_attr: [Controller, swift_device]} object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} - controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} ControllerAllNodesDeployment: type: OS::Heat::StructuredDeployments diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index a43e9645..bc9a2720 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -12,20 +12,19 @@ parameters: type: comma_delimited_list service_ips: type: json + service_node_names: + type: json controller_names: type: comma_delimited_list - rabbit_node_ips: - type: comma_delimited_list memcache_node_ips: type: comma_delimited_list keystone_public_api_node_ips: type: comma_delimited_list keystone_admin_api_node_ips: type: comma_delimited_list - ceph_mon_node_names: - type: comma_delimited_list DeployIdentifier: type: string + default: '' description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. @@ -76,6 +75,7 @@ resources: str_split: [',', {get_param: enabled_services}] # provides a mapping of service_name_ips to a list of IPs - {get_param: service_ips} + - {get_param: service_node_names} - controller_node_ips: list_join: - ',' @@ -84,18 +84,6 @@ resources: list_join: - ',' - {get_param: controller_names} - galera_node_names: - list_join: - - ',' - - {get_param: controller_names} - rabbitmq_node_ips: &rabbit_nodes_array - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: rabbit_node_ips} memcached_node_ips_v6: str_replace: template: "['inet6:[SERVERS_LIST]']" @@ -120,23 +108,6 @@ resources: list_join: - "','" - {get_param: keystone_admin_api_node_ips} - tripleo::profile::base::ceph::ceph_mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_node_names} - # NOTE(gfidente): interpolation with %{} in the - # hieradata file can't be used as it returns string - ceilometer::rabbit_hosts: *rabbit_nodes_array - aodh::rabbit_hosts: *rabbit_nodes_array - cinder::rabbit_hosts: *rabbit_nodes_array - glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array - manila::rabbit_hosts: *rabbit_nodes_array - heat::rabbit_hosts: *rabbit_nodes_array - neutron::rabbit_hosts: *rabbit_nodes_array - nova::rabbit_hosts: *rabbit_nodes_array - keystone::rabbit_hosts: *rabbit_nodes_array - sahara::rabbit_hosts: *rabbit_nodes_array - ironic::rabbit_hosts: *rabbit_nodes_array deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index a83e0cfe..df6b7249 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 6416c43e..0620bc6c 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -10,6 +10,7 @@ parameters: type: json DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied RoleData: type: json diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 26906532..bc26df75 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -30,14 +30,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true UpdateIdentifier: default: '' type: string @@ -235,8 +227,6 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -274,8 +264,6 @@ resources: volume: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index d0c6082c..358ec5a8 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 4af6cb46..c97c3bc8 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index a6efe1aa..4fec2958 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -23,18 +23,10 @@ parameters: ... } type: json - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -45,38 +37,6 @@ parameters: Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. default: baremetal @@ -98,33 +58,13 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - ManageFirewall: - default: false - description: Whether to manage IPtables rules. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the new ones. - type: boolean NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - hidden: true - RedisPassword: - description: The password for Redis - type: string - hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug - RedisVirtualIPUri: - type: string - default: '' # Has to be here because of the ignored empty value bug - description: An IP address which is wrapped in brackets in case of IPv6 SwiftRawDisks: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' @@ -358,17 +298,9 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - debug: {get_param: Debug} - enable_fencing: {get_param: EnableFencing} enable_load_balancer: {get_param: EnableLoadBalancer} - manage_firewall: {get_param: ManageFirewall} - purge_firewall_rules: {get_param: PurgeFirewallRules} - corosync_ipv6: {get_param: CorosyncIPv6} - fencing_config: {get_param: FencingConfig} - pcsd_password: {get_param: PcsdPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} redis_vip: {get_param: RedisVirtualIP} - ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: @@ -421,20 +353,10 @@ resources: bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker - enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} - hacluster_pwd: {get_input: pcsd_password} - corosync_ipv6: {get_input: corosync_ipv6} - tripleo::fencing::config: {get_input: fencing_config} - # Neutron - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Redis redis_vip: {get_input: redis_vip} - # Firewall - tripleo::firewall::manage_firewall: {get_input: manage_firewall} - tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -570,20 +492,6 @@ outputs: template: "NETWORK_uri" params: NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: - get_attr: - - NetIpMap - - net_ip_map - - str_replace: - template: "NETWORK_uri" - params: - NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index c8ec2b2b..6ea5ec4e 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -68,19 +68,6 @@ outputs: add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - apache::ip: {get_param: [ServiceNetMap, HorizonNetwork]} - apache_remote_proxy_ips_network: - str_replace: - template: "NETWORK_subnet" - params: - NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - apache::mod::remoteip::proxy_ips: - - "%{hiera('apache_remote_proxy_ips_network')}" horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::django_debug: {get_param: Debug} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 31016761..5d1d666a 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Pacemaker service configured with Puppet @@ -21,6 +21,51 @@ parameters: MonitoringSubscriptionPacemaker: default: 'overcloud-pacemaker' type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json outputs: role_data: @@ -44,5 +89,15 @@ outputs: '131 pacemaker udp': proto: 'udp' dport: 5405 + corosync_ipv6: {get_param: CorosyncIPv6} + tripleo::fencing::config: {get_param: FencingConfig} + enable_fencing: {get_param: EnableFencing} + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index e38ccf42..4d01632d 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -35,8 +35,8 @@ outputs: value: service_name: snmp config_settings: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} + tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} tripleo.snmp.firewall_rules: '127 snmp': dport: 161 diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 14965b4f..f6ec458f 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -18,11 +18,22 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean outputs: role_data: description: Role data for the TripleO firewall settings value: service_name: tripleo_firewall + config_settings: + tripleo::firewall::manage_firewall: {get_param: ManageFirewall} + tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} step_config: | include ::tripleo::firewall diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml index 14df831f..afee4dac 100644 --- a/puppet/swift-devices-and-proxy-config.yaml +++ b/puppet/swift-devices-and-proxy-config.yaml @@ -6,8 +6,6 @@ parameters: type: comma_delimited_list object_store_swift_devices: type: comma_delimited_list - controller_swift_proxy_memcaches: - type: comma_delimited_list resources: @@ -29,14 +27,6 @@ resources: - list_join: - ", " - {get_param: object_store_swift_devices} - swift::proxy::cache::memcache_servers: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: controller_swift_proxy_memcaches} outputs: config_id: diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 859fad2c..ebc54ab0 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -13,6 +13,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index cbd7ea09..010a941e 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -1,8 +1,18 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > Configure hieradata for service -> virtual IP mappings. +parameters: + NetIpMap: + type: json + # FIXME(shardy) this can be comma_delimited_list when + # https://bugs.launchpad.net/heat/+bug/1617019 is fixed + EnabledServices: + type: string + ServiceNetMap: + type: json + resources: VipConfigImpl: type: OS::Heat::StructuredConfig @@ -13,44 +23,49 @@ resources: datafiles: vip_data: mapped_data: - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} - keystone_public_api_vip: {get_input: keystone_public_api_vip} - neutron_api_vip: {get_input: neutron_api_vip} - # TODO: pass a `midonet_api_vip` var - midonet_api_vip: {get_input: neutron_api_vip} - cinder_api_vip: {get_input: cinder_api_vip} - glance_api_vip: {get_input: glance_api_vip} - glance_registry_vip: {get_input: glance_registry_vip} - sahara_api_vip: {get_input: sahara_api_vip} - swift_proxy_vip: {get_input: swift_proxy_vip} - manila_api_vip: {get_input: manila_api_vip} - nova_api_vip: {get_input: nova_api_vip} - nova_metadata_vip: {get_input: nova_metadata_vip} - ceilometer_api_vip: {get_input: ceilometer_api_vip} - aodh_api_vip: {get_input: aodh_api_vip} - gnocchi_api_vip: {get_input: gnocchi_api_vip} - heat_api_vip: {get_input: heat_api_vip} - horizon_vip: {get_input: horizon_vip} - redis_vip: {get_input: redis_vip} - mysql_vip: {get_input: mysql_vip} - public_virtual_ip: {get_input: public_virtual_ip} - controller_virtual_ip: {get_input: control_virtual_ip} - internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - storage_virtual_ip: {get_input: storage_virtual_ip} - storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - ironic_api_vip: {get_input: ironic_api_vip} - opendaylight_api_vip: {get_input: opendaylight_api_vip} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} - + map_merge: + # Dynamically generate per-service VIP data based on EnabledServices + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetIpMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: + - map_merge: + repeat: + template: + SERVICE_vip: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: EnabledServices}] + - values: {get_param: ServiceNetMap} + - values: {get_param: NetIpMap} + - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} + keystone_public_api_vip: {get_input: keystone_public_api_vip} + public_virtual_ip: {get_input: public_virtual_ip} + controller_virtual_ip: {get_input: control_virtual_ip} + internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + storage_virtual_ip: {get_input: storage_virtual_ip} + storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} outputs: OS::stack_id: |