diff options
27 files changed, 609 insertions, 36 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 9afe1cdc..1fe7790d 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -369,7 +369,7 @@ topics: - overcloud-resource-registry-puppet.yaml - file: environments/neutron-l2gw.yaml title: Neutron L2 gateway Service Plugin - description: Enables Neutron L2 gateway Service Plugin + description: Enables Neutron L2 gateway Service Plugin and Agent requires: - overcloud-resource-registry-puppet.yaml diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index f1594d2d..49dd00cd 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -253,7 +253,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume log.debug(cmd_stderr) if subproc.returncode != 0: log.error('Failed running docker-puppet.py for %s' % config_volume) - rm_container('docker-puppet-%s' % config_volume) + else: + # only delete successful runs, for debugging + rm_container('docker-puppet-%s' % config_volume) return subproc.returncode # Holds all the information for each process to consume. diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml new file mode 100644 index 00000000..94caded8 --- /dev/null +++ b/docker/services/ceilometer-agent-central.yaml @@ -0,0 +1,113 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Central service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerCentralImage: + description: image + default: 'centos-binary-ceilometer-central:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentCentralBase: + type: ../../puppet/services/ceilometer-agent-central.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Central role. + value: + service_name: {get_attr: [CeilometerAgentCentralBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentCentralBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_central_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-central.json: + command: /usr/bin/ceilometer-polling --polling-namespaces central + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: *ceilometer_agent_central_image + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent_central: + image: *ceilometer_agent_central_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + ceilometer_gnocchi_upgrade: + start_order: 1 + image: *ceilometer_agent_central_image + net: host + detach: false + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/log/containers/ceilometer:/var/log/ceilometer + command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + upgrade_tasks: + - name: Stop and disable ceilometer agent central service + tags: step2 + service: name=openstack-ceilometer-agent-central state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml new file mode 100644 index 00000000..9033cf4a --- /dev/null +++ b/docker/services/ceilometer-agent-compute.yaml @@ -0,0 +1,91 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerComputeImage: + description: image + default: 'centos-binary-ceilometer-compute:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentComputeBase: + type: ../../puppet/services/ceilometer-agent-compute.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Compute role. + value: + service_name: {get_attr: [CeilometerAgentComputeBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentComputeBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-compute.json: + command: /usr/bin/ceilometer-polling --polling-namespaces compute + docker_config: + step_4: + ceilometer_agent-compute: + image: *ceilometer_agent_compute_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable ceilometer-agent-compute service + tags: step2 + service: name=openstack-ceilometer-agent-compute state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..79df3306 --- /dev/null +++ b/docker/services/ceilometer-agent-notification.yaml @@ -0,0 +1,113 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Notification service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerNotificationImage: + description: image + default: 'centos-binary-ceilometer-notification:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentNotificationBase: + type: ../../puppet/services/ceilometer-agent-notification.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Notification role. + value: + service_name: {get_attr: [CeilometerAgentNotificationBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentNotificationBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_notification_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-notification.json: + command: /usr/bin/ceilometer-agent-notification + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: *ceilometer_agent_notification_image + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent-notification: + image: *ceilometer_agent_notification_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + ceilometer_gnocchi_upgrade: + start_order: 1 + image: *ceilometer_agent_notification_image + net: host + detach: false + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/log/containers/ceilometer:/var/log/ceilometer + command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + upgrade_tasks: + - name: Stop and disable ceilometer agent notification service + tags: step2 + service: name=openstack-ceilometer-notification state=stopped enabled=no diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 9d266b0b..748371d5 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -39,6 +39,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -81,6 +88,8 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + /var/lib/kolla/config_files/neutron_server_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config step_3: @@ -113,20 +122,39 @@ outputs: - /var/log/containers/neutron:/var/log/neutron command: ['neutron-db-manage', 'upgrade', 'heads'] step_4: - neutron_api: - image: *neutron_api_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /var/log/containers/neutron:/var/log/neutron - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - neutron_api: + image: *neutron_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/log/containers/neutron:/var/log/neutron + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - neutron_server_tls_proxy: + image: *neutron_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} host_prep_tasks: - name: create persistent logs directory file: diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 33afbc66..e37f2515 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -12,6 +12,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml @@ -20,6 +21,12 @@ resource_registry: OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml + OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index b1fe43e9..94b4bcd6 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -42,6 +42,9 @@ resource_registry: OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml @@ -59,3 +62,4 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker + - OS::TripleO::Services::CeilometerAgentCompute diff --git a/environments/neutron-l2gw-api.yaml b/environments/neutron-l2gw.yaml index 09894671..bba0968a 100644 --- a/environments/neutron-l2gw-api.yaml +++ b/environments/neutron-l2gw.yaml @@ -8,13 +8,20 @@ # - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default resource_registry: OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml + OS::TripleO::Services::NeutronL2gwAgent: ../puppet/services/neutron-l2gw-agent.yaml parameter_defaults: NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin" - L2gwServiceProvider: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"] + L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default'] # Optional - # L2gwServiceDefaultInterfaceName: - # L2gwServiceDefaultDeviceName: - # L2gwServiceQuotaL2Gateway: - # L2gwServicePeriodicMonitoringInterval: + # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1" + # L2gwServiceDefaultDeviceName: "Switch1" + # L2gwServiceQuotaL2Gateway: 10 + # L2gwServicePeriodicMonitoringInterval: 5 + # L2gwAgentOvsdbHosts: ["ovsdb1:127.0.0.1:6632"] + # L2gwAgentEnableManager: False + # L2gwAgentManagerTableListeningPort: "6633" + # L2gwAgentPeriodicInterval: 20 + # L2gwAgentMaxConnectionRetries: 10 + # L2gwAgentSocketTimeout: 30 diff --git a/environments/services-docker/undercloud-ceilometer.yaml b/environments/services-docker/undercloud-ceilometer.yaml new file mode 100644 index 00000000..07a61c20 --- /dev/null +++ b/environments/services-docker/undercloud-ceilometer.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::Services::UndercloudCeilometerAgentCentral: ../../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::UndercloudCeilometerAgentNotification: ../../docker/services/ceilometer-agent-notification.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 74776e7a..7b8fe234 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -135,6 +135,7 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml + OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated # the multinode job ControllerServices after this patch merges @@ -195,6 +196,10 @@ resource_registry: OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentIpmi: puppet/services/ceilometer-agent-ipmi.yaml OS::TripleO::Services::Horizon: puppet/services/horizon.yaml + # Undercloud Telemetry services + OS::TripleO::Services::UndercloudCeilometerAgentCentral: OS::Heat::None + OS::TripleO::Services::UndercloudCeilometerAgentNotification: OS::Heat::None + #Gnocchi services OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index b9e5c6fe..312b7af6 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -109,6 +109,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -130,6 +139,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: BlockStorageImage} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 075f42ba..e13a5330 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -115,6 +115,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -136,6 +145,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 351b3823..8ef0576a 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -127,6 +127,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -149,6 +158,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: NovaImage} image_update_policy: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 92eb70ad..cb2449c6 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -141,6 +141,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -169,6 +178,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index fb60d2be..7277ab19 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -109,6 +109,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -131,6 +140,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: SwiftStorageImage} flavor: {get_param: OvercloudSwiftStorageFlavor} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 960f0d58..be88f663 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -125,6 +125,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. LoggingSources: type: json default: [] @@ -152,6 +161,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: {{role}}Image} image_update_policy: {get_param: ImageUpdatePolicy} diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac371927..12ecc7b5 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -38,6 +38,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -84,21 +89,25 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile} + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b4a21a31..8e1e0b80 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -166,6 +166,7 @@ outputs: - 9696 - 13696 neutron::server::router_distributed: {get_param: NeutronEnableDVR} + neutron::server::enable_dvr: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml new file mode 100644 index 00000000..39c443f7 --- /dev/null +++ b/puppet/services/neutron-l2gw-agent.yaml @@ -0,0 +1,106 @@ +heat_template_version: pike + +description: > + L2 Gateway agent configured with Puppet +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + L2gwAgentOvsdbHosts: + default: '' + description: L2 gateway agent OVSDB server list. + type: comma_delimited_list + L2gwAgentEnableManager: + default: false + description: Connection can be initiated by the ovsdb server. + type: boolean + L2gwAgentManagerTableListeningPort: + default: 6632 + description: port number for L2 gateway agent, so that it can listen + type: number + L2gwAgentPeriodicInterval: + default: 20 + description: The L2 gateway agent checks connection state with the OVSDB + servers. The interval is number of seconds between attempts. + type: number + L2gwAgentMaxConnectionRetries: + default: 10 + description: The L2 gateway agent retries to connect to the OVSDB server + type: number + L2gwAgentSocketTimeout: + default: 30 + description: socket timeout + type: number + MonitoringSubscriptionNeutronL2gwAgent: + default: 'overcloud-neutron-l2gw-agent' + type: string + NeutronL2gwAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l2gw + path: /var/log/neutron/l2gw-agent.log + +conditions: + internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]} + +outputs: + role_data: + description: Role data for the L2 Gateway role. + value: + service_name: neutron_l2gw_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent} + logging_source: {get_param: NeutronL2gwAgentLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts} + neutron::agents::l2gw::enable_manager: {get_param: L2gwAgentEnableManager} + neutron::agents::l2gw::manager_table_listening_port: {get_param: L2gwAgentManagerTableListeningPort} + neutron::agents::l2gw::periodic_interval: {get_param: L2gwAgentPeriodicInterval} + neutron::agents::l2gw::max_connection_retries: {get_param: L2gwAgentMaxConnectionRetries} + neutron::agents::l2gw::socket_timeout: {get_param: L2gwAgentSocketTimeout} + - + if: + - internal_manager_enabled + - tripleo.neutron_l2gw_agent.firewall_rules: + '142 neutron l2gw agent input': + proto: 'tcp' + dport: {get_param: L2gwAgentManagerTableListeningPort} + - null + + step_config: | + include tripleo::profile::base::neutron::agents::l2gw + upgrade_tasks: + - name: Check if neutron_l2gw_agent is deployed + command: systemctl is-enabled neutron-l2gw-agent + tags: common + ignore_errors: True + register: neutron_l2gw_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-l2gw-agent is running" + shell: /usr/bin/systemctl show 'neutron-l2gw-agent' --property ActiveState | grep '\bactive\b' + when: neutron_l2gw_agent_enabled.rc == 0 + tags: step0,validation + - name: Stop neutron_l2gw_agent service + tags: step1 + when: neutron_l2gw_agent_enabled.rc == 0 + service: name=neutron-l2gw-agent state=stopped diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index 325656eb..b51242aa 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -40,6 +40,10 @@ parameters: description: An array of bind host addresses on which SNMP daemon will listen. type: comma_delimited_list default: ['udp:161','udp6:[::1]:161'] + SnmpdOptions: + description: A string containing the commandline options passed to snmpd + type: string + default: '-LS0-5d' outputs: role_data: @@ -50,6 +54,7 @@ outputs: tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} snmp::agentaddress: {get_param: SnmpdBindHost} + snmp::snmpd_options: {get_param: SnmpdOptions} tripleo.snmp.firewall_rules: '127 snmp': dport: 161 diff --git a/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml b/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml new file mode 100644 index 00000000..7f88e269 --- /dev/null +++ b/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for L2 Gateway Neutron agent diff --git a/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml b/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml new file mode 100644 index 00000000..d69bf4f6 --- /dev/null +++ b/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Per default, don't log a message in syslog for each incoming SNMP query. + So set the default log level to '-LS0-5d'. Allow the operator to customize + the log level via a parameter. diff --git a/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml b/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml new file mode 100644 index 00000000..54400432 --- /dev/null +++ b/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + Neutron API controller no longer advertises ``dvr`` extension if the + cloud is not configured for DVR. This is achieved by setting ``enable_dvr`` + to match ``NeutronEnableDVR`` setting. diff --git a/roles_data.yaml b/roles_data.yaml index e0867cbc..3e0ef752 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -74,6 +74,7 @@ - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 9894f00e..d57c8fc6 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -45,3 +45,5 @@ - OS::TripleO::Services::UndercloudGnocchiMetricd - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification @@ -4,6 +4,7 @@ skipsdist = True [testenv] usedevelop = True +install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt |