9 files changed, 108 insertions, 3 deletions

diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 6e4e9c1d..34cb350b 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -49,6 +49,28 @@ are re-asserted when applying latter ones.
 
    5) Service activation (Pacemaker)
 
+Batch Upgrade Steps
+-------------------
+
+Each service template may optionally define a `upgrade_batch_tasks` key, which
+is a list of ansible tasks to be performed during the upgrade process.
+
+Similar to the step_config, we allow a series of steps for the per-service
+upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
+step, "step2" for the second, etc. Note that each step is performed in batches,
+then we move on to the next step which is also performed in batches (we don't
+perform all steps on one node, then move on to the next one which means you
+can sequence rolling upgrades of dependent services via the step value).
+
+The tasks performed at each step is service specific, but note that all batch
+upgrade steps are performed before the `upgrade_tasks` described below.  This
+means that all services that support rolling upgrades can be upgraded without
+downtime during `upgrade_batch_tasks`, then any remaining services are stopped
+and upgraded during `upgrade_tasks`
+
+The default batch size is 1, but this can be overridden for each role via the
+`upgrade_batch_size` option in roles_data.yaml
+
 Upgrade Steps
 -------------
 
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 1f220e6b..4e420750 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -136,13 +136,13 @@ outputs:
           nova::compute::barbican_endpoint:
             get_param: [EndpointMap, BarbicanInternal, uri]
           nova::compute::barbican_auth_endpoint:
-            get_param: [EndpointMap, KeystoneV3Internal, uri]
+            get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
         cinder_api:
           cinder::api::keymgr_api_class: >
             castellan.key_manager.barbican_key_manager.BarbicanKeyManager
           cinder::api::keymgr_encryption_api_url:
             get_param: [EndpointMap, BarbicanInternal, uri]
           cinder::api::keymgr_encryption_auth_url:
-            get_param: [EndpointMap, KeystoneV3Internal, uri]
+            get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 68ad69b7..0c61305d 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -113,3 +113,24 @@ outputs:
         get_attr: [CephBase, role_data, service_config_settings]
       step_config: |
         include ::tripleo::profile::base::ceph::mon
+      upgrade_batch_tasks:
+        # Note we perform these tasks in list order, but they are all step0 so
+        # we can perform a rolling upgrade of all mon nodes in step0, then a
+        # rolling upgrade of all osd nodes in step1
+        # FIXME(shardy) I suspect we can use heat or ansible facts here instead?
+        - name: Get hostname
+          tags: step0
+          shell: hostname -s
+          register: mon_id
+        - name: Stop Ceph Mon
+          tags: step0
+          service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped
+        - name: Update ceph packages
+          tags: step0
+          yum: name=ceph-mon,ceph state=latest
+        - name: Start ceph-mon service
+          tags: step0
+          service: name=ceph-mon@{{mon_id.stdout}} state=started
+        - name: ceph osd crush tunables default
+          tags: step0
+          shell: ceph osd crush tunables default
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index df0ee6c3..e9ed6c29 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -45,3 +45,44 @@ outputs:
                   - '6800-7300'
       step_config: |
         include ::tripleo::profile::base::ceph::osd
+      upgrade_batch_tasks:
+        - name: Get OSD IDs
+          tags: step1
+          shell: ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }'
+          register: osd_ids
+          # "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb
+        - name: ceph osd set noout
+          tags: step1
+          command: ceph osd set noout
+        - name: ceph osd set norebalance
+          tags: step1
+          command: ceph osd set norebalance
+        - name: ceph osd set nodeep-scrub
+          tags: step1
+          command: ceph osd set nodeep-scrub
+        - name: ceph osd set noscrub
+          tags: step1
+          command: ceph osd set noscrub
+        - name: Stop Ceph OSD
+          tags: step1
+          service: name=ceph-osd@$item state=stopped
+          with_items: "{{osd_ids.stdout.strip().split()}}"
+        - name: Update ceph OSD packages
+          tags: step1
+          yum: name=ceph-osd state=latest
+        - name: Start ceph-osd service
+          tags: step1
+          service: name=ceph-osd@$item state=started
+          with_items: "{{osd_ids.stdout.strip().split()}}"
+        - name: ceph osd unset noout
+          tags: step1
+          command: ceph osd unset noout
+        - name: ceph osd unset norebalance
+          tags: step1
+          command: ceph osd unset norebalance
+        - name: ceph osd unset nodeep-scrub
+          tags: step1
+          command: ceph osd unset nodeep-scrub
+        - name: ceph osd unset noscrub
+          tags: step1
+          command: ceph osd unset noscrub
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index e5f9a8e7..27700606 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -22,7 +22,7 @@ parameters:
     default: 'overcloud-gnocchi-metricd'
     type: string
   GnocchiMetricdWorkers:
-    default: ''
+    default: '%{::os_workers}'
     description: Number of workers for Gnocchi MetricD
     type: string
 
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index aebb37b2..ff91eb63 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -81,3 +81,7 @@ outputs:
           ironic::db::mysql::allowed_hosts:
             - '%'
             - "%{hiera('mysql_bind_host')}"
+      upgrade_tasks:
+        - name: Stop ironic_api service
+          tags: step2
+          service: name=openstack-ironic-api state=stopped
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 194afec7..a10c03a5 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -98,3 +98,10 @@ outputs:
 
       step_config: |
         include ::tripleo::profile::base::ironic::conductor
+      upgrade_tasks:
+        - name: Stop ironic_conductor service
+          tags: step2
+          service: name=openstack-ironic-conductor state=stopped
+        - name: Sync ironic_conductor DB
+          tags: step5
+          command: ironic-dbsync
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 5e7de18e..bb4742c9 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -39,6 +39,10 @@ parameters:
     default:
       tag: openstack.neutron.agent.dhcp
       path: /var/log/neutron/dhcp-agent.log
+  NeutronDhcpAgentDnsmasqDnsServers:
+    default: []
+    description: List of servers to use as dnsmasq forwarders
+    type: comma_delimited_list
 
 resources:
 
@@ -64,6 +68,7 @@ outputs:
           - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
             neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
             neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
+            neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
             tripleo.neutron_dhcp.firewall_rules:
               '115 neutron dhcp input':
                 proto: 'udp'
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 90268c78..80da5352 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -118,4 +118,9 @@ outputs:
           # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
           expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
           data: {get_attr: [ServiceChain, role_data]}
+      upgrade_batch_tasks:
+        yaql:
+          # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+          expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
+          data: {get_attr: [ServiceChain, role_data]}
       service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}