diff options
32 files changed, 356 insertions, 224 deletions
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 20e37e37..102787a6 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -52,6 +52,8 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 7191deae..92c834b6 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -6,9 +6,10 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml - OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml + # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 + # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index cfb05077..7b917aef 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -6,11 +6,11 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml - OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml - OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml - OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml + OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 7a6724de..1d6d5917 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -6,6 +6,7 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml @@ -13,10 +14,12 @@ resource_registry: OS::TripleO::Services::SwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: OS::Heat::None OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None - OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml - OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml + # NOTE: being containerized here: https://review.openstack.org/#/c/471527/ OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml + # TODO: containerize NeutronBgpVpnApi OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 7354898b..6c58a589 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -55,7 +55,11 @@ outputs: description: Role data for the collectd role. value: service_name: {get_attr: [CollectdBase, role_data, service_name]} - config_settings: {get_attr: [CollectdBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CollectdBase, role_data, config_settings] + - tripleo::profile::base::metrics::collectd::enable_file_logging: true + collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log step_config: &step_config get_attr: [CollectdBase, role_data, step_config] service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} @@ -71,6 +75,10 @@ outputs: kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + permissions: + - path: /var/log/collectd + owner: collectd:collectd + recurse: true docker_config: step_3: collectd: @@ -84,11 +92,17 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro + - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro + - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro + - /var/log/containers/collectd:/var/log/collectd:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/collectd + state: directory upgrade_tasks: - name: Stop and disable collectd service tags: step2 service: name=collectd.service state=stopped enabled=no - diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml new file mode 100644 index 00000000..b0ad3760 --- /dev/null +++ b/docker/services/database/mysql-client.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Configuration for containerized MySQL clients + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} + # BEGIN DOCKER SETTINGS # + step_config: "" + puppet_config: + config_volume: mysql_client + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::base::database::mysql::client" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + # no need for a docker config, this service only generates configuration files + docker_config: {} diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index a32176af..1c8aa5bd 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -61,6 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicApiBase, role_data, config_settings] + - apache::default_vhost: false step_config: &step_config get_attr: [IronicApiBase, role_data, step_config] service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} @@ -75,7 +76,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: /var/lib/kolla/config_files/ironic_api.json: - command: /usr/bin/ironic-api + command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/ironic owner: ironic:ironic @@ -113,7 +114,7 @@ outputs: start_order: 10 image: *ironic_image net: host - privileged: false + user: root restart: always volumes: list_concat: @@ -121,6 +122,10 @@ outputs: - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index a203d436..62fdaaf0 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -94,6 +94,7 @@ outputs: net: host detach: false volumes: + list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..7cac9d48 --- /dev/null +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,152 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + CinderBackupBase: + type: ../../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBackupBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: "" + service_config_settings: {get_attr: [CinderBackupBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: *cinder_backup_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_backup_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' + image: *cinder_backup_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml index e6bdf155..db6daf99 100644 --- a/docker/services/sensu-client.yaml +++ b/docker/services/sensu-client.yaml @@ -104,7 +104,11 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] kolla_config: /var/lib/kolla/config_files/sensu-client.json: - command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ + command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log + permissions: + - path: /var/log/sensu + owner: sensu:sensu + recurse: true docker_config: step_3: sensu_client: @@ -123,8 +127,14 @@ outputs: - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + - /var/log/containers/sensu:/var/log/sensu:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/sensu + state: directory upgrade_tasks: - name: Stop and disable sensu-client service tags: step2 diff --git a/environments/docker.yaml b/environments/docker.yaml index 6a5ec87a..03713e83 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -30,6 +30,7 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml @@ -52,9 +53,9 @@ resource_registry: OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml - OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml - OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed. + # OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml + # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml index 8359f4a7..b81b0269 100644 --- a/environments/services/ironic.yaml +++ b/environments/services/ironic.yaml @@ -2,3 +2,5 @@ resource_registry: OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml +parameter_defaults: + NovaSchedulerDiscoverHostsInCellsInterval: 15 diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..96632bc2 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,19 +59,6 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. - -conditions: - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -149,11 +136,7 @@ resources: name: RHELUnregistrationDeployment server: {get_param: server} config: {get_resource: RHELUnregistration} - actions: - if: - - deployment_actions_empty - - [] - - ['DELETE'] # Only do this on DELETE + actions: ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -186,11 +169,7 @@ resources: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index 79cb7cbc..48ba5263 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -7,19 +7,6 @@ description: > parameters: server: type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. - -conditions: - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -37,11 +24,6 @@ resources: name: SomeDeployment server: {get_param: server} config: {get_resource: SomeConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE actions: ['CREATE'] # Only do this on CREATE RebootConfig: @@ -62,9 +44,5 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index fe52ef7e..41d8f4f6 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -19,13 +19,6 @@ parameters: {{role}}HostCpusList: type: string default: "" - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. parameter_group: - label: deprecated @@ -45,10 +38,6 @@ conditions: equals: - get_param: {{role}}TunedProfileName - "" - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: @@ -73,11 +62,7 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} @@ -103,11 +88,7 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 21309dd5..74e716ad 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -11,20 +11,9 @@ parameters: type: json description: Role Specific parameters default: {} - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} - deployment_actions_empty: - equals: - - {get_param: deployment_actions} - - [] resources: HostParametersConfig: @@ -48,11 +37,7 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} @@ -78,11 +63,7 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index 02fdbf1c..e4ba0cc4 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -7,13 +7,6 @@ parameters: server: description: ID of the node to apply this config to type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. resources: SshHostPubKeyConfig: @@ -35,7 +28,6 @@ resources: properties: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} - actions: {get_param: deployment_actions} outputs: diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index 8fe2d270..864da24b 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -110,7 +110,7 @@ EOF_CAT } if [ -n '$network_config' ]; then - if [ -z "${disable_configure_safe_defaults:-''}" ]; then + if [ -z "${disable_configure_safe_defaults:-}" ]; then trap configure_safe_defaults EXIT fi diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index d3d8cbdb..ba8e5568 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -42,7 +42,7 @@ parameters: CinderApiNetwork: internal_api CinderIscsiNetwork: storage CongressApiNetwork: internal_api - GlanceApiNetwork: storage + GlanceApiNetwork: internal_api IronicApiNetwork: ctlplane IronicNetwork: ctlplane IronicInspectorNetwork: ctlplane diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 95dcf0b5..551a88ca 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: BlockStorage} @@ -511,21 +507,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: BlockStorageDeployment properties: server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 6674a8ac..4336f3e7 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -383,7 +383,6 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -490,9 +489,6 @@ resources: CephStorageExtraConfigPre: depends_on: CephStorageDeployment type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -501,9 +497,6 @@ resources: NodeExtraConfig: depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -525,21 +518,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: CephStorageDeployment properties: server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 37eb98d1..e2cce5fb 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -37,7 +37,7 @@ parameters: type: string NeutronPublicInterface: default: nic1 - description: A port to add to the NeutronPhysicalBridge. + description: Which interface to add to the NeutronPhysicalBridge. type: string NodeIndex: type: number @@ -386,7 +386,6 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -513,9 +512,6 @@ resources: ComputeExtraConfigPre: depends_on: NovaComputeDeployment type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -524,9 +520,6 @@ resources: NodeExtraConfig: depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -549,21 +542,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: NovaComputeDeployment properties: server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 01f54df0..10cfac79 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -58,9 +58,13 @@ parameters: type: string constraints: - custom_constraint: nova.keypair + NeutronPhysicalBridge: + default: 'br-ex' + description: An OVS bridge to create for accessing external networks. + type: string NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string ServiceNetMap: default: {} @@ -406,7 +410,6 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -432,7 +435,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] input_values: - bridge_name: br-ex + bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} # Resource for site-specific injection of root certificate @@ -553,9 +556,6 @@ resources: ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -564,9 +564,6 @@ resources: NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -589,21 +586,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: ControllerDeployment properties: server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 4e1ad89f..e4d20b49 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -10,16 +10,20 @@ if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do curl --globoff -o $TMP_DATA/file_data "$URL" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then - yum install -y $TMP_DATA/file_data + mv $TMP_DATA/file_data $TMP_DATA/file_data.rpm + yum install -y $TMP_DATA/file_data.rpm + rm $TMP_DATA/file_data.rpm elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then pushd / tar xvzf $TMP_DATA/file_data popd else - echo "ERROR: Unsupported file format." + echo "ERROR: Unsupported file format: $URL" exit 1 fi - rm $TMP_DATA/file_data + if [ -f $TMP_DATA/file_data ]; then + rm $TMP_DATA/file_data + fi done else echo "No artifact_urls was set. Skipping..." diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index e6348420..40a5d441 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: SwiftStorage} @@ -510,21 +506,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: SwiftStorageHieraDeploy properties: server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 4911fbe9..5ab763ba 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -28,9 +28,13 @@ parameters: constraints: - custom_constraint: nova.keypair {% endif %} + NeutronPhysicalBridge: + default: 'br-ex' + description: An OVS bridge to create for accessing tenant networks. + type: string NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string ServiceNetMap: default: {} @@ -175,7 +179,7 @@ conditions: resources: {{role}}: - type: OS::TripleO::{{role.name}}Server + type: OS::TripleO::{{role}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -399,7 +403,6 @@ resources: properties: server: {get_resource: {{role}}} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -410,7 +413,7 @@ resources: server: {get_resource: {{role}}} actions: {get_param: NetworkDeploymentActions} input_values: - bridge_name: br-ex + bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} actions: if: @@ -512,9 +515,6 @@ resources: {{role}}ExtraConfigPre: depends_on: {{role}}Deployment type: OS::TripleO::{{role}}ExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -523,9 +523,6 @@ resources: NodeExtraConfig: depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -548,21 +545,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: {{role}}Deployment properties: server: {get_resource: {{role}}} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 092d0720..1f97b8ba 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -89,7 +89,6 @@ outputs: horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: - add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' options: ['FollowSymLinks','MultiViews'] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 945033a1..0e8eacf1 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -43,8 +43,21 @@ parameters: e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + IronicBase: type: ./ironic-base.yaml properties: @@ -63,6 +76,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::user_domain_name: 'Default' @@ -80,7 +94,17 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::api::service_name: 'httpd' ironic::policy::policies: {get_param: IronicApiPolicies} + ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} + ironic::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS} tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -106,6 +130,9 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: - - name: Stop ironic_api service + - name: Stop ironic_api service (before httpd support) + tags: step1 + service: name=openstack-ironic-api state=stopped enabled=no + - name: Stop ironic_api service (running under httpd) tags: step1 - service: name=openstack-ironic-api state=stopped + service: name=httpd state=stopped diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 5da6d43e..72a1fce7 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -45,6 +45,14 @@ parameters: default: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log + NovaSchedulerDiscoverHostsInCellsInterval: + type: number + default: -1 + description: > + This value controls how often (in seconds) the scheduler should + attempt to discover new hosts that have been added to cells. + The default value of -1 disables the periodic task completely. + It is recommended to set this parameter for deployments using Ironic. resources: NovaBase: @@ -71,6 +79,7 @@ outputs: - nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} + nova::scheduler::discover_hosts_in_cells_interval: {get_param: NovaSchedulerDiscoverHostsInCellsInterval} step_config: | include tripleo::profile::base::nova::scheduler upgrade_tasks: diff --git a/releasenotes/notes/baremetal-cell-hosts-cd5cf5aa8a33643c.yaml b/releasenotes/notes/baremetal-cell-hosts-cd5cf5aa8a33643c.yaml new file mode 100644 index 00000000..98ba86d7 --- /dev/null +++ b/releasenotes/notes/baremetal-cell-hosts-cd5cf5aa8a33643c.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + When ``environments/services/ironic.yaml`` is used, enable periodic task + in nova-scheduler to automatically discover new nodes. Otherwise a user + has to run nova management command on controllers each time. diff --git a/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml new file mode 100644 index 00000000..18474cf3 --- /dev/null +++ b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Incorrect network used for Glance API service. diff --git a/releasenotes/notes/fix-rpm-deploy-artifact-urls-03d5694073ad159d.yaml b/releasenotes/notes/fix-rpm-deploy-artifact-urls-03d5694073ad159d.yaml new file mode 100644 index 00000000..25016e83 --- /dev/null +++ b/releasenotes/notes/fix-rpm-deploy-artifact-urls-03d5694073ad159d.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fix support for RPMs to be installed via DeployArtifactURLs. LP#1697102 |