aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--capabilities-map.yaml8
-rw-r--r--ci/environments/multinode-container-upgrade.yaml61
-rw-r--r--docker/docker-steps.j213
-rw-r--r--docker/services/aodh-api.yaml35
-rw-r--r--docker/services/aodh-evaluator.yaml14
-rw-r--r--docker/services/aodh-listener.yaml14
-rw-r--r--docker/services/aodh-notifier.yaml14
-rw-r--r--docker/services/containers-common.yaml16
-rw-r--r--docker/services/glance-api.yaml20
-rw-r--r--docker/services/gnocchi-api.yaml33
-rw-r--r--docker/services/gnocchi-metricd.yaml14
-rw-r--r--docker/services/gnocchi-statsd.yaml14
-rw-r--r--docker/services/heat-api-cfn.yaml18
-rw-r--r--docker/services/heat-api.yaml18
-rw-r--r--docker/services/heat-engine.yaml25
-rw-r--r--docker/services/ironic-api.yaml23
-rw-r--r--docker/services/ironic-conductor.yaml24
-rw-r--r--docker/services/ironic-pxe.yaml53
-rw-r--r--docker/services/keystone.yaml40
-rw-r--r--docker/services/memcached.yaml12
-rw-r--r--docker/services/mistral-api.yaml32
-rw-r--r--docker/services/mistral-engine.yaml16
-rw-r--r--docker/services/mistral-executor.yaml24
-rw-r--r--docker/services/neutron-api.yaml25
-rw-r--r--docker/services/neutron-dhcp.yaml18
-rw-r--r--docker/services/neutron-l3.yaml17
-rw-r--r--docker/services/neutron-ovs-agent.yaml17
-rw-r--r--docker/services/nova-api.yaml14
-rw-r--r--docker/services/nova-compute.yaml26
-rw-r--r--docker/services/nova-conductor.yaml16
-rw-r--r--docker/services/nova-ironic.yaml22
-rw-r--r--docker/services/nova-libvirt.yaml31
-rw-r--r--docker/services/nova-placement.yaml18
-rw-r--r--docker/services/nova-scheduler.yaml16
-rw-r--r--docker/services/panko-api.yaml29
-rw-r--r--docker/services/rabbitmq.yaml29
-rw-r--r--docker/services/swift-proxy.yaml24
-rw-r--r--docker/services/swift-storage.yaml224
-rw-r--r--docker/services/zaqar.yaml34
-rw-r--r--environments/swift-external.yaml12
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml37
-rw-r--r--extraconfig/tasks/ssh/host_public_key.yaml42
-rw-r--r--extraconfig/tasks/ssh/known_hosts_config.yaml36
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml3
-rw-r--r--overcloud.j2.yaml33
-rw-r--r--plan-environment.yaml13
-rw-r--r--puppet/blockstorage-role.yaml37
-rw-r--r--puppet/cephstorage-role.yaml37
-rw-r--r--puppet/compute-role.yaml39
-rw-r--r--puppet/controller-role.yaml37
-rw-r--r--puppet/objectstorage-role.yaml37
-rw-r--r--puppet/role.role.j2.yaml37
-rw-r--r--puppet/services/external-swift-proxy.yaml70
-rw-r--r--puppet/services/keystone.yaml12
-rw-r--r--puppet/services/neutron-bigswitch-agent.yaml4
-rw-r--r--puppet/services/nova-compute.yaml8
-rw-r--r--puppet/services/nova-libvirt.yaml1
-rw-r--r--releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml5
-rw-r--r--releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml14
-rw-r--r--releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml18
-rw-r--r--releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml4
-rw-r--r--releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml7
-rw-r--r--releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml6
-rw-r--r--releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml3
-rw-r--r--roles_data.yaml14
-rw-r--r--roles_data_undercloud.yaml5
-rwxr-xr-xtools/yaml-validate.py18
67 files changed, 1291 insertions, 399 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index 0af0e822..e510d679 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -2,12 +2,6 @@
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.
-# root_template: identifies repository's root template
-# root_environment: identifies root_environment, this one is special in terms of
-# order in which the environments are merged before deploying. This one serves as
-# a base and it's parameters/resource_registry gets overridden by other environments
-# if used.
-
# topics:
# High Level grouping by purpose of environments
# Attributes:
@@ -38,8 +32,6 @@
# only when that given environment is used. (resource_type of that environment can
# be implemented using multiple templates).
-root_template: overcloud.yaml
-root_environment: overcloud-resource-registry-puppet.yaml
topics:
- title: Base Resources Configuration
description:
diff --git a/ci/environments/multinode-container-upgrade.yaml b/ci/environments/multinode-container-upgrade.yaml
new file mode 100644
index 00000000..44a0ce73
--- /dev/null
+++ b/ci/environments/multinode-container-upgrade.yaml
@@ -0,0 +1,61 @@
+# NOTE: This is an environment specific for containers upgrade
+# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
+# being containerization of services managed by pacemaker is not
+# complete, so we deploy and upgrade the non-HA services for now.
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # Required for Centos 7.3 and Qemu 2.6.0
+ nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
+ SwiftCeilometerPipelineEnabled: False
+ Debug: True
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index 301d838f..f0af8e25 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -1,7 +1,14 @@
# certain initialization steps (run in a container) will occur
-# on the first role listed in the roles file
-{% set primary_role_name = roles[0].name -%}
-
+# on the role marked as primary controller or the first role listed
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# primary role is: {{primary_role_name}}
heat_template_version: ocata
description: >
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 32294958..3181fad7 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
AodhApiPuppetBase:
type: ../../puppet/services/aodh-api.yaml
properties:
@@ -62,7 +65,7 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
- aodh-init-log:
+ aodh_init_log:
start_order: 0
image: *aodh_image
user: root
@@ -76,25 +79,31 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - logs:/var/log
command: /usr/bin/aodh-dbsync
step_4:
- aodh-api:
+ aodh_api:
image: *aodh_image
net: host
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
- - /var/lib/config-data/aodh/var/www/:/var/www/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/aodh/var/www/:/var/www/:ro
+ - logs:/var/log
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml
index 1553df3c..13d6cf21 100644
--- a/docker/services/aodh-evaluator.yaml
+++ b/docker/services/aodh-evaluator.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
AodhEvaluatorBase:
type: ../../puppet/services/aodh-evaluator.yaml
properties:
@@ -67,10 +70,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml
index 300dfde3..63c45aad 100644
--- a/docker/services/aodh-listener.yaml
+++ b/docker/services/aodh-listener.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
AodhListenerBase:
type: ../../puppet/services/aodh-listener.yaml
properties:
@@ -67,10 +70,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml
index b4056603..dbe31b65 100644
--- a/docker/services/aodh-notifier.yaml
+++ b/docker/services/aodh-notifier.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
AodhNotifierBase:
type: ../../puppet/services/aodh-notifier.yaml
properties:
@@ -67,10 +70,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
new file mode 100644
index 00000000..d3561f6b
--- /dev/null
+++ b/docker/services/containers-common.yaml
@@ -0,0 +1,16 @@
+heat_template_version: ocata
+
+description: >
+ Contains a static list of common things necessary for containers
+
+outputs:
+ volumes:
+ description: Common volumes for the containers.
+ value:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ # OpenSSL trusted CAs
+ - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+ - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+ - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+ - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index fdfdbc68..0b4f81ed 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
GlanceApiPuppetBase:
type: ../../puppet/services/glance-api.yaml
properties:
@@ -68,13 +71,16 @@ outputs:
privileged: false
detach: false
volumes: &glance_volumes
- - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /run:/run
- - /dev:/dev
- - /etc/hosts:/etc/hosts:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ - /dev:/dev
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 659785aa..1c61fa3e 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
GnocchiApiPuppetBase:
type: ../../puppet/services/gnocchi-api.yaml
properties:
@@ -62,7 +65,7 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
- gnocchi-init-log:
+ gnocchi_init_log:
start_order: 0
image: *gnocchi_image
user: root
@@ -76,24 +79,30 @@ outputs:
detach: false
privileged: false
volumes:
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+ - logs:/var/log
command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
step_4:
- gnocchi-api:
+ gnocchi_api:
image: *gnocchi_image
net: host
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
- - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 78494d66..5ce7e12a 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
GnocchiMetricdBase:
type: ../../puppet/services/gnocchi-metricd.yaml
properties:
@@ -65,10 +68,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 7f439846..40023a60 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
GnocchiStatsdBase:
type: ../../puppet/services/gnocchi-statsd.yaml
properties:
@@ -65,10 +68,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index e1226471..8f7bb144 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -35,6 +35,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
HeatBase:
type: ../../puppet/services/heat-api-cfn.yaml
properties:
@@ -77,12 +80,15 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /dev:/dev
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+ - /dev:/dev
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 3212d909..0e668ce1 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -35,6 +35,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
HeatBase:
type: ../../puppet/services/heat-api.yaml
properties:
@@ -77,12 +80,15 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /dev:/dev
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+ - /dev:/dev
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 83c63095..5a1f011d 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -30,6 +30,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
HeatBase:
type: ../../puppet/services/heat-engine.yaml
properties:
@@ -69,9 +72,12 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
command: ['heat-manage', 'db_sync']
step_4:
heat_engine:
@@ -80,11 +86,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index bef84e2e..a019a61e 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
IronicApiBase:
type: ../../puppet/services/ironic-api.yaml
properties:
@@ -74,9 +77,12 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/ironic/etc/:/etc/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/ironic/etc/:/etc/:ro
command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
step_4:
ironic_api:
@@ -86,10 +92,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/:/etc/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/etc/:/etc/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml
index 3047f30b..1e1316f3 100644
--- a/docker/services/ironic-conductor.yaml
+++ b/docker/services/ironic-conductor.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
@@ -87,15 +90,18 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /sys:/sys
- - /dev:/dev
- - /run:/run #shared?
- - /var/lib/ironic:/var/lib/ironic
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ - /lib/modules:/lib/modules:ro
+ - /sys:/sys
+ - /dev:/dev
+ - /run:/run #shared?
+ - /var/lib/ironic:/var/lib/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
index 51538e73..6ec80397 100644
--- a/docker/services/ironic-pxe.yaml
+++ b/docker/services/ironic-pxe.yaml
@@ -31,6 +31,11 @@ parameters:
default: {}
type: json
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
outputs:
role_data:
description: Role data for the Ironic PXE role.
@@ -65,21 +70,24 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- # TODO(mandre) check how docker like mounting in a bind-mounted tree
- # This directory may contain migrated data from BM
- - /var/lib/ironic:/var/lib/ironic/
- # These files were generated by puppet inside the config container
- # TODO(mandre) check the mount permission (ro/rw)
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /dev/log:/dev/log
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ # TODO(mandre) check how docker like mounting in a bind-mounted tree
+ # This directory may contain migrated data from BM
+ - /var/lib/ironic:/var/lib/ironic/
+ # These files were generated by puppet inside the config container
+ # TODO(mandre) check the mount permission (ro/rw)
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
+ - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
+ - /dev/log:/dev/log
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_pxe_http:
@@ -89,12 +97,15 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/lib/ironic:/var/lib/ironic/
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/ironic:/var/lib/ironic/
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 526a357b..e7717ab0 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -42,6 +42,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
KeystoneBase:
type: ../../puppet/services/keystone.yaml
properties:
@@ -96,23 +99,26 @@ outputs:
privileged: false
detach: false
volumes: &keystone_volumes
- - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/keystone/var/www/:/var/www/:ro
- - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
- -
- if:
- - internal_tls_enabled
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- - ''
- -
- if:
- - internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- - ''
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/keystone/var/www/:/var/www/:ro
+ - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
+ - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+ - logs:/var/log
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index a78be3c8..87b5f408 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
MemcachedBase:
type: ../../puppet/services/memcached.yaml
properties:
@@ -63,9 +66,12 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 5b5e1f50..7c2413dd 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
MistralApiBase:
type: ../../puppet/services/mistral-api.yaml
properties:
@@ -75,9 +78,12 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/mistral/etc/:/etc/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
mistral_db_populate:
start_order: 2
@@ -86,9 +92,12 @@ outputs:
privileged: false
detach: false
volumes:
- - /var/lib/config-data/mistral/etc/:/etc/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/mistral/etc/:/etc/:ro
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
@@ -100,10 +109,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml
index feecd5d7..01ca3f0a 100644
--- a/docker/services/mistral-engine.yaml
+++ b/docker/services/mistral-engine.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
MistralBase:
type: ../../puppet/services/mistral-engine.yaml
properties:
@@ -75,11 +78,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /run:/run
- - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /run:/run
+ - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
index 45fed7b2..374b0be7 100644
--- a/docker/services/mistral-executor.yaml
+++ b/docker/services/mistral-executor.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
MistralBase:
type: ../../puppet/services/mistral-executor.yaml
properties:
@@ -75,15 +78,18 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- # FIXME: this is required in order for Nova cells
- # initialization workflows on the Undercloud. Need to
- # exclude this on the overcloud for security reasons.
- - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+ - /run:/run
+ # FIXME: this is required in order for Nova cells
+ # initialization workflows on the Undercloud. Need to
+ # exclude this on the overcloud for security reasons.
+ - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index c5001a30..00b1f857 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NeutronBase:
type: ../../puppet/services/neutron-api.yaml
properties:
@@ -78,10 +81,13 @@ outputs:
# and run as neutron user
user: root
volumes:
- - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
+ - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
command: ['neutron-db-manage', 'upgrade', 'heads']
step_4:
neutron_api:
@@ -90,10 +96,13 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index 03fbf766..e48f53b4 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NeutronBase:
type: ../../puppet/services/neutron-dhcp.yaml
properties:
@@ -76,12 +79,15 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/hosts:/etc/hosts:ro
- - /lib/modules:/lib/modules:ro
- - /run/:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index 0b04b56d..90fe65f6 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NeutronL3Base:
type: ../../puppet/services/neutron-l3.yaml
properties:
@@ -72,10 +75,14 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index bea08e91..c40ef8bf 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NeutronOvsAgentBase:
type: ../../puppet/services/neutron-ovs-agent.yaml
properties:
@@ -64,11 +67,15 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 97fafb09..8621bb65 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
@@ -126,10 +129,13 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index eefcb367..c347b113 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -29,6 +29,8 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
NovaComputeBase:
type: ../../puppet/services/nova-compute.yaml
@@ -66,15 +68,19 @@ outputs:
user: root
restart: always
volumes:
- - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- - /dev:/dev
- - /etc/iscsi:/etc/iscsi
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /run:/run
- - /var/lib/nova:/var/lib/nova
- - /var/lib/libvirt:/var/lib/libvirt
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
+ - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ - /var/lib/nova:/var/lib/nova
+ - /var/lib/libvirt:/var/lib/libvirt
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -85,4 +91,4 @@ outputs:
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
- service: name=nova-compute state=stopped enabled=no
+ service: name=openstack-nova-compute state=stopped enabled=no
diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
index b7a1d742..e414b216 100644
--- a/docker/services/nova-conductor.yaml
+++ b/docker/services/nova-conductor.yaml
@@ -34,6 +34,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaConductorBase:
type: ../../puppet/services/nova-conductor.yaml
properties:
@@ -73,11 +76,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 9941abda..2f4da6c0 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -33,6 +33,8 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
NovaIronicBase:
type: ../../puppet/services/nova-ironic.yaml
@@ -70,16 +72,20 @@ outputs:
user: root
restart: always
volumes:
- - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /dev:/dev
- - /etc/iscsi:/etc/iscsi
- - /var/lib/nova/:/var/lib/nova
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /run:/run
+ - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/nova/:/var/lib/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
- service: name=nova-compute state=stopped enabled=no
+ service: name=openstack-nova-compute state=stopped enabled=no
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 15cee597..ba637605 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -35,6 +35,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaLibvirtBase:
type: ../../puppet/services/nova-libvirt.yaml
properties:
@@ -73,18 +76,22 @@ outputs:
privileged: true
restart: always
volumes:
- - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /dev:/dev
- - /run:/run
- - /sys/fs/cgroup:/sys/fs/cgroup
- - /var/lib/nova:/var/lib/nova
- # Needed to use host's virtlogd
- - /var/run/libvirt:/var/run/libvirt
- - /var/lib/libvirt:/var/lib/libvirt
- - /etc/libvirt/qemu:/etc/libvirt/qemu
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
+ - /lib/modules:/lib/modules:ro
+ - /dev:/dev
+ - /run:/run
+ - /sys/fs/cgroup:/sys/fs/cgroup
+ - /var/lib/nova:/var/lib/nova
+ # Needed to use host's virtlogd
+ - /var/run/libvirt:/var/run/libvirt
+ - /var/lib/libvirt:/var/lib/libvirt
+ - /etc/libvirt/qemu:/etc/libvirt/qemu
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index 0c595dc2..53460a83 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaPlacementBase:
type: ../../puppet/services/nova-placement.yaml
properties:
@@ -70,12 +73,15 @@ outputs:
user: root
restart: always
volumes:
- - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
- - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
index e6f4896b..54f30abd 100644
--- a/docker/services/nova-scheduler.yaml
+++ b/docker/services/nova-scheduler.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaSchedulerBase:
type: ../../puppet/services/nova-scheduler.yaml
properties:
@@ -72,11 +75,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index f4f1f7b0..61bdf7ac 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
@@ -76,10 +79,13 @@ outputs:
detach: false
privileged: false
volumes:
- - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
+ - logs:/var/log
command: /usr/bin/panko-dbsync
step_4:
panko_api:
@@ -89,11 +95,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
- - /var/lib/config-data/panko/var/www/:/var/www/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
+ - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/panko/var/www/:/var/www/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 9d5a52a6..a04893e4 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -33,6 +33,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
RabbitmqBase:
type: ../../puppet/services/rabbitmq.yaml
properties:
@@ -69,11 +72,14 @@ outputs:
net: host
privileged: false
volumes:
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/lib/rabbitmq:/var/lib/rabbitmq
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+ - /var/lib/rabbitmq:/var/lib/rabbitmq
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@@ -95,11 +101,14 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/lib/rabbitmq:/var/lib/rabbitmq
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+ - /var/lib/rabbitmq:/var/lib/rabbitmq
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index e60aca12..6e8d6eb9 100644
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
SwiftProxyBase:
type: ../../puppet/services/swift-proxy.yaml
properties:
@@ -65,15 +68,18 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
- # FIXME I'm mounting /etc/swift as rw. Are the rings written to
- # at all during runtime?
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ # FIXME I'm mounting /etc/swift as rw. Are the rings written to
+ # at all during runtime?
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index cccddb46..5044c54c 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -41,6 +41,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
SwiftStorageBase:
type: ../../puppet/services/swift-storage.yaml
properties:
@@ -114,13 +117,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: &kolla_env
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
swift_account_reaper:
@@ -129,13 +135,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_account_replicator:
image: *swift_account_image
@@ -143,13 +152,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_account_server:
image: *swift_account_image
@@ -157,13 +169,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_container_auditor:
image: &swift_container_image
@@ -174,13 +189,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_container_replicator:
image: *swift_container_image
@@ -188,13 +206,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_container_updater:
image: *swift_container_image
@@ -202,13 +223,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_container_server:
image: *swift_container_image
@@ -216,13 +240,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_object_auditor:
image: &swift_object_image
@@ -233,13 +260,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_object_expirer:
image: *swift_proxy_image
@@ -247,13 +277,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_object_replicator:
image: *swift_object_image
@@ -261,13 +294,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_object_updater:
image: *swift_object_image
@@ -275,13 +311,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
swift_object_server:
image: *swift_object_image
@@ -289,13 +328,16 @@ outputs:
user: swift
restart: always
volumes:
- - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - /srv/node:/srv/node
- - /dev:/dev
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
environment: *kolla_env
host_prep_tasks:
- name: create /srv/node
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 1160031f..fdb353bc 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -29,6 +29,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
ZaqarBase:
type: ../../puppet/services/zaqar.yaml
properties:
@@ -56,7 +59,7 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
- command: /usr/sbin/httpd -DFOREGROUND
+ command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
docker_config:
@@ -66,15 +69,14 @@ outputs:
net: host
privileged: false
restart: always
- # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
- # to be root to run httpd
- user: root
volumes:
- - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- - /var/lib/config-data/zaqar/etc/httpd:/etc/httpd/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
zaqar_websocket:
@@ -83,13 +85,17 @@ outputs:
privileged: false
restart: always
volumes:
- - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
+ yaql:
+ expression: $.data.common.concat($.data.service)
+ data:
+ common: {get_attr: [ContainersCommon, volumes]}
+ service:
+ - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable zaqar service
tags: step2
- service: name=httpd state=stopped enabled=no
+ service: name=openstack-zaqar.service state=stopped enabled=no
+
diff --git a/environments/swift-external.yaml b/environments/swift-external.yaml
new file mode 100644
index 00000000..0bf0d39e
--- /dev/null
+++ b/environments/swift-external.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+ OS::TripleO::Services::ExternalSwiftProxy: ../puppet/services/external-swift-proxy.yaml
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+
+parameter_defaults:
+ ExternalPublicUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+ ExternalInternalUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+ ExternalAdminUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+ ExternalSwiftUserTenant: 'service'
+
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index e8316c53..30a83550 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -53,6 +53,12 @@ parameters:
type: string
rhel_reg_http_proxy_password:
type: string
+ UpdateOnRHELRegistration:
+ type: boolean
+ default: false
+ description: |
+ When enabled, the system will perform a yum update after performing the
+ RHEL Registration process.
resources:
@@ -134,6 +140,37 @@ resources:
input_values:
REG_METHOD: {get_param: rhel_reg_method}
+ YumUpdateConfigurationAfterRHELRegistration:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -x
+ num_updates=$(yum list -q updates | wc -l)
+ if [ "$num_updates" -eq "0" ]; then
+ echo "No packages require updating"
+ exit 0
+ fi
+ full_command="yum -q -y update"
+ echo "Running: $full_command"
+ result=$($full_command)
+ return_code=$?
+ echo "$result"
+ echo "yum return code: $return_code"
+ exit $return_code
+
+ UpdateDeploymentAfterRHELRegistration:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: RHELRegistrationDeployment
+ conditions:
+ update_requested: {get_param: UpdateOnRHELRegistration}
+ properties:
+ name: UpdateDeploymentAfterRHELRegistration
+ config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
+ server: {get_param: server}
+ actions: ['CREATE'] # Only do this on CREATE
+
outputs:
deploy_stdout:
description: Deployment reference, used to trigger puppet apply on changes
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
new file mode 100644
index 00000000..847c8772
--- /dev/null
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -0,0 +1,42 @@
+heat_template_version: ocata
+
+description: >
+ This is a template which will fetch the ssh host public key.
+
+parameters:
+ server:
+ description: ID of the node to apply this config to
+ type: string
+
+resources:
+ SshHostPubKeyConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ outputs:
+ - name: rsa
+ - name: ecdsa
+ - name: ed25519
+ config: |
+ #!/bin/sh -x
+ test -e '/etc/ssh/ssh_host_rsa_key.pub' && cat /etc/ssh/ssh_host_rsa_key.pub > $heat_outputs_path.rsa
+ test -e '/etc/ssh/ssh_host_ecdsa_key.pub' && cat /etc/ssh/ssh_host_ecdsa_key.pub > $heat_outputs_path.ecdsa
+ test -e '/etc/ssh/ssh_host_ed25519_key.pub' && cat /etc/ssh/ssh_host_ed25519_key.pub > $heat_outputs_path.ed25519
+
+ SshHostPubKeyDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: SshHostPubKeyConfig}
+ server: {get_param: server}
+
+
+outputs:
+ ecdsa:
+ description: Host ssh public key (ecdsa)
+ value: {get_attr: [SshHostPubKeyDeployment, ecdsa]}
+ rsa:
+ description: Host ssh public key (rsa)
+ value: {get_attr: [SshHostPubKeyDeployment, rsa]}
+ ed25519:
+ description: Host ssh public key (ed25519)
+ value: {get_attr: [SshHostPubKeyDeployment, ed25519]}
diff --git a/extraconfig/tasks/ssh/known_hosts_config.yaml b/extraconfig/tasks/ssh/known_hosts_config.yaml
new file mode 100644
index 00000000..2ebcb63c
--- /dev/null
+++ b/extraconfig/tasks/ssh/known_hosts_config.yaml
@@ -0,0 +1,36 @@
+heat_template_version: ocata
+description: 'SSH Known Hosts Config'
+
+parameters:
+ known_hosts:
+ type: string
+
+resources:
+
+ SSHKnownHostsConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: known_hosts
+ default: {get_param: known_hosts}
+ config: |
+ #!/bin/bash
+ set -eux
+ set -o pipefail
+
+ echo "Creating ssh known hosts file"
+
+ if [ ! -z "${known_hosts}" ]; then
+ echo "${known_hosts}"
+ echo -ne "${known_hosts}" > /etc/ssh/ssh_known_hosts
+ chmod 0644 /etc/ssh/ssh_known_hosts
+ else
+ rm -f /etc/ssh/ssh_known_hosts
+ echo "No ssh known hosts"
+ fi
+
+outputs:
+ OS::stack_id:
+ description: The SSHKnownHostsConfig resource.
+ value: {get_resource: SSHKnownHostsConfig} \ No newline at end of file
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 3f40ded1..a0324964 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -5,6 +5,8 @@ resource_registry:
OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
+ OS::TripleO::Ssh::HostPubKey: extraconfig/tasks/ssh/host_public_key.yaml
+ OS::TripleO::Ssh::KnownHostsConfig: extraconfig/tasks/ssh/known_hosts_config.yaml
OS::TripleO::DefaultPasswords: default_passwords.yaml
# Tasks (for internal TripleO usage)
@@ -192,6 +194,7 @@ resource_registry:
OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
+ OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml
OS::TripleO::Services::Snmp: puppet/services/snmp.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index a322a445..a2d501d3 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -1,4 +1,12 @@
-{% set primary_role_name = roles[0].name -%}
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# primary role is: {{primary_role_name}}
heat_template_version: ocata
description: >
@@ -254,6 +262,16 @@ resources:
type: json
value: {get_attr: [EndpointMap, endpoint_map]}
+ SshKnownHostsConfig:
+ type: OS::TripleO::Ssh::KnownHostsConfig
+ properties:
+ known_hosts:
+ list_join:
+ - ''
+ {% for role in roles %}
+ - {get_attr: [{{role.name}}, known_hosts_entry]}
+ {% endfor %}
+
# Jinja loop for Role in roles_data.yaml
{% for role in roles %}
# Resources generated for {{role.name}} Role
@@ -285,6 +303,13 @@ resources:
config: {get_attr: [hostsConfig, config_id]}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}SshKnownHostsDeployment:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ name: {{role.name}}SshKnownHostsDeployment
+ config: {get_resource: SshKnownHostsConfig}
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+
{{role.name}}AllNodesDeployment:
type: OS::Heat::StructuredDeployments
depends_on:
@@ -692,3 +717,9 @@ outputs:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
{% endfor %}
+ RoleNetIpMap:
+ description: Mapping of each network to a list of IPs for each role
+ value:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}IpListMap, net_ip_map]}
+{% endfor %}
diff --git a/plan-environment.yaml b/plan-environment.yaml
index f629eff3..1f9c8211 100644
--- a/plan-environment.yaml
+++ b/plan-environment.yaml
@@ -1,5 +1,8 @@
-version: 1.0
-
-template: overcloud.yaml
-environments:
-- path: overcloud-resource-registry-puppet.yaml
+version: 1.0
+
+name: overcloud
+description: >
+ Default Deployment plan
+template: overcloud.yaml
+environments:
+ - path: overcloud-resource-registry-puppet.yaml
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index e3799649..b9e5c6fe 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -457,6 +457,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: BlockStorageDeployment
+ properties:
+ server: {get_resource: BlockStorage}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -504,6 +510,37 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [BlockStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for the block storage server
value:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 7c92083b..075f42ba 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -468,6 +468,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: CephStorageDeployment
+ properties:
+ server: {get_resource: CephStorage}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -515,6 +521,37 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [CephStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for the ceph storage server
value:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 8c8468f3..351b3823 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -492,6 +492,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: NovaComputeDeployment
+ properties:
+ server: {get_resource: NovaCompute}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -559,7 +565,38 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [NovaCompute, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
- {get_resource: NovaCompute}
+ {get_resource: NovaCompute} \ No newline at end of file
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index e0689f3c..92eb70ad 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -531,6 +531,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: ControllerDeployment
+ properties:
+ server: {get_resource: Controller}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -598,6 +604,37 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [Controller, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 58de4621..84b646a2 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -455,6 +455,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: SwiftStorageHieraDeploy
+ properties:
+ server: {get_resource: SwiftStorage}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -502,6 +508,37 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [SwiftStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for the swift storage server
value:
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 67eb89af..960f0d58 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -490,6 +490,12 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ SshHostPubKey:
+ type: OS::TripleO::Ssh::HostPubKey
+ depends_on: {{role}}Deployment
+ properties:
+ server: {get_resource: {{role}}}
+
outputs:
ip_address:
description: IP address of the server in the ctlplane network
@@ -537,6 +543,37 @@ outputs:
MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ known_hosts_entry:
+ description: Entry for ssh known hosts
+ value:
+ str_replace:
+ template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
+EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
+INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
+STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
+STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
+TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
+MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [{{role}}, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
+ CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
+ HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for {{role}} server
value:
diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml
new file mode 100644
index 00000000..75f5b6a0
--- /dev/null
+++ b/puppet/services/external-swift-proxy.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+description: >
+ External Swift Proxy endpoint configured with Puppet
+
+parameters:
+ ExternalPublicUrl:
+ description: Public endpoint url for the external swift proxy
+ type: string
+ ExternalInternalUrl:
+ description: Internal endpoint url for the external swift proxy
+ type: string
+ ExternalAdminUrl:
+ description: External endpoint url for the external swift proxy
+ type: string
+ ExternalSwiftUserTenant:
+ description: Tenant where swift user will be set as admin
+ type: string
+ default: 'service'
+ SwiftPassword:
+ description: The password for the swift service account, used by the swift proxy services.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+outputs:
+ role_data:
+ description: Role data for External Swift proxy.
+ value:
+ service_name: external_swift_proxy
+ config_settings:
+
+ step_config:
+
+ service_config_settings:
+ keystone:
+ swift::keystone::auth::public_url: {get_param: ExternalPublicUrl}
+ swift::keystone::auth::internal_url: {get_param: ExternalInternalUrl}
+ swift::keystone::auth::admin_url: {get_param: ExternalAdminUrl}
+ swift::keystone::auth::public_url_s3: ''
+ swift::keystone::auth::internal_url_s3: ''
+ swift::keystone::auth::admin_url_s3: ''
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 632d9b0b..8a0e750d 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -119,27 +119,27 @@ parameters:
Cron to purge expired tokens - Ensure
default: 'present'
KeystoneCronTokenFlushMinute:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Minute
default: '1'
KeystoneCronTokenFlushHour:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Hour
- default: '0'
+ default: '*'
KeystoneCronTokenFlushMonthday:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Month Day
default: '*'
KeystoneCronTokenFlushMonth:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Month
default: '*'
KeystoneCronTokenFlushWeekday:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Week Day
default: '*'
diff --git a/puppet/services/neutron-bigswitch-agent.yaml b/puppet/services/neutron-bigswitch-agent.yaml
index 845f0da0..8f56e0a9 100644
--- a/puppet/services/neutron-bigswitch-agent.yaml
+++ b/puppet/services/neutron-bigswitch-agent.yaml
@@ -26,6 +26,4 @@ outputs:
value:
service_name: neutron_bigswitch_agent
step_config: |
- if hiera('step') >= 4 {
- include ::neutron::agents::bigswitch
- }
+ include ::tripleo::profile::base::neutron::agents::bigswitch
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index a9737eb6..b1711436 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -79,6 +79,13 @@ parameters:
type: string
description: Nova Compute upgrade level
default: auto
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default: {}
resources:
NovaBase:
@@ -111,6 +118,7 @@ outputs:
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
+ tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index faf1ae48..b297424e 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -66,7 +66,6 @@ outputs:
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
- - 16509
- 16514
- '49152-49215'
- '5900-5999'
diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
new file mode 100644
index 00000000..83b05bbb
--- /dev/null
+++ b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Added support for external swift proxy. Users may need to
+ configure endpoints pointing to swift proxy service
+ already available.
diff --git a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
new file mode 100644
index 00000000..45ca9fe5
--- /dev/null
+++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Add support for cold migration over ssh.
+
+ This enables nova cold migration.
+
+ This also switches to SSH as the default transport for live-migration.
+ The tripleo-common mistral action that generates passwords supplies the
+ MigrationSshKey parameter that enables this.
+deprecations:
+ - |
+ The TCP transport is no longer used for live-migration and the firewall
+ port has been closed.
diff --git a/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
new file mode 100644
index 00000000..dadbfa4b
--- /dev/null
+++ b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
@@ -0,0 +1,18 @@
+---
+features:
+ - |
+ Adds tags to roles that allow an operator to specify custom tags to use
+ when trying to find functionality available from a role. Currently a role
+ with both the 'primary' and 'controller' tag is consider to be the primary
+ role. Historically the role named 'Controller' was the 'primary' role and
+ this primary designation is used to determine items like memcache ip
+ addresses. If no roles have the both the 'primary' and 'controller' tags,
+ the first role specified in the roles_data.yaml is used as the primary
+ role.
+upgrade:
+ - |
+ If using custom roles data, the logic was changed to leverage the first
+ role listed in the roles_data.yaml file to be the primary role. This can
+ be worked around by adding the 'primary' and 'controller' tags to the
+ custom controller role in your roles_data.yaml to ensure that the defined
+ custom controller role is still considered the primary role.
diff --git a/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
new file mode 100644
index 00000000..8b533b1a
--- /dev/null
+++ b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - SSH host key exchange. The ssh host keys are collected from each host,
+ combined, and written to /etc/ssh/ssh_known_hosts.
diff --git a/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
new file mode 100644
index 00000000..70051f65
--- /dev/null
+++ b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - The token flush cron job has been modified to run hourly instead of once
+ a day. This is because this was causing issues with larger deployments, as
+ the operation would take too long and sometimes even fail because of the
+ transaction being so large. Note that this only affects people using the
+ UUID token provider.
diff --git a/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
new file mode 100644
index 00000000..ad1f39c4
--- /dev/null
+++ b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Adds a new boolean parameter for RHEL Registration called
+ 'UpdateOnRHELRegistration' that when enabled will trigger a yum update
+ on the node after the registration process completes.
diff --git a/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
new file mode 100644
index 00000000..29d32cb7
--- /dev/null
+++ b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add name and description fields to plan-environment.yaml
diff --git a/roles_data.yaml b/roles_data.yaml
index eee6bf59..8d3b5078 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -28,9 +28,18 @@
# ServicesDefault: (list) optional default list of services to be deployed
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
-
-- name: Controller # the 'primary' role goes first
+#
+# tags: (list) list of tags used by other parts of the deployment process to
+# find the role for a specific type of functionality. Currently a role
+# with both 'primary' and 'controller' is used as the primary role for the
+# deployment process. If no roles have have 'primary' and 'controller', the
+# first role in this file is used as the primary role.
+#
+- name: Controller
CountDefault: 1
+ tags:
+ - primary
+ - controller
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
@@ -82,6 +91,7 @@
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index 8e830711..df2e196b 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -1,6 +1,9 @@
-- name: Undercloud # the 'primary' role goes first
+- name: Undercloud
CountDefault: 1
disable_constraints: True
+ tags:
+ - primary
+ - controller
ServicesDefault:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::MySQL
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 5669a8af..f9dffef0 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -28,8 +28,9 @@ REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
'service_config_settings', 'host_prep_tasks',
'metadata_settings', 'kolla_config']
-DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'puppet_tags', 'step_config',
- 'config_image']
+REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',
+ 'config_image']
+OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags' ]
def exit_usage():
@@ -146,13 +147,16 @@ def validate_docker_service(filename, tpl):
if 'puppet_config' in role_data:
puppet_config = role_data['puppet_config']
for key in puppet_config:
- if key in DOCKER_PUPPET_CONFIG_SECTIONS:
+ if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS:
continue
else:
- print('ERROR: %s should not be in puppet_config section.'
- % key)
- return 1
- for key in DOCKER_PUPPET_CONFIG_SECTIONS:
+ if key in OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS:
+ continue
+ else:
+ print('ERROR: %s should not be in puppet_config section.'
+ % key)
+ return 1
+ for key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS:
if key not in puppet_config:
print('ERROR: %s is required in puppet_config for %s.'
% (key, filename))