diff options
Diffstat (limited to 'puppet/major_upgrade_steps.j2.yaml')
-rw-r--r-- | puppet/major_upgrade_steps.j2.yaml | 213 |
1 files changed, 152 insertions, 61 deletions
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index eae85991..3362a01f 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -1,4 +1,7 @@ -{% set upgrade_steps_max = 8 -%} +{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%} +{% set batch_upgrade_steps_max = 3 -%} +{% set upgrade_steps_max = 6 -%} +{% set deliver_script = {'deliver': False} -%} heat_template_version: ocata description: 'Upgrade steps for all roles' @@ -15,57 +18,120 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true conditions: # Conditions to disable any steps where the task list is empty -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - UpgradeBatchConfig_Step{{step}}Enabled: +{%- for role in roles %} + {{role.name}}UpgradeBatchConfigEnabled: not: equals: - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} - [] - UpgradeConfig_Step{{step}}Enabled: + {{role.name}}UpgradeConfigEnabled: not: equals: - {get_param: [role_data, {{role.name}}, upgrade_tasks]} - [] - {% endfor %} -{% endfor %} +{%- endfor %} resources: +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "set -eu\n\n" + - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" + - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" + - " crudini --set /etc/nova/nova.conf placement username placement\n\n" + - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" + - " systemctl restart openstack-nova-compute\n\n" + - "fi\n\n" + - str_replace: + template: | + crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' + crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME' + crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' + ROLE='ROLE_NAME' + params: + SERVICE_PASSWORD: { get_param: NovaPassword } + REGION_NAME: { get_param: KeystoneRegion } + AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ROLE_NAME: {{role.name}} + - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh + - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh + + {{role.name}}DeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} +{% endfor %} + # Upgrade Steps for all roles, batched updates -# FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - # Step {{step}} resources +# The UpgradeConfig resources could actually be created without +# serialization, but the event output is easier to follow if we +# do, and there should be minimal performance hit (creating the +# config is cheap compared to the time to apply the deployment). +{% for step in range(0, batch_upgrade_steps_max) %} + # Batch config resources step {{step}} + {%- for role in roles %} {{role.name}}UpgradeBatchConfig_Step{{step}}: type: OS::TripleO::UpgradeConfig - condition: UpgradeBatchConfig_Step{{step}}Enabled - # The UpgradeConfig resources could actually be created without - # serialization, but the event output is easier to follow if we - # do, and there should be minimal performance hit (creating the - # config is cheap compared to the time to apply the deployment). - {% if step > 0 %} + {%- if step > 0 %} + condition: {{role.name}}UpgradeBatchConfigEnabled + {% if role.name in enabled_roles %} + depends_on: + - {{role.name}}UpgradeBatch_Step{{step -1}} + {%- endif %} + {% else %} + {% for role in roles if role.disable_upgrade_deployment|default(false) %} + {% if deliver_script.update({'deliver': True}) %} {% endif %} + {% endfor %} + {% if deliver_script.deliver %} depends_on: - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} + {% endif %} + {% for dep in roles if dep.disable_upgrade_deployment|default(false) %} + - {{dep.name}}DeliverUpgradeScriptDeployment {% endfor %} {% endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} step: {{step}} + {%- endfor %} + # Batch deployment resources for step {{step}} (only for enabled roles) + {%- for role in enabled_roles %} {{role.name}}UpgradeBatch_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - condition: UpgradeBatchConfig_Step{{step}}Enabled - {% if step > 0 %} + type: OS::Heat::SoftwareDeploymentGroup + condition: {{role.name}}UpgradeBatchConfigEnabled + {%- if step > 0 %} depends_on: - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} - {% endfor %} - {% endif %} + - {{role.name}}UpgradeBatch_Step{{step -1}} + {% else %} + depends_on: + - {{role.name}}UpgradeBatchConfig_Step{{step}} + {%- endif %} update_policy: batch_create: max_batch_size: {{role.upgrade_batch_size|default(1)}} @@ -78,52 +144,66 @@ resources: input_values: role: {{role.name}} update_identifier: {get_param: UpdateIdentifier} - {% endfor %} + {%- endfor %} +{%- endfor %} + +# Dump the puppet manifests to be apply later when disable_upgrade_deployment +# is to true +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT + PUPPET_CLASSES + ENDOFCAT + params: + PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]} + + {{role.name}}DeliverPuppetDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverPuppetConfig} {% endfor %} # Upgrade Steps for all roles -# FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - # Step {{step}} resources +{%- for step in range(0, upgrade_steps_max) %} + # Config resources for step {{step}} + {%- for role in roles %} {{role.name}}UpgradeConfig_Step{{step}}: type: OS::TripleO::UpgradeConfig - condition: UpgradeConfig_Step{{step}}Enabled # The UpgradeConfig resources could actually be created without # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). + {%- if step > 0 %} + condition: {{role.name}}UpgradeConfigEnabled + {% if role.name in enabled_roles %} depends_on: - {% if step > 0 %} - {% for dep in roles %} - {% if not dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}Upgrade_Step{{step -1}} - {% endif %} - {% endfor %} - {% else %} - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}} - {% endfor %} - {% endif %} + - {{role.name}}Upgrade_Step{{step -1}} + {% endif %} + {%- endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} step: {{step}} - {% if not role.disable_upgrade_deployment|default(false) %} + {%- endfor %} + + # Deployment resources for step {{step}} (only for enabled roles) + {%- for role in enabled_roles %} {{role.name}}Upgrade_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - condition: UpgradeConfig_Step{{step}}Enabled + type: OS::Heat::SoftwareDeploymentGroup + {%- if step > 0 %} + condition: {{role.name}}UpgradeConfigEnabled depends_on: - {% if step > 0 %} - {% for dep in roles %} - {% if not dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}Upgrade_Step{{step -1}} - {% endif %} - {% endfor %} - {% else %} - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}} - {% endfor %} - {% endif %} + - {{role.name}}Upgrade_Step{{step -1}} + {%- endif %} properties: name: {{role.name}}Upgrade_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -131,9 +211,21 @@ resources: input_values: role: {{role.name}} update_identifier: {get_param: UpdateIdentifier} - {% endif %} - {% endfor %} -{% endfor %} + {%- endfor %} +{%- endfor %} + + # Post upgrade deployment steps for all roles + # This runs the normal configuration (e.g puppet) steps unless upgrade + # is disabled for the role + AllNodesPostUpgradeSteps: + type: OS::TripleO::PostUpgradeSteps + depends_on: +{%- for dep in enabled_roles %} + - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}} +{%- endfor %} + properties: + servers: {get_param: servers} + role_data: {get_param: role_data} outputs: # Output the config for each role, just use Step1 as the config should be @@ -144,4 +236,3 @@ outputs: {% for role in roles %} {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} {% endfor %} - |