diff options
Diffstat (limited to 'puppet/services')
44 files changed, 305 insertions, 89 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 9c2d8c5c..223c3ed0 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,8 +19,21 @@ environment to set per service parameters. Config Settings --------------- -Each service may define a config_settings output variable which returns -Hiera settings to be configured. +Each service may define three ways in which to output variables to configure Hiera +settings on the nodes. + + * config_settings: the hiera keys will be pushed on all roles of which the service + is a part of. + + * global_config_settings: the hiera keys will be distributed to all roles + + * service_config_settings: Takes an extra key to wire in values that are + defined for a service that need to be consumed by some other service. + For example: + service_config_settings: + haproxy: + foo: bar + This will set the hiera key 'foo' on all roles where haproxy is included. Deployment Steps ---------------- @@ -91,7 +104,9 @@ step, "step2" for the second, etc. 2) Stop all control-plane services, ready for upgrade - 3) Perform a package update, (either specific packages or the whole system) + 3) Perform a package update and install new packages: A general + upgrade is done, and only new package should go into service + ansible tasks. 4) Start services needed for migration tasks (e.g DB) diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index f5ca329e..c2c2d023 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,8 +69,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 239b6ca9..ffc4c83a 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -105,8 +105,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 5658e416..874c6893 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -93,8 +93,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ceilometer_backend: {get_param: CeilometerBackend} # we include db_sync class in puppet-tripleo ceilometer::db::sync_db: false diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 1ce58335..d589ef89 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -59,6 +59,14 @@ parameters: } default: {} type: json + CephValidationRetries: + type: number + default: 5 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 10 + description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string @@ -119,21 +127,32 @@ outputs: # rolling upgrade of all osd nodes in step1 - name: Check status tags: step0,validation - shell: ceph health | grep -qv HEALTH_ERR - # FIXME(shardy) I suspect we can use heat or ansible facts here instead? - - name: Get hostname + shell: ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + - name: Stop CephMon tags: step0 - shell: hostname -s - register: mon_id - - name: Stop Ceph Mon + service: + name: ceph-mon@{{ ansible_hostname }} + state: stopped + - name: Update Ceph packages tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped - - name: Update ceph packages + yum: + name: ceph-mon + state: latest + - name: Start CephMon tags: step0 - yum: name=ceph-mon state=latest - - name: Start ceph-mon service - tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} state=started + service: + name: ceph-mon@{{ ansible_hostname }} + state: started + # ceph-ansible + # https://github.com/ceph/ceph-ansible/blob/master/infrastructure-playbooks/rolling_update.yml#L149-L157 + - name: Wait for the monitor to join the quorum... + tags: step0,ceph_quorum_validation + shell: | + ceph -s | grep monmap | sed 's/.*quorum//' | egrep -sq {{ ansible_hostname }} + register: ceph_quorum_nodecheck + until: ceph_quorum_nodecheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} - name: ceph osd crush tunables default tags: step0 shell: ceph osd crush tunables default diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 9bd83aab..a97fa116 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -21,6 +21,24 @@ parameters: MonitoringSubscriptionCephOsd: default: 'overcloud-ceph-osd' type: string + CephValidationRetries: + type: number + default: 40 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 30 + description: Interval (in seconds) in between validation checks + IgnoreCephUpgradeWarnings: + type: boolean + default: false + description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - IgnoreCephUpgradeWarnings resources: CephBase: @@ -66,17 +84,37 @@ outputs: - name: ceph osd set noscrub tags: step1 command: ceph osd set noscrub - - name: Stop Ceph OSD + - name: Stop CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=stopped + service: + name: ceph-osd@{{ item }} + state: stopped with_items: "{{osd_ids.stdout.strip().split()}}" - - name: Update ceph OSD packages + - name: Update Ceph packages tags: step1 - yum: name=ceph-osd state=latest - - name: Start ceph-osd service + yum: + name: ceph-osd + state: latest + - name: Start CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=started + service: + name: ceph-osd@{{ item }} + state: started with_items: "{{osd_ids.stdout.strip().split()}}" + # with awk we are meant to check if $2 and $4 are *the same* but it returns 1 when + # they are, so the check is inverted to produce an useful exit code + - name: Wait for clean pgs... + tags: step1,ceph_pgs_clean_validation + vars: + ignore_warnings: {get_param: IgnoreCephUpgradeWarnings} + shell: | + ceph pg stat | awk '{exit($2!=$4)}' && ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + register: ceph_pgs_healthcheck + until: ceph_pgs_healthcheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} + when: + - not ignore_warnings - name: ceph osd unset noout tags: step1 command: ceph osd unset noout diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index d7014e54..c5b29c7e 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -87,4 +87,6 @@ outputs: tags: step0,validation - name: Stop RGW instance tags: step1 - service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped + service: + name: ceph-radosgw@{{rgw_id.stdout}} + state: stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 8c5a07ac..bde3e044 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -86,7 +86,8 @@ outputs: cinder::keystone::authtoken::project_name: 'service' cinder::api::enable_proxy_headers_parsing: true - cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + cinder::api::nova_catalog_info: 'compute:nova:internalURL' + cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL' # TODO(emilien) move it to puppet-cinder cinder::config: DEFAULT/swift_catalog_info: diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index a5d7fcf1..88e7edb7 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1b82f55c..6855a838 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/congress' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' congress::keystone::auth::tenant: 'service' congress::keystone::auth::password: {get_param: CongressPassword} congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} @@ -88,3 +87,11 @@ outputs: step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop congress service + tags: step2 + service: name=openstack-congress-server state=stopped diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml new file mode 100644 index 00000000..c8428e0a --- /dev/null +++ b/puppet/services/database/mysql-client.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + Mysql client settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base:database::mysql::client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + step_config: | + include ::tripleo::profile::base::database::mysql::client diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 002342b6..fefb3220 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -90,8 +90,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ec2_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - if: - nova_workers_zero @@ -116,3 +115,19 @@ outputs: ec2api::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Check if ec2-api is deployed + command: systemctl is-enabled openstack-ec2-api + tags: step0,validation + ignore_errors: True + register: ec2-api_enabled + - name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running" + shell: > + /usr/bin/systemctl show 'openstack-ec2-api' --property ActiveState | + grep '\bactive\b' + when: ec2-api_enabled.rc == 0 + tags: step0,validation + - name: Stop openstack-ec2-api service + tags: step1 + service: name=openstack-ec2-api state=stopped + diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c4f97d54..d26d96aa 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -91,8 +91,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 8fddae4b..c6310056 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' gnocchi::db::sync::extra_opts: '--skip-storage' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 7bd2fcf1..3ae4cc70 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cfn service tags: step2 diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 0954ad19..56183535 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -68,7 +68,7 @@ outputs: include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cloudwatch service tags: step2 diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ae656b1e..38c5b479 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api service tags: step2 diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index b4d314f4..e83a9edd 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -99,6 +99,10 @@ parameters: description: > Cron to purge db entries marked as deleted and older than $age - Log destination default: '/dev/null' + HeatMaxJsonBodySize: + default: 1048576 + description: Maximum raw byte size of the Heat API JSON request body. + type: number outputs: role_data: @@ -142,6 +146,7 @@ outputs: heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge} heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType} heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination} + heat::max_json_body_size: {get_param: HeatMaxJsonBodySize} service_config_settings: keystone: tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index e85b7537..7787d0a7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -111,8 +111,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: @@ -139,7 +138,7 @@ outputs: tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_engine service tags: step2 diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 2111021b..77983854 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -96,3 +96,19 @@ outputs: - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: step0,validation + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop Horizon (under httpd) + tags: step2 + service: name=httpd state=stopped diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index ad7ef6ea..d186b047 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,8 +60,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 29157959..fec455d1 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -31,6 +31,7 @@ outputs: config_settings: kernel_modules: nf_conntrack: {} + ip_conntrack_proto_sctp: {} sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b2374ec4..5ac8436a 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -193,8 +193,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} @@ -227,6 +226,7 @@ outputs: keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} + keystone::endpoint::version: '' keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::rabbit_heartbeat_timeout_threshold: 60 keystone::cron::token_flush::maxdelay: 3600 diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 2a9745a2..c183bc08 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 4d020498..e1030346 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,8 +65,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b3a07fb0..4d671e15 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -127,8 +127,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 06927fe0..1d6a2371 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -22,10 +22,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -35,6 +31,19 @@ parameters: tag: openstack.neutron.agent.l3-compute path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -56,7 +65,11 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::agent_mode : 'dvr' + - neutron::agents::l3::agent_mode : 'dvr' + - + if: + - external_network_bridge_empty + - {} + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 69803551..4fa49275 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -21,10 +21,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -43,6 +39,15 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + conditions: external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index ad1dcfb0..f948dd07 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index d18b5b48..f27b53f2 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -194,9 +194,6 @@ outputs: tags: step0,pre-upgrade when: is_bootstrap_node command: nova-manage db online_data_migrations - - name: update nova api - tags: step2 - yum: name=openstack-nova-api state=latest - name: Stop and disable nova_api service (pre-upgrade not under httpd) tags: step2 service: name=openstack-nova-api state=stopped enabled=no diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index d892c36d..ceacb0b2 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -150,6 +150,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::api_database_connection: list_join: - '' @@ -159,6 +160,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::placement_database_connection: list_join: - '' @@ -168,6 +170,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 7b086536..a19d0f8d 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -69,13 +69,10 @@ outputs: - name: Stop nova_conductor service tags: step2 service: name=openstack-nova-conductor state=stopped - - name: update nova conductor - tags: step2 - yum: name=openstack-nova-conductor state=latest # If not already set by puppet (e.g a pre-ocata version), set the # upgrade_level for compute to "auto" - name: Set compute upgrade level to auto - tags: step3 + tags: step2 ini_file: str_replace: template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 9389c801..3ae19a67 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -79,6 +79,10 @@ outputs: dport: - 8778 - 13778 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 0e0b9d1e..e08bf182 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -67,6 +67,3 @@ outputs: - name: Stop nova_scheduler service tags: step2 service: name=openstack-nova-scheduler state=stopped - - name: update nova scheduler - tags: step2 - yum: name=openstack-nova-scheduler state=latest diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 37ba1f73..909a3030 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -66,8 +66,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/octavia' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' octavia::keystone::authtoken::password: {get_param: OctaviaPassword} diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 0ed9d206..1e7aa479 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -17,6 +17,10 @@ parameters: type: string description: The password for the opendaylight server. hidden: true + OpenDaylightConnectionProtocol: + description: L7 protocol used for REST access + type: string + default: 'http' OpenDaylightEnableDHCP: description: Knob to enable/disable ODL DHCP Server type: boolean @@ -55,6 +59,7 @@ outputs: opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} + opendaylight::nb_connection_protocol: {get_param: OpenDayLightConnectionProtocol} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ca21cfbe..9398d6b5 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -143,5 +143,5 @@ outputs: pacemaker_cluster: state=online - name: Check pacemaker resource tags: step4 - pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500 with_items: {get_param: PacemakerResources} diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 4b74ad45..fc127a27 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -84,3 +84,9 @@ outputs: include tripleo::profile::base::panko::api metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + # The panko API isn't installed in newton images, so install + # it on upgrade + - name: Install openstack-panko-api packages on upgrade + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 2c2586af..998e64ee 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,8 +46,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index e2084186..224989be 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 987fe25b..176514ec 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -53,6 +53,3 @@ outputs: - name: Stop sahara_engine service tags: step2 service: name=openstack-sahara-engine state=stopped - - name: Sync sahara_engine DB - tags: step5 - command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 526fa888..c941b598 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -138,6 +138,7 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 5cf09a6d..6ceb9f19 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -64,8 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/tacker' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tacker::keystone::auth::tenant: 'service' tacker::keystone::auth::password: {get_param: TackerPassword} @@ -89,3 +88,10 @@ outputs: step_config: | include ::tripleo::profile::base::tacker + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running" + shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop tacker service + tags: step2 + service: name=openstack-tacker-server state=stopped diff --git a/puppet/services/vpp.yaml b/puppet/services/vpp.yaml new file mode 100644 index 00000000..59866d39 --- /dev/null +++ b/puppet/services/vpp.yaml @@ -0,0 +1,47 @@ +heat_template_version: ocata + +description: > + Vpp service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + VppCpuMainCore: + default: '' + description: VPP main thread core pinning. + type: string + VppCpuCorelistWorkers: + default: '' + description: List of cores for VPP worker thread pinning + type: string + MonitoringSubscriptionVpp: + default: 'overcloud-vpp' + type: string + +outputs: + role_data: + description: Role data for the Vpp role. + value: + service_name: vpp + monitoring_subscription: {get_param: MonitoringSubscriptionVpp} + config_settings: + fdio::vpp_cpu_main_core: {get_param: VppCpuMainCore} + fdio::vpp_cpu_corelist_workers: {get_param: VppCpuCorelistWorkers} + step_config: | + include ::tripleo::profile::base::vpp + upgrade_tasks: + - name: Stop vpp service + tags: step2 + service: name=vpp state=stopped |