diff options
| -rw-r--r-- | environments/major-upgrade-pacemaker-init.yaml | 1 | ||||
| -rw-r--r-- | environments/major-upgrade-pacemaker.yaml | 1 | ||||
| -rwxr-xr-x | extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh | 128 | ||||
| -rw-r--r-- | extraconfig/tasks/major_upgrade_pacemaker.yaml | 12 | ||||
| -rw-r--r-- | extraconfig/tasks/major_upgrade_pacemaker_migrations.sh | 44 | ||||
| -rw-r--r-- | overcloud-resource-registry-puppet.yaml | 1 | ||||
| -rw-r--r-- | overcloud.yaml | 25 | ||||
| -rw-r--r-- | puppet/ceph-storage-post.yaml | 13 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 9 | ||||
| -rw-r--r-- | puppet/compute-post.yaml | 13 | ||||
| -rw-r--r-- | puppet/compute.yaml | 4 | ||||
| -rw-r--r-- | puppet/controller-post.yaml | 13 | ||||
| -rw-r--r-- | puppet/hieradata/ceph.yaml | 2 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 2 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 1 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 50 | ||||
| -rw-r--r-- | puppet/services/nova-compute.yaml | 12 | ||||
| -rw-r--r-- | puppet/services/nova-libvirt.yaml | 31 | ||||
| -rw-r--r-- | puppet/services/services.yaml | 11 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 13 |
20 files changed, 278 insertions, 108 deletions
diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index fbad0406..d97f8fc1 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -3,7 +3,6 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml OS::TripleO::ControllerPostDeployment: OS::Heat::None OS::TripleO::ComputePostDeployment: OS::Heat::None OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 763ca67e..95f09666 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -3,7 +3,6 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml OS::TripleO::ControllerPostDeployment: OS::Heat::None OS::TripleO::ComputePostDeployment: OS::Heat::None OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 2aaa84c6..36d85444 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -17,7 +17,81 @@ fi STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') pcs property set stonith-enabled=false +# If for some reason rpm-python are missing we want to error out early enough +if [ ! rpm -q rpm-python &> /dev/null ]; then + echo_error "ERROR: upgrade cannot start without rpm-python installed" + exit 1 +fi + +# In case the mysql package is updated, the database on disk must be +# upgraded as well. This typically needs to happen during major +# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) +# +# Because in-place upgrades are not supported across 2+ major versions +# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle +# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 +# +# The default is to determine automatically if upgrade is needed based +# on mysql package versionning, but this can be overriden manually +# to support specific upgrade scenario + +# Where to backup current database if mysql need to be upgraded +MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp +MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup +# Spare disk ratio for extra safety +MYSQL_BACKUP_SIZE_RATIO=1.2 + +# Shall we upgrade mysql data directory during the stack upgrade? +if [ "$mariadb_do_major_upgrade" = "auto" ]; then + ret=$(is_mysql_upgrade_needed) + if [ $ret = "1" ]; then + DO_MYSQL_UPGRADE=1 + else + DO_MYSQL_UPGRADE=0 + fi + echo "mysql upgrade required: $DO_MYSQL_UPGRADE" +elif [ "$mariadb_do_major_upgrade" = 0 ]; then + DO_MYSQL_UPGRADE=0 +else + DO_MYSQL_UPGRADE=1 +fi + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + if [ -d "$MYSQL_BACKUP_DIR" ]; then + echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously" + exit 1 + fi + mkdir "$MYSQL_BACKUP_DIR" + if [ $? -ne 0 ]; then + echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR" + exit 1 + fi + + # the /root/.my.cnf is needed because we set the mysql root + # password from liberty onwards + backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction" + # While not ideal, this step allows us to calculate exactly how much space the dump + # will need. Our main goal here is avoiding any chance of corruption due to disk space + # exhaustion + backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c) + database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }') + free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1) + + # we need at least space for a new mysql database + dump of the existing one, + # times a small factor for additional safety room + # note: bash doesn't do floating point math or floats in if statements, + # so use python to apply the ratio and cast it back to integer + required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))") + if [ $required_space -ge $free_space ]; then + echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)" + exit 1 + fi + + mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" + cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" + fi + pcs resource disable httpd check_resource httpd stopped 1800 pcs resource disable openstack-core @@ -54,9 +128,63 @@ while systemctl is-active pacemaker; do fi done +# The reason we do an sql dump *and* we move the old dir out of +# the way is because it gives us an extra level of safety in case +# something goes wrong during the upgrade. Once the restore is +# successful we go ahead and remove it. If the directory exists +# we bail out as it means the upgrade process had issues in the last +# run. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then + echo_error "ERROR: mysql backup dir already exist" + exit 1 + fi + mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update +# We need to ensure at least those two configuration settings, otherwise +# mariadb 10.1+ won't activate galera replication. +# wsrep_cluster_address must only be set though, its value does not +# matter because it's overriden by the galera resource agent. +cat >> /etc/my.cnf.d/galera.cnf <<EOF +[mysqld] +wsrep_on = ON +wsrep_cluster_address = gcomm://localhost +EOF + +if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + # Scripts run via heat have no HOME variable set and this confuses + # mysqladmin + export HOME=/root + mkdir /var/lib/mysql || /bin/true + chown mysql:mysql /var/lib/mysql + chmod 0755 /var/lib/mysql + restorecon -R /var/lib/mysql/ + mysql_install_db --datadir=/var/lib/mysql --user=mysql + chown -R mysql:mysql /var/lib/mysql/ + mysqld_safe --wsrep-new-cluster & + # We have a populated /root/.my.cnf with root/password here so + # we need to temporarily rename it because the newly created + # db is empty and no root password is set + mv /root/.my.cnf /root/.my.cnf.temporary + timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' + mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" + mv /root/.my.cnf.temporary /root/.my.cnf + mysqladmin -u root shutdown + # The import was successful so we may remove the folder + rm -r "$MYSQL_BACKUP_DIR" + fi +fi + +# If we reached here without error we can safely blow away the origin +# mysql dir from every controller +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi # Let's reset the stonith back to true if it was true, before starting the cluster if [ $STONITH_STATE == "true" ]; then diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 4af3186c..c70a954f 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -20,6 +20,12 @@ parameters: type: string description: Nova Compute upgrade level default: '' + MySqlMajorUpgrade: + type: string + description: Can be auto,yes,no and influences if the major upgrade should do or detect an automatic mysql upgrade + constraints: + - allowed_values: ['auto', 'yes', 'no'] + default: 'auto' resources: # TODO(jistr): for Mitaka->Newton upgrades and further we can use @@ -39,6 +45,12 @@ resources: upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' params: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - str_replace: + template: | + #!/bin/bash + mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' + params: + MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_1.sh diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index b63198db..164269dc 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -13,6 +13,50 @@ # been already applied, it should be possible to call the function # again without damaging the deployment or failing the upgrade. +# If the major version of mysql is going to change after the major +# upgrade, the database must be upgraded on disk to avoid failures +# due to internal incompatibilities between major mysql versions +# https://bugs.launchpad.net/tripleo/+bug/1587449 +# This function detects whether a database upgrade is required +# after a mysql package upgrade. It returns 0 when no major upgrade +# has to take place, 1 otherwise. +function is_mysql_upgrade_needed { + # The name of the package which provides mysql might differ + # after the upgrade. Consider the generic package name, which + # should capture the major version change (e.g. 5.5 -> 10.1) + local name="mariadb" + local output + local ret + set +e + output=$(yum -q check-update $name) + ret=$? + set -e + if [ $ret -ne 100 ]; then + # no updates so we exit + echo "0" + return + fi + + local currentepoch=$(rpm -q --qf "%{epoch}" $name) + local currentversion=$(rpm -q --qf "%{version}" $name) + local currentrelease=$(rpm -q --qf "%{release}" $name) + local newoutput=$(repoquery -a --pkgnarrow=updates --qf "%{epoch} %{version} %{release}\n" $name) + local newepoch=$(echo "$newoutput" | awk '{ print $1 }') + local newversion=$(echo "$newoutput" | awk '{ print $2 }') + local newrelease=$(echo "$newoutput" | awk '{ print $3 }') + + # With this we trigger the dump restore/path if we change either epoch or + # version in the package If only the release tag changes we do not do it + # FIXME: we could refine this by trying to parse the mariadb version + # into X.Y.Z and trigger the update only if X and/or Y change. + output=$(python -c "import rpm; rc = rpm.labelCompare((\"$currentepoch\", \"$currentversion\", None), (\"$newepoch\", \"$newversion\", None)); print rc") + if [ "$output" != "-1" ]; then + echo "0" + return + fi + echo "1" +} + function add_missing_openstack_core_constraints { # The CIBs are saved under /root as they might contain sensitive data CIB="/root/migration.cib" diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 8091a9a8..cb67c7ec 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -160,6 +160,7 @@ resource_registry: OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml OS::TripleO::Services::NovaVncproxy: puppet/services/nova-vncproxy.yaml OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml + OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml diff --git a/overcloud.yaml b/overcloud.yaml index d13e88c3..1d5fd8b1 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -567,9 +567,10 @@ parameters: ComputeServices: default: - OS::TripleO::Services::Timezone - - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -875,9 +876,10 @@ resources: NodeIndex: '%index%' ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ControllerSchedulerHints} - ServiceConfigSettings: {get_attr: [ControllerServiceChain, config_settings]} + ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]} ComputeServiceChain: + type: OS::TripleO::Services properties: Services: {get_param: ComputeServices} @@ -956,7 +958,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: NovaComputeSchedulerHints} NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ComputeServiceChain, config_settings]} + ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]} BlockStorageServiceChain: type: OS::TripleO::Services @@ -989,7 +991,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: BlockStorageSchedulerHints} NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, config_settings]} + ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]} ObjectStorageServiceChain: type: OS::TripleO::Services @@ -1026,7 +1028,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, config_settings]} + ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]} CephStorageServiceChain: type: OS::TripleO::Services @@ -1059,7 +1061,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: CephStorageSchedulerHints} NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [CephStorageServiceChain, config_settings]} + ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -1425,7 +1427,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} controller_config: {get_attr: [Controller, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ControllerServiceChain, step_config]} + RoleData: {get_attr: [ControllerServiceChain, role_data]} ComputeNodesPostDeployment: type: OS::TripleO::ComputePostDeployment @@ -1436,7 +1438,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} compute_config: {get_attr: [Compute, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ComputeServiceChain, step_config]} + RoleData: {get_attr: [ComputeServiceChain, role_data]} ObjectStorageNodesPostDeployment: type: OS::TripleO::ObjectStoragePostDeployment @@ -1447,7 +1449,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ObjectStorageServiceChain, step_config]} + RoleData: {get_attr: [ObjectStorageServiceChain, role_data]} BlockStorageNodesPostDeployment: type: OS::TripleO::BlockStoragePostDeployment @@ -1458,8 +1460,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [BlockStorageServiceChain, step_config]} - + RoleData: {get_attr: [BlockStorageServiceChain, role_data]} CephStorageNodesPostDeployment: type: OS::TripleO::CephStoragePostDeployment @@ -1470,7 +1471,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [CephStorageServiceChain, step_config]} + RoleData: {get_attr: [CephStorageServiceChain, role_data]} outputs: KeystoneURL: diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index 2b9ae751..edeb2d93 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -11,12 +11,11 @@ parameters: servers: type: json NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' + type: json + description: Value which changes if the node configuration may need to be re-applied + RoleData: + type: json + default: {} resources: @@ -47,7 +46,7 @@ resources: list_join: - '' - - get_file: manifests/overcloud_cephstorage.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} CephStorageDeployment_Step2: type: OS::Heat::StructuredDeployments diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index fa1516f1..4de141f2 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -11,10 +11,9 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' + RoleData: + type: json + default: {} resources: @@ -46,7 +45,7 @@ resources: list_join: - '' - - get_file: manifests/overcloud_volume.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} VolumeDeployment_Step2: type: OS::Heat::StructuredDeployments diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index 698cadba..2033c4b4 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -11,12 +11,11 @@ parameters: servers: type: json NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' + type: json + description: Value which changes if the node configuration may need to be re-applied + RoleData: + type: json + default: {} resources: @@ -47,7 +46,7 @@ resources: list_join: - '' - - get_file: manifests/overcloud_compute.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} ComputeServicesBaseDeployment_Step2: type: OS::Heat::StructuredDeployments diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 3730faf8..f800cca6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -500,6 +500,10 @@ resources: nova::rabbit_port: {get_input: rabbit_client_port} nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova_compute_driver: {get_input: nova_compute_driver} + # TODO(emilien): move libvirt & migration parameters in libvirt profile + # used to deploy libvirt/kvm dependencies: + nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + # used to configured nova.conf: nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 36f9b4f8..27fbdec0 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -11,12 +11,11 @@ parameters: servers: type: json NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' + type: json + description: Value which changes if the node configuration may need to be re-applied + RoleData: + type: json + default: {} resources: @@ -39,7 +38,7 @@ resources: ControllerPuppetConfig: type: OS::TripleO::ControllerConfig properties: - StepConfig: {get_param: StepConfig} + StepConfig: {get_param: [RoleData, step_config]} # Step through a series of Puppet runs using the same manifest. # NOTE: To enable stepping through the deployments via heat hooks, diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index b29b91cf..ccb41cc4 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -7,5 +7,3 @@ ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph_classes: [] - -ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 2d928cbf..62728332 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -6,8 +6,6 @@ nova::notification_driver: messagingv2 nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' -nova::compute::libvirt::migration_support: true - nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" nova::network::neutron::neutron_auth_type: 'v3password' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 7db2b5de..f84f7049 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -212,6 +212,7 @@ tripleo::firewall::firewall_rules: - 26379 '109 rabbitmq': dport: + - 4369 - 5672 - 35672 '110 ceph': diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index af04d657..92039bc6 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -22,19 +22,6 @@ Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if hiera('step') >= 4 { - file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'], - } - # in case libvirt has been already running before the Puppet run, make - # sure the default network is destroyed - exec { 'libvirt-default-net-destroy': - command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], - } - # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique exec { 'reset-iscsi-initiator-name': command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', @@ -58,41 +45,6 @@ if hiera('step') >= 4 { } include ::ceph::conf include ::ceph::profile::client - - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], - } - } - - if hiera('cinder_enable_nfs_backend', false) { - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> Service['nova-compute'] - } - - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - - if $rbd_ephemeral_storage { - class { '::nova::compute::libvirt': - libvirt_disk_cachemodes => ['network=writeback'], - libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, - } - } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } } nova_config { @@ -106,7 +58,7 @@ if hiera('step') >= 4 { content => hiera('midonet_libvirt_qemu_data') } } - include ::nova::network::neutron + include ::neutron include ::neutron::config diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 0844aa85..679586f7 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -16,10 +16,18 @@ resources: outputs: role_data: - description: Role data for the Nova Conductor service. + description: Role data for the Nova Compute service. value: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::nova_compute_enabled: true step_config: | - include tripleo::profile::base::nova::compute + # TODO(emilien): figure how to deal with libvirt profile. + # We'll probably threat it like we do with Neutron plugins. + # Until then, just include it in the default nova-compute role. + include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml new file mode 100644 index 00000000..e3309c32 --- /dev/null +++ b/puppet/services/nova-libvirt.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + Libvirt service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + # we include ::nova::compute::libvirt::services in nova/libvirt profile + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::libvirt_enabled: true + step_config: | + include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7ed880fc..91f0e049 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -27,9 +27,8 @@ resources: EndpointMap: {get_param: EndpointMap} outputs: - config_settings: - description: Configuration settings. - value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - step_config: - description: Step configuration. - value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + role_data: + description: Combined Role data for this set of services. + value: + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 1aba2bb4..b873d923 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -9,12 +9,11 @@ parameters: servers: type: json NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' + type: json + description: Value which changes if the node configuration may need to be re-applied + RoleData: + type: json + default: {} resources: @@ -46,7 +45,7 @@ resources: - '' - - get_file: manifests/overcloud_object.pp - get_file: manifests/ringbuilder.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments |