summaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml205
-rw-r--r--docker/services/ceph-ansible/ceph-client.yaml58
-rw-r--r--docker/services/ceph-ansible/ceph-mon.yaml86
-rw-r--r--docker/services/ceph-ansible/ceph-osd.yaml75
-rw-r--r--docker/services/cinder-api.yaml26
-rw-r--r--docker/services/cinder-backup.yaml16
-rw-r--r--docker/services/cinder-volume.yaml16
-rw-r--r--docker/services/collectd.yaml4
-rw-r--r--docker/services/glance-api.yaml9
-rw-r--r--docker/services/gnocchi-metricd.yaml9
-rw-r--r--docker/services/haproxy.yaml2
-rw-r--r--docker/services/heat-api-cfn.yaml21
-rw-r--r--docker/services/heat-api.yaml46
-rw-r--r--docker/services/keystone.yaml26
-rw-r--r--docker/services/manila-share.yaml11
-rw-r--r--docker/services/neutron-dhcp.yaml8
-rw-r--r--docker/services/neutron-l3.yaml8
-rw-r--r--docker/services/neutron-metadata.yaml8
-rw-r--r--docker/services/nova-api.yaml24
-rw-r--r--docker/services/nova-compute.yaml26
-rw-r--r--docker/services/nova-libvirt.yaml27
-rw-r--r--docker/services/nova-migration-target.yaml124
-rw-r--r--docker/services/opendaylight-api.yaml7
-rw-r--r--docker/services/pacemaker/database/mysql.yaml11
-rw-r--r--docker/services/pacemaker/database/redis.yaml8
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml8
-rw-r--r--docker/services/swift-storage.yaml1
-rw-r--r--docker/services/zaqar.yaml17
28 files changed, 834 insertions, 53 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
new file mode 100644
index 00000000..1468415e
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -0,0 +1,205 @@
+heat_template_version: pike
+
+description: >
+ Ceph base service. Shared by all Ceph services.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephAnsibleWorkflowName:
+ type: string
+ description: Name of the Mistral workflow to execute
+ default: tripleo.storage.v1.ceph-install
+ CephAnsiblePlaybook:
+ type: string
+ description: Path to the ceph-ansible playbook to execute
+ default: /usr/share/ceph-ansible/site-docker.yml.sample
+ CephAnsibleExtraConfig:
+ type: json
+ description: Extra vars for the ceph-ansible playbook
+ default: {}
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CephPoolDefaultPgNum:
+ description: default pg_num to use for the RBD pools
+ type: number
+ default: 32
+ CephPools:
+ description: >
+ It can be used to override settings for one of the predefined pools, or to create
+ additional ones. Example:
+ {
+ "volumes": {
+ "size": 5,
+ "pg_num": 128,
+ "pgp_num": 128
+ }
+ }
+ default: {}
+ type: json
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephPoolDefaultSize:
+ description: default minimum replication for RBD copies
+ type: number
+ default: 3
+ CephIPv6:
+ default: False
+ type: boolean
+ DockerCephDaemonImage:
+ description: image
+ type: string
+ default: 'ceph/daemon:tag-build-master-jewel-centos-7'
+
+conditions:
+ custom_registry_host:
+ yaql:
+ data: {get_param: DockerCephDaemonImage}
+ expression: $.data.split('/')[0].matches('(\.|:)')
+
+outputs:
+ role_data:
+ description: Role data for the Ceph base service.
+ value:
+ service_name: ceph_base
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks:
+ step2:
+ - name: ceph_base_ansible_workflow
+ workflow: { get_param: CephAnsibleWorkflowName }
+ input:
+ ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig}
+ ceph_ansible_playbook: {get_param: CephAnsiblePlaybook}
+ config_settings:
+ ceph_common_ansible_vars:
+ fsid: { get_param: CephClusterFSID }
+ docker: true
+ ceph_docker_registry:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: regex('(?:https?://)?(.*)/').split($.data)[1]
+ data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
+ - docker.io
+ ceph_docker_image:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: regex('(?:https?://)?(.*)/').split($.data)[2]
+ data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
+ - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
+ ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]}
+ containerized_deployment: true
+ public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+ cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
+ user_config: true
+ ceph_stable: true
+ ceph_origin: distro
+ openstack_config: true
+ openstack_pools:
+ list_concat:
+ - repeat:
+ template:
+ name: <%pool%>
+ pg_num: {get_param: CephPoolDefaultPgNum}
+ rule_name: ""
+ for_each:
+ <%pool%>:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: CinderBackupRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
+ - repeat:
+ template:
+ name: <%pool%>
+ pg_num: {get_param: CephPoolDefaultPgNum}
+ rule_name: ""
+ for_each:
+ <%pool%>: {get_param: CephPools}
+ openstack_keys: &openstack_keys
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: CephClientUserName}
+ key: {get_param: CephClientKey}
+ mon_cap: "allow r"
+ osd_cap:
+ str_replace:
+ template: "allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL"
+ params:
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ acls:
+ - "u:glance:r--"
+ - "u:nova:r--"
+ - "u:cinder:r--"
+ - "u:gnocchi:r--"
+ keys: *openstack_keys
+ pools: []
+ ceph_conf_overrides:
+ global:
+ osd_pool_default_size: {get_param: CephPoolDefaultSize}
+ osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ ntp_service_enabled: false
+ generate_fsid: false
+ ip_version:
+ if:
+ - {get_param: CephIPv6}
+ - ipv6
+ - ipv4
diff --git a/docker/services/ceph-ansible/ceph-client.yaml b/docker/services/ceph-ansible/ceph-client.yaml
new file mode 100644
index 00000000..55d8d9da
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-client.yaml
@@ -0,0 +1,58 @@
+heat_template_version: pike
+
+description: >
+ Ceph Client service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph Client service.
+ value:
+ service_name: ceph_client
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings: {}
diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml
new file mode 100644
index 00000000..90149d1e
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-mon.yaml
@@ -0,0 +1,86 @@
+heat_template_version: pike
+
+description: >
+ Ceph Monitor service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephMonKey:
+ description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ CephAdminKey:
+ default: ''
+ description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ CephValidationRetries:
+ type: number
+ default: 40
+ description: Number of retry attempts for Ceph validation
+ CephValidationDelay:
+ type: number
+ default: 30
+ description: Interval (in seconds) in between validation checks
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph Monitor service.
+ value:
+ service_name: ceph_mon
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_mon.firewall_rules:
+ '110 ceph_mon':
+ dport:
+ - 6789
+ - ceph_mon_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - monitor_secret: {get_param: CephMonKey}
+ admin_secret: {get_param: CephAdminKey}
+ monitor_interface: br_ex
diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml
new file mode 100644
index 00000000..6e0f4a60
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-osd.yaml
@@ -0,0 +1,75 @@
+heat_template_version: pike
+
+description: >
+ Ceph OSD service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephAnsibleDisksConfig:
+ type: json
+ description: Disks config settings for ceph-ansible
+ default:
+ devices:
+ - /dev/vdb
+ journal_size: 512
+ journal_collocation: true
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph OSD service.
+ value:
+ service_name: ceph_osd
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_osd.firewall_rules:
+ '111 ceph_osd':
+ dport:
+ - '6800-7300'
+ - ceph_osd_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - {get_param: CephAnsibleDisksConfig} \ No newline at end of file
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 0cd1dd7b..7804fdb2 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -86,6 +86,17 @@ outputs:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
+ /var/lib/kolla/config_files/cinder_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
docker_config:
step_2:
cinder_api_init_logs:
@@ -140,6 +151,21 @@ outputs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ cinder_api_cron:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+
host_prep_tasks:
- name: create persistent logs directory
file:
diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
index dc7580a3..de637f3b 100644
--- a/docker/services/cinder-backup.yaml
+++ b/docker/services/cinder-backup.yaml
@@ -72,16 +72,12 @@ outputs:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- # NOTE(mandre): the copy of ceph conf will need to go once we
- # generate a ceph.conf for cinder in puppet
- # Copy ceph config files before cinder ones as a precaution, for
- # the later one to take precendence in case of duplicate files.
- - source: "/var/lib/kolla/config_files/src-ceph/*"
+ - source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- - source: "/var/lib/kolla/config_files/src/*"
- dest: "/"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
@@ -118,8 +114,8 @@ outputs:
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- # FIXME: we need to generate a ceph.conf with puppet for this
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
@@ -136,6 +132,10 @@ outputs:
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable cinder_backup service
tags: step2
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index 3030019c..ce81fbf8 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -86,16 +86,12 @@ outputs:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- # NOTE(mandre): the copy of ceph conf will need to go once we
- # generate a ceph.conf for cinder in puppet
- # Copy ceph config files before cinder ones as a precaution, for
- # the later one to take precendence in case of duplicate files.
- - source: "/var/lib/kolla/config_files/src-ceph/*"
+ - source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- - source: "/var/lib/kolla/config_files/src/*"
- dest: "/"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
@@ -129,8 +125,8 @@ outputs:
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- # FIXME: we need to generate a ceph.conf with puppet for this
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
@@ -147,6 +143,10 @@ outputs:
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml
index 2989729c..3c0ba09b 100644
--- a/docker/services/collectd.yaml
+++ b/docker/services/collectd.yaml
@@ -89,15 +89,17 @@ outputs:
collectd:
image: {get_param: DockerCollectdImage}
net: host
+ pid: host
privileged: true
+ user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/collectd:/var/log/collectd:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index d88c64b5..f4c724b0 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -86,6 +86,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
@@ -117,6 +121,7 @@ outputs:
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -156,6 +161,10 @@ outputs:
file:
path: /var/log/containers/glance
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable glance_api service
tags: step2
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 1a0a1ddb..6778543b 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -75,6 +75,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -93,6 +97,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -100,6 +105,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-metricd service
tags: step2
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 21baf5c6..f080dcb2 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -46,7 +46,7 @@ parameters:
The filepath of the certificate as it will be stored in the controller.
type: string
RedisPassword:
- description: The password for Redis
+ description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index aff0f1a1..70612899 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -125,8 +125,25 @@ outputs:
path: /var/log/containers/heat
state: directory
upgrade_tasks:
- - name: Stop and disable heat_api_cfn service
+ - name: Check if heat_api_cfn is deployed
+ command: systemctl is-enabled openstack-heat-api-cfn
+ tags: common
+ ignore_errors: True
+ register: heat_api_cfn_enabled
+ - name: check for heat_api_cfn running under apache (post upgrade)
tags: step2
- service: name=httpd state=stopped enabled=no
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
+ register: heat_api_cfn_apache
+ ignore_errors: true
+ changed_when: false
+ check_mode: no
+ - name: Stop heat_api_cfn service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: heat_api_cfn_apache.rc == 0
+ - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-heat-api-cfn state=stopped enabled=no
+ when: heat_api_cfn_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index d09230fe..0bc331ca 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -90,6 +90,17 @@ outputs:
- path: /var/log/heat
owner: heat:heat
recurse: true
+ /var/lib/kolla/config_files/heat_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/heat
+ owner: heat:heat
+ recurse: true
docker_config:
step_4:
heat_api:
@@ -119,14 +130,45 @@ outputs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ heat_api_cron:
+ image: {get_param: DockerHeatApiImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/heat:/var/log/heat
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/heat
state: directory
upgrade_tasks:
- - name: Stop and disable heat_api service
+ - name: Check is heat_api is deployed
+ command: systemctl is-enabled openstack-heat-api
+ tags: common
+ ignore_errors: True
+ register: heat_api_enabled
+ - name: check for heat_api running under apache (post upgrade)
+ tags: step2
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
+ register: heat_api_apache
+ ignore_errors: true
+ changed_when: false
+ check_mode: no
+ - name: Stop heat_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: heat_api_apache.rc == 0
+ - name: Stop and disable heat_api service (pre-upgrade not under httpd)
tags: step2
- service: name=httpd state=stopped enabled=no
+ service: name=openstack-heat-api state=stopped enabled=no
+ when: heat_api_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index da04682e..7ecfc329 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -98,6 +98,17 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ /var/lib/kolla/config_files/keystone_cron.json:
+ command: /usr/sbin/cron -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/keystone
+ owner: keystone:keystone
+ recurse: true
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
step_2:
@@ -150,6 +161,21 @@ outputs:
user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ keystone_cron:
+ start_order: 4
+ image: *keystone_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/keystone:/var/log/keystone
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml
index 09d1a574..b4278155 100644
--- a/docker/services/manila-share.yaml
+++ b/docker/services/manila-share.yaml
@@ -75,9 +75,8 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
- # NOTE(gfidente): ceph-ansible generated
- - source: "/var/lib/kolla/config_files/src-ceph/*"
- dest: "/etc/ceph"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
@@ -97,7 +96,7 @@ outputs:
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -105,6 +104,10 @@ outputs:
file:
path: /var/log/containers/manila
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable manila_share service
tags: step2
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index eed8a1c0..4b75d542 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -81,6 +81,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_dhcp:
@@ -97,10 +100,15 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index c3a4d27f..06470c05 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -77,6 +77,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_l3_agent:
@@ -93,10 +96,15 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml
index 582b7754..a5a7c34b 100644
--- a/docker/services/neutron-metadata.yaml
+++ b/docker/services/neutron-metadata.yaml
@@ -77,6 +77,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_metadata_agent:
@@ -93,10 +96,15 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 1d73a538..4bec8035 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -88,6 +88,17 @@ outputs:
- path: /var/log/nova
owner: nova:nova
recurse: true
+ /var/lib/kolla/config_files/nova_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
@@ -151,7 +162,7 @@ outputs:
user: nova
privileged: true
restart: always
- volumes: &nova_api_volumes
+ volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
@@ -164,12 +175,17 @@ outputs:
image: *nova_api_image
net: host
user: root
- privileged: true
+ privileged: false
restart: always
- volumes: *nova_api_volumes
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- command: "/usr/sbin/crond -n"
step_5:
nova_api_discover_hosts:
start_order: 1
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 3ee3e431..c6e848a0 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -36,6 +36,11 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
resources:
@@ -51,6 +56,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
@@ -58,14 +64,7 @@ outputs:
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaComputeBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaComputeBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaComputeBase, role_data, step_config]
puppet_config:
@@ -85,6 +84,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -108,12 +111,15 @@ outputs:
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/nova:/var/lib/nova
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/containers/nova:/var/log/nova
+ - /sys/class/net:/sys/class/net
+ - /sys/bus/pci:/sys/bus/pci
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -125,6 +131,10 @@ outputs:
- /var/log/containers/nova
- /var/lib/nova
- /var/lib/libvirt
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index e1ddca81..973b0ebb 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -51,6 +51,12 @@ parameters:
description: If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
relevant keys for libvirt.
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
conditions:
@@ -77,6 +83,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
@@ -84,19 +91,12 @@ outputs:
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaLibvirtBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaLibvirtBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaLibvirtBase, role_data, step_config]
puppet_config:
config_volume: nova_libvirt
- puppet_tags: nova_config,file,exec
+ puppet_tags: libvirtd_config,nova_config,file,exec
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
@@ -111,6 +111,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -129,6 +133,7 @@ outputs:
-
- /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
@@ -153,6 +158,10 @@ outputs:
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
- name: set enable_package_install fact
set_fact:
enable_package_install: {get_param: EnablePackageInstall}
diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml
new file mode 100644
index 00000000..385343a0
--- /dev/null
+++ b/docker/services/nova-migration-target.yaml
@@ -0,0 +1,124 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Migration Target service
+
+parameters:
+ DockerNovaComputeImage:
+ description: image
+ type: string
+ DockerNovaLibvirtConfigImage:
+ description: The container image to use for the nova_libvirt config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SshdBase:
+ type: ../../puppet/services/sshd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+ NovaMigrationTargetBase:
+ type: ../../puppet/services/nova-migration-target.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Migration Target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ map_merge:
+ - get_attr: [SshdBase, role_data, config_settings]
+ - get_attr: [NovaMigrationTargetBase, role_data, config_settings]
+ - tripleo.nova_migration_target.firewall_rules:
+ '113 nova_migration_target':
+ dport:
+ - {get_param: DockerNovaMigrationSshdPort}
+ step_config: &step_config
+ list_join:
+ - "\n"
+ - - get_attr: [SshdBase, role_data, step_config]
+ - get_attr: [NovaMigrationTargetBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova_libvirt
+ step_config: *step_config
+ config_image: {get_param: DockerNovaLibvirtConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/nova-migration-target.json:
+ command:
+ str_replace:
+ template: "/usr/sbin/sshd -D -p SSHDPORT"
+ params:
+ SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: /host-ssh/ssh_host_*_key
+ dest: /etc/ssh/
+ owner: "root"
+ perm: "0600"
+ docker_config:
+ step_4:
+ nova_migration_target:
+ image: {get_param: DockerNovaComputeImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /etc/ssh/:/host-ssh/:ro
+ - /run:/run
+ - /var/lib/nova:/var/lib/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml
index 80ca822b..6a62f65e 100644
--- a/docker/services/opendaylight-api.yaml
+++ b/docker/services/opendaylight-api.yaml
@@ -61,15 +61,12 @@ outputs:
map_merge:
- get_attr: [OpenDaylightBase, role_data, config_settings]
step_config: &step_config
- list_join:
- - "\n"
- - - get_attr: [OpenDaylightBase, role_data, step_config]
- - "include tripleo::profile::base::neutron::opendaylight::create_cluster"
+ get_attr: [OpenDaylightBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: opendaylight
# 'file,concat,file_line,augeas' are included by default
- puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster
+ puppet_tags: odl_user
step_config: *step_config
config_image: {get_param: DockerOpendaylightConfigImage}
kolla_config:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 22c29b29..f12852f8 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -65,6 +65,17 @@ outputs:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
+ tripleo.mysql.firewall_rules:
+ '104 mysql galera-bundle':
+ dport:
+ - 873
+ - 3123
+ - 3306
+ - 4444
+ - 4567
+ - 4568
+ - 9200
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index df7ae7f4..75b6d650 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -61,7 +61,13 @@ outputs:
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
-
+ tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
+ tripleo.redis.firewall_rules:
+ '108 redis-bundle':
+ dport:
+ - 3124
+ - 6379
+ - 26379
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index dc56bcce..de53ceee 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -63,6 +63,14 @@ outputs:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
+ tripleo.rabbitmq.firewall_rules:
+ '109 rabbitmq-bundle':
+ dport:
+ - 3122
+ - 4369
+ - 5672
+ - 25672
step_config: &step_config
get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 04e58b4a..e879b25d 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -462,6 +462,7 @@ outputs:
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
+ - openstack-swift-object-expirer
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 061a4a70..df57ad6a 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -40,9 +40,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+ internal_tls_enabled: {get_param: EnableInternalTLS}
resources:
@@ -58,6 +62,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
@@ -137,6 +142,16 @@ outputs:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
zaqar_websocket:
@@ -162,3 +177,5 @@ outputs:
- name: Stop and disable zaqar service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [ZaqarBase, role_data, metadata_settings]