diff options
Diffstat (limited to 'puppet/services')
93 files changed, 1156 insertions, 187 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 9c2d8c5c..f19b6cca 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,8 +19,21 @@ environment to set per service parameters. Config Settings --------------- -Each service may define a config_settings output variable which returns -Hiera settings to be configured. +Each service may define three ways in which to output variables to configure Hiera +settings on the nodes. + + * config_settings: the hiera keys will be pushed on all roles of which the service + is a part of. + + * global_config_settings: the hiera keys will be distributed to all roles + + * service_config_settings: Takes an extra key to wire in values that are + defined for a service that need to be consumed by some other service. + For example: + service_config_settings: + haproxy: + foo: bar + This will set the hiera key 'foo' on all roles where haproxy is included. Deployment Steps ---------------- @@ -87,11 +100,26 @@ step, "step2" for the second, etc. Steps/tages correlate to the following: - 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster - - 2) Stop all control-plane services, ready for upgrade - - 3) Perform a package update, (either specific packages or the whole system) + 1) Stop all control-plane services. + + 2) Quiesce the control-plane, e.g disable LoadBalancer, stop + pacemaker cluster: this will stop the following resource: + - ocata: + - galera + - rabbit + - redis + - haproxy + - vips + - cinder-volumes + - cinder-backup + - manilla-share + - rbd-mirror + + The exact order is controlled by the cluster constraints. + + 3) Perform a package update and install new packages: A general + upgrade is done, and only new package should go into service + ansible tasks. 4) Start services needed for migration tasks (e.g DB) diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 4bd9fc47..d7c87b61 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -87,5 +87,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop aodh_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index f5ca329e..c2c2d023 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,8 +69,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 56dbb558..b8be4a91 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::evaluator upgrade_tasks: + - name: Check if aodh_evaluator is deployed + command: systemctl is-enabled openstack-aodh-evaluator + tags: common + ignore_errors: True + register: aodh_evaluator_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-evaluator is running" shell: /usr/bin/systemctl show 'openstack-aodh-evaluator' --property ActiveState | grep '\bactive\b' + when: aodh_evaluator_enabled.rc == 0 tags: step0,validation - name: Stop aodh_evaluator service - tags: step2 + tags: step1 + when: aodh_evaluator_enabled.rc == 0 service: name=openstack-aodh-evaluator state=stopped diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index 76db0ca8..f5c9330d 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::listener upgrade_tasks: + - name: Check if aodh_listener is deployed + command: systemctl is-enabled openstack-aodh-listener + tags: common + ignore_errors: True + register: aodh_listener_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-listener is running" shell: /usr/bin/systemctl show 'openstack-aodh-listener' --property ActiveState | grep '\bactive\b' + when: aodh_listener_enabled.rc == 0 tags: step0,validation - name: Stop aodh_listener service - tags: step2 + tags: step1 + when: aodh_listener_enabled.rc == 0 service: name=openstack-aodh-listener state=stopped diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 30c67635..84c50dd6 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -41,9 +41,16 @@ outputs: step_config: | include tripleo::profile::base::aodh::notifier upgrade_tasks: + - name: Check if aodh_notifier is deployed + command: systemctl is-enabled openstack-aodh-notifier + tags: common + ignore_errors: True + register: aodh_notifier_enabled - name: "PreUpgrade step0,validation: Check service openstack-aodh-notifier is running" shell: /usr/bin/systemctl show 'openstack-aodh-notifier' --property ActiveState | grep '\bactive\b' + when: aodh_notifier_enabled.rc == 0 tags: step0,validation - name: Stop aodh_notifier service - tags: step2 + tags: step1 + when: aodh_notifier_enabled.rc == 0 service: name=openstack-aodh-notifier state=stopped diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 4c21e02a..4c94f440 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -64,6 +64,12 @@ outputs: for_each: $NETWORK: {get_attr: [ApacheNetworks, value]} upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled - name: "PreUpgrade step0,validation: Check service httpd is running" shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + when: httpd_enabled.rc == 0 tags: step0,validation diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 74ddbde8..2d950151 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -67,6 +67,12 @@ outputs: metadata_settings: get_attr: [ApacheTLS, role_data, metadata_settings] upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled - name: "PreUpgrade step0,validation: Check service httpd is running" shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + when: httpd_enabled.rc == 0 tags: step0,validation diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml index 639631e1..8085ac8b 100644 --- a/puppet/services/auditd.yaml +++ b/puppet/services/auditd.yaml @@ -32,3 +32,19 @@ outputs: auditd::rules: {get_param: AuditdRules} step_config: | include ::tripleo::profile::base::auditd + upgrade_tasks: + - name: Check if auditd is deployed + command: systemctl is-enabled auditd + tags: common + ignore_errors: True + register: auditd_enabled + - name: "PreUpgrade step0,validation: Check if auditd is running" + shell: > + /usr/bin/systemctl show 'auditd' --property ActiveState | + grep '\bactive\b' + when: auditd_enabled.rc == 0 + tags: step0,validation + - name: Stop auditd service + tags: step2 + when: auditd_enabled.rc == 0 + service: name=auditd state=stopped diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 239b6ca9..d8787c87 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -74,7 +74,7 @@ outputs: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - barbican::keystone::authtoken::password: {get_param: BarbicanPassword} - barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} barbican::keystone::authtoken::project_name: 'service' barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} @@ -105,8 +105,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' tripleo.barbican_api.firewall_rules: '117 barbican': dport: @@ -136,17 +135,27 @@ outputs: nova::compute::barbican_endpoint: get_param: [EndpointMap, BarbicanInternal, uri] nova::compute::barbican_auth_endpoint: - get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix] + get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] cinder_api: cinder::api::keymgr_api_class: > castellan.key_manager.barbican_key_manager.BarbicanKeyManager cinder::api::keymgr_encryption_api_url: get_param: [EndpointMap, BarbicanInternal, uri] cinder::api::keymgr_encryption_auth_url: - get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix] + get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: Check if barbican_api is deployed + command: systemctl is-enabled openstack-barbican-api + tags: common + ignore_errors: True + register: barbican_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' + when: barbican_api_enabled.rc == 0 tags: step0,validation + - name: Install openstack-barbican-api package if it was disabled + tags: step3 + yum: name=openstack-barbican-api state=latest + when: barbican_api_enabled.rc != 0 diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index cf8a8a8e..80823526 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -52,12 +52,20 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer_redis_password: {get_param: RedisPassword} + central_namespace: true step_config: | - include ::tripleo::profile::base::ceilometer::agent::central + include ::tripleo::profile::base::ceilometer::agent::polling upgrade_tasks: + - name: Check if ceilometer_agent_central is deployed + command: systemctl is-enabled openstack-ceilometer-central + tags: common + ignore_errors: True + register: ceilometer_agent_central_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-central is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-central' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_central_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_central service - tags: step2 + tags: step1 + when: ceilometer_agent_central_enabled.rc == 0 service: name=openstack-ceilometer-central state=stopped diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 00042914..546bcd98 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -46,12 +46,20 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + compute_namespace: true step_config: | - include ::tripleo::profile::base::ceilometer::agent::compute + include ::tripleo::profile::base::ceilometer::agent::polling upgrade_tasks: + - name: Check if ceilometer_agent_compute is deployed + command: systemctl is-enabled openstack-ceilometer-compute + tags: common + ignore_errors: True + register: ceilometer_agent_compute_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-compute is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-compute' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_compute_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_compute service - tags: step2 + tags: step1 + when: ceilometer_agent_compute_enabled.rc == 0 service: name=openstack-ceilometer-compute state=stopped diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 760acd65..4ee43f49 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -50,9 +50,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::notification upgrade_tasks: + - name: Check if ceilometer_agent_notification is deployed + command: systemctl is-enabled openstack-ceilometer-notification + tags: common + ignore_errors: True + register: ceilometer_agent_notification_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-notification is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-notification' --property ActiveState | grep '\bactive\b' + when: ceilometer_agent_notification_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_agent_notification service - tags: step2 + tags: step1 + when: ceilometer_agent_notification_enabled.rc == 0 service: name=openstack-ceilometer-notification state=stopped diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 741f8da1..f5ee9d40 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -94,5 +94,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop ceilometer_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 17588dc6..874c6893 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -93,10 +93,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ceilometer_backend: {get_param: CeilometerBackend} - ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo ceilometer::db::sync_db: false ceilometer::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index a219f9eb..b0ec971f 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -60,9 +60,16 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::collector upgrade_tasks: + - name: Check if ceilometer_collector is deployed + command: systemctl is-enabled openstack-ceilometer-collector + tags: common + ignore_errors: True + register: ceilometer_collector_enabled - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-collector is running" shell: /usr/bin/systemctl show 'openstack-ceilometer-collector' --property ActiveState | grep '\bactive\b' + when: ceilometer_collector_enabled.rc == 0 tags: step0,validation - name: Stop ceilometer_collector service - tags: step2 + tags: step1 + when: ceilometer_collector_enabled.rc == 0 service: name=openstack-ceilometer-collector state=stopped diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 1ce58335..d589ef89 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -59,6 +59,14 @@ parameters: } default: {} type: json + CephValidationRetries: + type: number + default: 5 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 10 + description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string @@ -119,21 +127,32 @@ outputs: # rolling upgrade of all osd nodes in step1 - name: Check status tags: step0,validation - shell: ceph health | grep -qv HEALTH_ERR - # FIXME(shardy) I suspect we can use heat or ansible facts here instead? - - name: Get hostname + shell: ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + - name: Stop CephMon tags: step0 - shell: hostname -s - register: mon_id - - name: Stop Ceph Mon + service: + name: ceph-mon@{{ ansible_hostname }} + state: stopped + - name: Update Ceph packages tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped - - name: Update ceph packages + yum: + name: ceph-mon + state: latest + - name: Start CephMon tags: step0 - yum: name=ceph-mon state=latest - - name: Start ceph-mon service - tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} state=started + service: + name: ceph-mon@{{ ansible_hostname }} + state: started + # ceph-ansible + # https://github.com/ceph/ceph-ansible/blob/master/infrastructure-playbooks/rolling_update.yml#L149-L157 + - name: Wait for the monitor to join the quorum... + tags: step0,ceph_quorum_validation + shell: | + ceph -s | grep monmap | sed 's/.*quorum//' | egrep -sq {{ ansible_hostname }} + register: ceph_quorum_nodecheck + until: ceph_quorum_nodecheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} - name: ceph osd crush tunables default tags: step0 shell: ceph osd crush tunables default diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 9bd83aab..a97fa116 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -21,6 +21,24 @@ parameters: MonitoringSubscriptionCephOsd: default: 'overcloud-ceph-osd' type: string + CephValidationRetries: + type: number + default: 40 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 30 + description: Interval (in seconds) in between validation checks + IgnoreCephUpgradeWarnings: + type: boolean + default: false + description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - IgnoreCephUpgradeWarnings resources: CephBase: @@ -66,17 +84,37 @@ outputs: - name: ceph osd set noscrub tags: step1 command: ceph osd set noscrub - - name: Stop Ceph OSD + - name: Stop CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=stopped + service: + name: ceph-osd@{{ item }} + state: stopped with_items: "{{osd_ids.stdout.strip().split()}}" - - name: Update ceph OSD packages + - name: Update Ceph packages tags: step1 - yum: name=ceph-osd state=latest - - name: Start ceph-osd service + yum: + name: ceph-osd + state: latest + - name: Start CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=started + service: + name: ceph-osd@{{ item }} + state: started with_items: "{{osd_ids.stdout.strip().split()}}" + # with awk we are meant to check if $2 and $4 are *the same* but it returns 1 when + # they are, so the check is inverted to produce an useful exit code + - name: Wait for clean pgs... + tags: step1,ceph_pgs_clean_validation + vars: + ignore_warnings: {get_param: IgnoreCephUpgradeWarnings} + shell: | + ceph pg stat | awk '{exit($2!=$4)}' && ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + register: ceph_pgs_healthcheck + until: ceph_pgs_healthcheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} + when: + - not ignore_warnings - name: ceph osd unset noout tags: step1 command: ceph osd unset noout diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index d7014e54..01531971 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -79,12 +79,21 @@ outputs: ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} upgrade_tasks: - name: Gather RGW instance ID - tags: step0 + tags: common shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway register: rgw_id + - name: Check if ceph_rgw is deployed + command: systemctl is-enabled ceph-radosgw@{{rgw_id.stdout}} + tags: common + ignore_errors: True + register: ceph_rgw_enabled - name: Check status shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b' + when: ceph_rgw_enabled.rc == 0 tags: step0,validation - name: Stop RGW instance tags: step1 - service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped + when: ceph_rgw_enabled.rc == 0 + service: + name: ceph-radosgw@{{rgw_id.stdout}} + state: stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 8c5a07ac..49a5f613 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -86,7 +86,8 @@ outputs: cinder::keystone::authtoken::project_name: 'service' cinder::api::enable_proxy_headers_parsing: true - cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + cinder::api::nova_catalog_info: 'compute:nova:internalURL' + cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL' # TODO(emilien) move it to puppet-cinder cinder::config: DEFAULT/swift_catalog_info: @@ -149,18 +150,25 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: Check if cinder_api is deployed + command: systemctl is-enabled openstack-cinder-api + tags: common + ignore_errors: True + register: cinder_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' + when: cinder_api_enabled.rc == 0 tags: step0,validation - name: check for cinder running under apache (post upgrade) - tags: step2 - shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder" + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" register: cinder_apache ignore_errors: true - name: Stop cinder_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped when: "cinder_apache.rc == 0" - name: Stop and disable cinder_api service (pre-upgrade not under httpd) - tags: step2 + tags: step1 + when: cinder_api_enabled.rc == 0 service: name=openstack-cinder-api state=stopped enabled=no diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index a5d7fcf1..88e7edb7 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index f102810e..f8361f6f 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -52,9 +52,16 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::scheduler upgrade_tasks: + - name: Check if cinder_scheduler is deployed + command: systemctl is-enabled openstack-cinder-scheduler + tags: common + ignore_errors: True + register: cinder_scheduler_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-scheduler is running" shell: /usr/bin/systemctl show 'openstack-cinder-scheduler' --property ActiveState | grep '\bactive\b' + when: cinder_scheduler_enabled.rc == 0 tags: step0,validation - name: Stop cinder_scheduler service - tags: step2 + tags: step1 + when: cinder_scheduler_enabled.rc == 0 service: name=openstack-cinder-scheduler state=stopped diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 3a06afb8..b52955ef 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -116,9 +116,16 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::volume upgrade_tasks: + - name: Check if cinder_volume is deployed + command: systemctl is-enabled openstack-cinder-volume + tags: common + ignore_errors: True + register: cinder_volume_enabled - name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running" shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b' + when: cinder_volume_enabled.rc == 0 tags: step0,validation - name: Stop cinder_volume service - tags: step2 + tags: step1 + when: cinder_volume_enabled.rc == 0 service: name=openstack-cinder-volume state=stopped diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1b82f55c..8bc9f2e3 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -64,11 +64,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/congress' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - congress::keystone::auth::tenant: 'service' - congress::keystone::auth::password: {get_param: CongressPassword} - congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' congress::debug: {get_param: Debug} congress::rpc_backend: rabbit congress::rabbit_userid: {get_param: RabbitUserName} @@ -77,6 +73,10 @@ outputs: congress::rabbit_port: {get_param: RabbitClientPort} congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + congress::keystone::authtoken::project_name: 'service' + congress::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + congress::db::mysql::password: {get_param: CongressPassword} congress::db::mysql::user: congress congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -85,6 +85,32 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + service_config_settings: + keystone: + congress::keystone::auth::tenant: 'service' + congress::keystone::auth::password: {get_param: CongressPassword} + congress::keystone::auth::public_url: {get_param: [EndpointMap, CongressPublic, uri]} + congress::keystone::auth::internal_url: {get_param: [EndpointMap, CongressInternal, uri]} + congress::keystone::auth::admin_url: {get_param: [EndpointMap, CongressAdmin, uri]} step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: Check if congress is deployed + command: systemctl is-enabled openstack-congress-server + tags: common + ignore_errors: True + register: congress_enabled + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + when: congress_enabled.rc == 0 + tags: step0,validation + - name: Stop congress service + tags: step1 + when: congress_enabled.rc == 0 + service: name=openstack-congress-server state=stopped + - name: Install openstack-congress package if it was disabled + tags: step3 + yum: name=openstack-congress state=latest + when: congress_enabled.rc != 0 diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml new file mode 100644 index 00000000..78456e28 --- /dev/null +++ b/puppet/services/database/mysql-client.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + Mysql client settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + step_config: | + include ::tripleo::profile::base::database::mysql::client diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8c4042d9..808f1353 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -34,6 +34,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + NovaPassword: + description: The password for the nova db account + type: string + hidden: true resources: @@ -94,6 +98,8 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + metadata_settings: + get_attr: [MySQLTLS, role_data, metadata_settings] upgrade_tasks: - name: Check for galera root password tags: step0 @@ -104,6 +110,15 @@ outputs: - name: Start service tags: step4 service: name=mariadb state=started - metadata_settings: - get_attr: [MySQLTLS, role_data, metadata_settings] - + - name: Setup cell_v2 (create cell0 database) + tags: step4 + mysql_db: + name: nova_cell0 + state: present + - name: Setup cell_v2 (grant access to the nova DB user) + tags: step4 + mysql_user: + str_replace: + template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present" + params: + PASSWORD: {get_param: NovaPassword} diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry.yaml index 4d22bddc..7bf4a1fd 100644 --- a/puppet/services/disabled/glance-registry.yaml +++ b/puppet/services/disabled/glance-registry.yaml @@ -26,5 +26,5 @@ outputs: service_name: glance_registry upgrade_tasks: - name: Stop and disable glance_registry service on upgrade - tags: step2 + tags: step1 service: name=openstack-glance-registry state=stopped enabled=no diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml new file mode 100644 index 00000000..e7da2383 --- /dev/null +++ b/puppet/services/docker.yaml @@ -0,0 +1,43 @@ +heat_template_version: ocata + +description: > + Configures docker on the host + +parameters: + DockerNamespace: + description: namespace + default: tripleoupstream + type: string + DockerNamespaceIsRegistry: + type: boolean + default: false + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +outputs: + role_data: + description: Role data for the docker service + value: + service_name: docker + config_settings: + tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} + tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + step_config: | + include ::tripleo::profile::base::docker + upgrade_tasks: + - name: Install docker packages on upgrade if missing + tags: step3 + yum: name=docker state=latest + diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 002342b6..10f6d311 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -72,13 +72,13 @@ outputs: ec2api::api::ec2api_listen: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} ec2api::metadata::metadata_listen: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} ec2api::db::database_connection: @@ -90,8 +90,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ec2_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - if: - nova_workers_zero @@ -116,3 +115,24 @@ outputs: ec2api::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Check if ec2-api is deployed + command: systemctl is-enabled openstack-ec2-api + tags: common + ignore_errors: True + register: ec2_api_enabled + - name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running" + shell: > + /usr/bin/systemctl show 'openstack-ec2-api' --property ActiveState | + grep '\bactive\b' + when: ec2_api_enabled.rc == 0 + tags: step0,validation + - name: Stop openstack-ec2-api service + tags: step1 + when: ec2_api_enabled.rc == 0 + service: name=openstack-ec2-api state=stopped + - name: Install openstack-ec2-api package if it was disabled + tags: step3 + yum: name=openstack-ec2-api state=latest + when: ec2_api_enabled.rc != 0 + diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index f96fa723..7cdd8451 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -36,7 +36,7 @@ outputs: etcd::etcd_name: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the local node IP @@ -56,3 +56,18 @@ outputs: - 2380 step_config: | include ::tripleo::profile::base::etcd + upgrade_tasks: + - name: Check if etcd is deployed + command: systemctl is-enabled etcd + tags: step0,validation + ignore_errors: True + register: etcd_enabled + - name: "PreUpgrade step0,validation: Check if etcd is running" + shell: > + /usr/bin/systemctl show 'etcd' --property ActiveState | + grep '\bactive\b' + when: etcd_enabled.rc == 0 + tags: step0,validation + - name: Stop etcd service + tags: step2 + service: name=etcd state=stopped diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c4f97d54..ce389dc1 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -91,8 +91,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } @@ -138,12 +137,26 @@ outputs: service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] upgrade_tasks: + - name: Check if glance_api is deployed + command: systemctl is-enabled openstack-glance-api + tags: common + ignore_errors: True + register: glance_api_enabled + #(TODO) Remove all glance-registry bits in Pike. + - name: Check if glance_registry is deployed + command: systemctl is-enabled openstack-glance-registry + tags: common + ignore_errors: True + register: glance_registry_enabled - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running" shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b' tags: step0,validation + when: glance_api_enabled.rc == 0 - name: Stop glance_api service - tags: step2 + tags: step1 + when: glance_api_enabled.rc == 0 service: name=openstack-glance-api state=stopped - name: Stop and disable glance registry (removed for Ocata) - tags: step2 + tags: step1 + when: glance_registry_enabled.rc == 0 service: name=openstack-glance-registry state=stopped enabled=no diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 22c0967e..08a939a6 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -129,5 +129,5 @@ outputs: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Stop gnocchi_api service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 8fddae4b..c6310056 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' gnocchi::db::sync::extra_opts: '--skip-storage' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 1337b0cb..9d76c2e7 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -47,9 +47,16 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::metricd upgrade_tasks: + - name: Check if gnocchi_metricd is deployed + command: systemctl is-enabled openstack-gnocchi-metricd + tags: common + ignore_errors: True + register: gnocchi_metricd_enabled - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-metricd is running" shell: /usr/bin/systemctl show 'openstack-gnocchi-metricd' --property ActiveState | grep '\bactive\b' + when: gnocchi_metricd_enabled.rc == 0 tags: step0,validation - name: Stop gnocchi_metricd service - tags: step2 + tags: step1 + when: gnocchi_metricd_enabled.rc == 0 service: name=openstack-gnocchi-metricd state=stopped diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 41222a79..bb8d3bce 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -46,9 +46,16 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::statsd upgrade_tasks: + - name: Check if gnocchi_statsd is deployed + command: systemctl is-enabled openstack-gnocchi-statsd + tags: common + ignore_errors: True + register: gnocchi_statsd_enabled - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-statsd is running" shell: /usr/bin/systemctl show 'openstack-gnocchi-statsd' --property ActiveState | grep '\bactive\b' + when: gnocchi_statsd_enabled.rc == 0 tags: step0,validation - name: Stop gnocchi_statsd service - tags: step2 + tags: step1 + when: gnocchi_statsd_enabled.rc == 0 service: name=openstack-gnocchi-statsd state=stopped diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 358698dd..bd5b9ef6 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -78,14 +78,22 @@ outputs: step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: + - name: Check if haproxy is deployed + command: systemctl is-enabled haproxy + tags: common + ignore_errors: True + register: haproxy_enabled - name: "PreUpgrade step0,validation: Check service haproxy is running" shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b' + when: haproxy_enabled.rc == 0 tags: step0,validation - name: Stop haproxy service - tags: step1 + tags: step2 + when: haproxy_enabled.rc == 0 service: name=haproxy state=stopped - name: Start haproxy service tags: step4 # Needed at step 4 for mysql + when: haproxy_enabled.rc == 0 service: name=haproxy state=started metadata_settings: yaql: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 7bd2fcf1..483f0a45 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -85,9 +85,16 @@ outputs: heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: Check if heat_api_cfn is deployed + command: systemctl is-enabled openstack-heat-api-cfn + tags: common + ignore_errors: True + register: heat_api_cfn_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + when: heat_api_cfn_enabled.rc == 0 tags: step0,validation - name: Stop heat_api_cfn service - tags: step2 + tags: step1 + when: heat_api_cfn_enabled.rc == 0 service: name=openstack-heat-api-cfn state=stopped diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 0954ad19..8879bcb2 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -67,9 +67,16 @@ outputs: step_config: | include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: + - name: Check if heat_api_cloudwatch is deployed + command: systemctl is-enabled openstack-heat-api-cloudwatch + tags: common + ignore_errors: True + register: heat_api_cloudwatch_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + when: heat_api_cloudwatch_enabled.rc == 0 tags: step0,validation - name: Stop heat_api_cloudwatch service - tags: step2 + tags: step1 + when: heat_api_cloudwatch_enabled.rc == 0 service: name=openstack-heat-api-cloudwatch state=stopped diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ae656b1e..2464011b 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -85,9 +85,16 @@ outputs: heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: Check is heat_api is deployed + command: systemctl is-enabled openstack-heat-api + tags: common + ignore_errors: True + register: heat_api_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + when: heat_api_enabled.rc == 0 tags: step0,validation - name: Stop heat_api service - tags: step2 + tags: step1 + when: heat_api_enabled.rc == 0 service: name=openstack-heat-api state=stopped diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index b4d314f4..e83a9edd 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -99,6 +99,10 @@ parameters: description: > Cron to purge db entries marked as deleted and older than $age - Log destination default: '/dev/null' + HeatMaxJsonBodySize: + default: 1048576 + description: Maximum raw byte size of the Heat API JSON request body. + type: number outputs: role_data: @@ -142,6 +146,7 @@ outputs: heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge} heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType} heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination} + heat::max_json_body_size: {get_param: HeatMaxJsonBodySize} service_config_settings: keystone: tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index e85b7537..a166f3a7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -111,8 +111,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: @@ -138,9 +137,16 @@ outputs: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: + - name: Check if heat_engine is deployed + command: systemctl is-enabled openstack-heat-engine + tags: common + ignore_errors: True + register: heat_engine_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + when: heat_engine_enabled.rc == 0 tags: step0,validation - name: Stop heat_engine service - tags: step2 + tags: step1 + when: heat_engine_enabled.rc == 0 service: name=openstack-heat-engine state=stopped diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 2111021b..60b009a8 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -96,3 +96,20 @@ outputs: - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop Horizon (under httpd) + tags: step1 + when: httpd_enabled.rc == 0 + service: name=httpd state=stopped diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index a84df538..7aab6f8d 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -88,5 +88,5 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop ironic_api service - tags: step2 + tags: step1 service: name=openstack-ironic-api state=stopped diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index ad7ef6ea..d186b047 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,8 +60,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 739db13c..f9547bef 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -109,5 +109,5 @@ outputs: include ::tripleo::profile::base::ironic::conductor upgrade_tasks: - name: Stop ironic_conductor service - tags: step2 + tags: step1 service: name=openstack-ironic-conductor state=stopped diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 29157959..fec455d1 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -31,6 +31,7 @@ outputs: config_settings: kernel_modules: nf_conntrack: {} + ip_conntrack_proto_sctp: {} sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b2374ec4..f9a15391 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -193,8 +193,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} @@ -227,12 +226,13 @@ outputs: keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} + keystone::endpoint::version: '' keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::rabbit_heartbeat_timeout_threshold: 60 keystone::cron::token_flush::maxdelay: 3600 keystone::roles::admin::service_tenant: 'service' keystone::roles::admin::admin_tenant: 'admin' - keystone::cron::token_flush::destination: '/dev/null' + keystone::cron::token_flush::destination: '/var/log/keystone/keystone-tokenflush.log' keystone::config::keystone_config: ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' @@ -308,7 +308,7 @@ outputs: # Ansible tasks to handle upgrade upgrade_tasks: - name: Stop keystone service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index 769ab68f..57595b82 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -62,3 +62,23 @@ outputs: get_attr: [LoggingConfiguration, LoggingSharedKey] step_config: | include ::tripleo::profile::base::logging::fluentd + upgrade_tasks: + - name: Check if fluentd_client is deployed + command: systemctl is-enabled fluentd + tags: common + ignore_errors: True + register: fluentd_client_enabled + - name: Check status of fluentd service + shell: > + /usr/bin/systemctl show fluentd --property ActiveState | + grep '\bactive\b' + when: fluentd_client_enabled.rc == 0 + tags: step0,validation + - name: Stop fluentd service + tags: step1 + when: fluentd_client_enabled.rc == 0 + service: name=fluentd state=stopped + - name: Install fluentd package if it was disabled + tags: step3 + yum: name=fluentd state=latest + when: fluentd_client_enabled.rc != 0 diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 2a9745a2..c183bc08 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,8 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index eba8a58b..146cc306 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -18,6 +18,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MemcachedMaxMemory: + default: '50%' + description: The maximum amount of memory for memcached to be configured + to use when installed. This can be either a percentage ('50%') + or a fixed value ('2048'). + type: string MonitoringSubscriptionMemcached: default: 'overcloud-memcached' type: string @@ -35,6 +41,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} + memcached::max_memory: {get_param: MemcachedMaxMemory} tripleo.memcached.firewall_rules: '121 memcached': dport: 11211 diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml index e4e7dac7..49b2d4c2 100644 --- a/puppet/services/metrics/collectd.yaml +++ b/puppet/services/metrics/collectd.yaml @@ -109,3 +109,23 @@ outputs: .flatten().distinct() step_config: | include ::tripleo::profile::base::metrics::collectd + upgrade_tasks: + - name: Check if collectd is deployed + command: systemctl is-enabled collectd + tags: common + ignore_errors: True + register: collectd_enabled + - name: Check status of collectd service + shell: > + /usr/bin/systemctl show collectd --property ActiveState | + grep '\bactive\b' + when: collectd_enabled.rc == 0 + tags: step0,validation + - name: Stop collectd service + tags: step1 + when: collectd_enabled.rc == 0 + service: name=collectd state=stopped + - name: Install collectd package if it was disabled + tags: step3 + yum: name=collectd state=latest + when: collectd_enabled.rc != 0 diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index daa1dc7c..1c7d6bd3 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -50,3 +50,22 @@ outputs: get_attr: [MistralBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::mistral::api + upgrade_tasks: + - name: Check if mistral api is deployed + command: systemctl is-enabled openstack-mistral-api + tags: common + ignore_errors: True + register: mistral_api_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-api is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-api' --property ActiveState | + grep '\bactive\b' + when: mistral_api_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_api service + tags: step1 + service: name=openstack-mistral-api state=stopped + - name: Install openstack-mistral-api package if it was disabled + tags: step3 + yum: name=openstack-mistral-api state=latest + when: mistral_api_enabled.rc != 0 diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 4d020498..e1030346 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,8 +65,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml index 4a92b863..03a2a55c 100644 --- a/puppet/services/mistral-engine.yaml +++ b/puppet/services/mistral-engine.yaml @@ -36,3 +36,22 @@ outputs: get_attr: [MistralBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::mistral::engine + upgrade_tasks: + - name: Check if mistral engine is deployed + command: systemctl is-enabled openstack-mistral-engine + tags: common + ignore_errors: True + register: mistral_engine_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-engine is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-engine' --property ActiveState | + grep '\bactive\b' + when: mistral_engine_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_engine service + tags: step1 + service: name=openstack-mistral-engine state=stopped + - name: Install openstack-mistral-engine package if it was disabled + tags: step3 + yum: name=openstack-mistral-engine state=latest + when: mistral_engine_enabled.rc != 0 diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml index 6e273b92..0f6adb07 100644 --- a/puppet/services/mistral-executor.yaml +++ b/puppet/services/mistral-executor.yaml @@ -36,3 +36,22 @@ outputs: get_attr: [MistralBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::mistral::executor + upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation + - name: Stop mistral_executor service + tags: step1 + service: name=openstack-mistral-executor state=stopped + - name: Install openstack-mistral-executor package if it was disabled + tags: step3 + yum: name=openstack-mistral-executor state=latest + when: mistral_executor_enabled.rc != 0 diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index 76ba59c1..aba2b1ed 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -62,3 +62,23 @@ outputs: region: {get_param: KeystoneRegion} step_config: | include ::tripleo::profile::base::monitoring::sensu + upgrade_tasks: + - name: Check if sensu_client is deployed + command: systemctl is-enabled sensu-client + tags: common + ignore_errors: True + register: sensu_client_enabled + - name: Check status of sensu-client service + shell: > + /usr/bin/systemctl show sensu-client --property ActiveState | + grep '\bactive\b' + when: sensu_client_enabled.rc == 0 + tags: step0,validation + - name: Stop sensu-client service + tags: step1 + when: sensu_client_enabled.rc == 0 + service: name=sensu-client state=stopped + - name: Install sensu package if it was disabled + tags: step3 + yum: name=sensu state=latest + when: sensu_client.rc != 0 diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 48e53f4c..bb191ff0 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -127,8 +127,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -136,8 +135,6 @@ outputs: neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} - - neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' @@ -192,9 +189,16 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled - name: "PreUpgrade step0,validation: Check service neutron-server is running" shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 tags: step0,validation - name: Stop neutron_api service - tags: step2 + tags: step1 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 43657bd9..55361939 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -24,7 +24,7 @@ parameters: type: number NeutronDhcpAgentsPerNetwork: type: number - default: 3 + default: 0 description: The number of neutron dhcp agents to schedule per network NeutronCorePlugin: default: 'ml2' @@ -72,24 +72,31 @@ parameters: via parameter_defaults in the resource registry. type: json +conditions: + dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} + outputs: role_data: description: Role data for the Neutron base service. value: service_name: neutron_base config_settings: - neutron::rabbit_password: {get_param: RabbitPassword} - neutron::rabbit_user: {get_param: RabbitUserName} - neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - neutron::rabbit_port: {get_param: RabbitClientPort} - neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} - neutron::core_plugin: {get_param: NeutronCorePlugin} - neutron::service_plugins: {get_param: NeutronServicePlugins} - neutron::debug: {get_param: Debug} - neutron::purge_config: {get_param: EnableConfigPurge} - neutron::allow_overlapping_ips: true - neutron::rabbit_heartbeat_timeout_threshold: 60 - neutron::host: '%{::fqdn}' - neutron::db::database_db_max_retries: -1 - neutron::db::database_max_retries: -1 - neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + map_merge: + - neutron::rabbit_password: {get_param: RabbitPassword} + neutron::rabbit_user: {get_param: RabbitUserName} + neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + neutron::rabbit_port: {get_param: RabbitClientPort} + neutron::core_plugin: {get_param: NeutronCorePlugin} + neutron::service_plugins: {get_param: NeutronServicePlugins} + neutron::debug: {get_param: Debug} + neutron::purge_config: {get_param: EnableConfigPurge} + neutron::allow_overlapping_ips: true + neutron::rabbit_heartbeat_timeout_threshold: 60 + neutron::host: '%{::fqdn}' + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 + neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + - if: + - dhcp_agents_zero + - {} + - tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index ce28b5c3..e3a4da99 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -18,9 +18,6 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json - OVNDbHost: - description: IP address on which the OVN DB servers are listening - type: string OVNSouthboundServerPort: description: Port of the Southbound DB Server type: number @@ -29,6 +26,16 @@ parameters: description: Tunnel encapsulation type type: string default: geneve + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name + type: comma_delimited_list + default: "datacentre:br-ex" outputs: @@ -37,9 +44,16 @@ outputs: value: service_name: neutron_compute_plugin_ovn config_settings: - tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost} ovn::southbound::port: {get_param: OVNSouthboundServerPort} - ovn::southbound::encap_type: {get_param: OVNTunnelEncapType} + ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} + tripleo.neutron_compute_plugin_ovn.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '119 neutron geneve networks': + proto: 'udp' + dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 062edaa4..fe7f9f31 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -80,9 +80,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::dhcp upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_dhcp service - tags: step2 + tags: step1 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 06927fe0..1d6a2371 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -22,10 +22,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -35,6 +31,19 @@ parameters: tag: openstack.neutron.agent.l3-compute path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -56,7 +65,11 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::agent_mode : 'dvr' + - neutron::agents::l3::agent_mode : 'dvr' + - + if: + - external_network_bridge_empty + - {} + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 69803551..cd9870bd 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -21,10 +21,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -43,6 +39,15 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + conditions: external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} @@ -80,9 +85,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::l3 upgrade_tasks: + - name: Check if neutron_l3_agent is deployed + command: systemctl is-enabled neutron-l3-agent + tags: common + ignore_errors: True + register: neutron_l3_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running" shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b' + when: neutron_l3_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_l3 service - tags: step2 + tags: step1 + when: neutron_l3_agent_enabled.rc == 0 service: name=neutron-l3-agent state=stopped diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 6f5debdd..32ef567c 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -76,9 +76,16 @@ outputs: step_config: | include tripleo::profile::base::neutron::metadata upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_metadata service - tags: step2 + tags: step1 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index c27bb909..01471ba2 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -121,9 +121,16 @@ outputs: step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: + - name: Check if neutron_ovs_agent is deployed + command: systemctl is-enabled neutron-openvswitch-agent + tags: common + ignore_errors: True + register: neutron_ovs_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' + when: neutron_ovs_agent_enabled.rc == 0 tags: step0,validation - name: Stop neutron_ovs_agent service - tags: step2 + tags: step1 + when: neutron_ovs_agent_enabled.rc == 0 service: name=neutron-openvswitch-agent state=stopped diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index 59346edc..4d4c3900 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -18,10 +18,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number - default: 60 + default: 180 OVNVifType: description: Type of VIF to be used for ports type: string @@ -43,6 +47,10 @@ parameters: description: OVN notification driver for Neutron QOS service plugin type: string default: NULL + NeutronGeneveMaxHeaderSize: + description: Geneve encapsulation header size + type: number + default: 38 resources: @@ -61,10 +69,12 @@ outputs: config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} - neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} - neutron::plugins::ovn::ovn_l3_mode: true - neutron::plugins::ovn::vif_type: {get_param: OVNVifType} + - ovn::southbound::port: {get_param: OVNSouthboundServerPort} + neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} + neutron::plugins::ml2::ovn::ovn_l3_mode: true + neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType} neutron::server::qos_notification_drivers: {get_param: OVNQosDriver} + neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index ad1dcfb0..f948dd07 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,8 +100,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 18c790e6..f27b53f2 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -58,6 +58,10 @@ parameters: default: 'public' description: Default pool for floating IP addresses type: string + NovaDbSyncTimeout: + default: 300 + description: Timeout for Nova db sync + type: number conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -178,3 +182,83 @@ outputs: # https://bugs.launchpad.net/nova/+bug/1661360 # metadata_settings: # get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell0 + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell_and_hosts + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 26d05cc9..ceacb0b2 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -121,7 +121,6 @@ parameters: Endpoint interface to be used for the placement API. default: 'internal' - conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} @@ -151,6 +150,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::api_database_connection: list_join: - '' @@ -160,6 +160,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::placement_database_connection: list_join: - '' @@ -169,6 +170,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7484da2..d208bede 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -75,6 +75,10 @@ parameters: default: tag: openstack.nova.compute path: /var/log/nova/nova-compute.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto resources: NovaBase: @@ -146,3 +150,19 @@ outputs: tripleo.collectd.plugins.nova_compute: - virt collectd::plugins::virt::connection: "qemu:///system" + upgrade_tasks: + - name: Stop nova-compute service + tags: step1 + service: name=openstack-nova-compute state=stopped + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step3 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} + - name: Start nova-compute service + tags: step6 + service: name=openstack-nova-compute state=started diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index b96bf6e6..4574cae8 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -30,6 +30,10 @@ parameters: default: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -61,3 +65,16 @@ outputs: - nova::conductor::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::conductor + upgrade_tasks: + - name: Stop nova_conductor service + tags: step1 + service: name=openstack-nova-conductor state=stopped + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step1 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 79969ded..82f329bc 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -48,3 +48,7 @@ outputs: get_attr: [NovaBase, role_data, config_settings] step_config: | include tripleo::profile::base::nova::consoleauth + upgrade_tasks: + - name: Stop nova_consoleauth service + tags: step1 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5564c1b3..b59e2fc6 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -79,6 +79,10 @@ outputs: dport: - 8778 - 13778 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP @@ -120,5 +124,10 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop nova_placement service (running under httpd) - tags: step2 + tags: step1 service: name=httpd state=stopped + # The nova placement API isn't installed in newton images, so install + # it on upgrade + - name: Install nova-placement packages on upgrade + tags: step3 + yum: name=openstack-nova-placement-api state=latest diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 353a75ac..e4b6bb43 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -63,3 +63,7 @@ outputs: nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | include tripleo::profile::base::nova::scheduler + upgrade_tasks: + - name: Stop nova_scheduler service + tags: step1 + service: name=openstack-nova-scheduler state=stopped diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index bf244943..42335ade 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -64,3 +64,7 @@ outputs: - 13080 step_config: | include tripleo::profile::base::nova::vncproxy + upgrade_tasks: + - name: Stop nova_vnc_proxy service + tags: step1 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 37ba1f73..909a3030 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -66,8 +66,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/octavia' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' octavia::keystone::authtoken::password: {get_param: OctaviaPassword} diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 0ed9d206..ceb56a81 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -17,6 +17,10 @@ parameters: type: string description: The password for the opendaylight server. hidden: true + OpenDaylightConnectionProtocol: + description: L7 protocol used for REST access + type: string + default: 'http' OpenDaylightEnableDHCP: description: Knob to enable/disable ODL DHCP Server type: boolean @@ -55,6 +59,7 @@ outputs: opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} + opendaylight::nb_connection_protocol: {get_param: OpenDayLightConnectionProtocol} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: @@ -63,3 +68,26 @@ outputs: - 6653 step_config: | include tripleo::profile::base::neutron::opendaylight + upgrade_tasks: + - name: Check if opendaylight is deployed + command: systemctl is-enabled opendaylight + tags: common + ignore_errors: True + register: opendaylight_enabled + - name: "PreUpgrade step0,validation: Check service opendaylight is running" + shell: /usr/bin/systemctl show 'opendaylight' --property ActiveState | grep '\bactive\b' + when: opendaylight_enabled.rc == 0 + tags: step0,validation + - name: Stop opendaylight service + tags: step1 + when: opendaylight_enabled.rc == 0 + service: name=opendaylight state=stopped + - name: Removes ODL snapshots, data, journal directories + file: + state: absent + path: /opt/opendaylight/{{item}} + tags: step2 + with_items: + - snapshots + - data + - journal diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index cfec3c48..3db0848e 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -73,3 +73,17 @@ outputs: proto: 'gre' step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight + upgrade_tasks: + - name: Check if openvswitch is deployed + command: systemctl is-enabled openvswitch + tags: common + ignore_errors: True + register: openvswitch_enabled + - name: "PreUpgrade step0,validation: Check service openvswitch is running" + shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b' + when: openvswitch_enabled.rc == 0 + tags: step0,validation + - name: Stop openvswitch service + tags: step1 + when: openvswitch_enabled.rc == 0 + service: name=openvswitch state=stopped diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ca21cfbe..5be58c18 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -136,12 +136,12 @@ outputs: tags: step0,validation pacemaker_cluster: state=online check_and_fail=true - name: Stop pacemaker cluster - tags: step1 + tags: step2 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - name: Check pacemaker resource tags: step4 - pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500 with_items: {get_param: PacemakerResources} diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 03c2c83f..b018df35 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -39,3 +39,32 @@ outputs: - rabbitmq::service_manage: false step_config: | include ::tripleo::profile::pacemaker::rabbitmq + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} + - name: get rabbitmq policy + tags: common + shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\"" + register: rabbit_ha_mode + when: is_bootstrap_node + ignore_errors: true + - name: set migrate_rabbit_ha_mode fact + tags: common + set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}} + when: is_bootstrap_node + - name: Fixup for rabbitmq ha-queues LP#1668600 + tags: step0,pre-upgrade + shell: | + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + when: is_bootstrap_node and migrate_rabbit_ha_mode diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 4b74ad45..eed98257 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -84,3 +84,22 @@ outputs: include tripleo::profile::base::panko::api metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop panko-api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: httpd_enabled.rc == 0 + - name: Install openstack-panko-api package if it was not installed + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 2c2586af..998e64ee 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,8 +46,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 8573ea81..96b3d6e3 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -92,5 +92,5 @@ outputs: - "%{hiera('mysql_bind_host')}" upgrade_tasks: - name: Stop sahara_api service - tags: step2 + tags: step1 service: name=openstack-sahara-api state=stopped diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index e2084186..d5131f61 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,19 +64,20 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + # Remove admin_password when https://review.openstack.org/442619 is merged. sahara::admin_password: {get_param: SaharaPassword} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: {get_param: SaharaPlugins} sahara::rpc_backend: rabbit - sahara::admin_tenant_name: 'service' sahara::db::database_db_max_retries: -1 sahara::db::database_max_retries: -1 + sahara::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + sahara::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + sahara::keystone::authtoken::password: {get_param: SaharaPassword} + sahara::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 987fe25b..c0b6b3e6 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -51,8 +51,5 @@ outputs: include ::tripleo::profile::base::sahara::engine upgrade_tasks: - name: Stop sahara_engine service - tags: step2 + tags: step1 service: name=openstack-sahara-engine state=stopped - - name: Sync sahara_engine DB - tags: step5 - command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 80da5352..a2286d16 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -52,11 +52,7 @@ outputs: description: Combined Role data for this set of services. value: service_names: - # Filter any null/None service_names which may be present due to mapping - # of services to OS::Heat::None - yaql: - expression: list($.data.s_names.where($ != null)) - data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} + {get_attr: [ServiceChain, role_data, service_name]} monitoring_subscriptions: yaql: expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) @@ -112,7 +108,7 @@ outputs: yaql: expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} - step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + step_config: {get_attr: [ServiceChain, role_data, step_config]} upgrade_tasks: yaql: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index fd6ed818..80c29f95 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -45,5 +45,5 @@ outputs: include ::tripleo::profile::base::snmp upgrade_tasks: - name: Stop snmp service - tags: step2 + tags: step1 service: name=snmpd state=stopped diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml index 41e144a0..12998c33 100644 --- a/puppet/services/sshd.yaml +++ b/puppet/services/sshd.yaml @@ -29,6 +29,6 @@ outputs: value: service_name: sshd config_settings: - BannerText: {get_param: BannerText} + tripleo::profile::base::sshd::bannertext: {get_param: BannerText} step_config: | include ::tripleo::profile::base::sshd diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 526fa888..0c3cc1ec 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -31,9 +31,9 @@ parameters: description: Timeout for requests going from swift-proxy to swift a/c/o services. type: number SwiftWorkers: - default: 0 + default: auto description: Number of workers for Swift service. - type: number + type: string KeystoneRegion: type: string default: 'regionOne' @@ -138,6 +138,7 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples @@ -166,5 +167,5 @@ outputs: - ResellerAdmin upgrade_tasks: - name: Stop swift_proxy service - tags: step2 + tags: step1 service: name=openstack-swift-proxy state=stopped diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 247b23ff..261aadeb 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -103,7 +103,7 @@ outputs: include ::tripleo::profile::base::swift::storage upgrade_tasks: - name: Stop swift storage services - tags: step2 + tags: step1 service: name={{ item }} state=stopped with_items: - openstack-swift-account-auditor diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 5cf09a6d..6f92066e 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -64,12 +64,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/tacker' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' - tacker::keystone::auth::tenant: 'service' - tacker::keystone::auth::password: {get_param: TackerPassword} - tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} tacker::debug: {get_param: Debug} tacker::rpc_backend: rabbit tacker::rabbit_userid: {get_param: RabbitUserName} @@ -78,6 +74,10 @@ outputs: tacker::rabbit_port: {get_param: RabbitClientPort} tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} + tacker::keystone::authtoken::project_name: 'service' + tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + tacker::db::mysql::password: {get_param: TackerPassword} tacker::db::mysql::user: tacker tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -86,6 +86,31 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + service_config_settings: + keystone: + tacker::keystone::auth::tenant: 'service' + tacker::keystone::auth::password: {get_param: TackerPassword} + tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]} + tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]} + tacker::keystone::auth::admin_url: {get_param: [EndpointMap, TackerAdmin, uri]} step_config: | include ::tripleo::profile::base::tacker + upgrade_tasks: + - name: Check if tacker is deployed + command: systemctl is-enabled openstack-tacker-server + tags: common + ignore_errors: True + register: tacker_enabled + - name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running" + shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b' + when: tacker_enabled.rc == 0 + tags: step0,validation + - name: Stop tacker service + tags: step1 + when: tacker_enabled.rc == 0 + service: name=openstack-tacker-server state=stopped + - name: Install openstack-tacker package if it was disabled + tags: step3 + yum: name=openstack-tacker state=latest + when: tacker_enabled.rc != 0 diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 88ab90cb..b14d7bcc 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -22,8 +22,10 @@ parameters: via parameter_defaults in the resource registry. type: json NtpServer: - default: [] - description: NTP servers + default: ['pool.ntp.org'] + description: NTP servers list. Defaulted to pool.ntp.org in order to + have a sane default for Pacemaker deployments when + not configuring this parameter by default. type: comma_delimited_list outputs: diff --git a/puppet/services/vpp.yaml b/puppet/services/vpp.yaml new file mode 100644 index 00000000..7c8f8a28 --- /dev/null +++ b/puppet/services/vpp.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + Vpp service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + VppCpuMainCore: + default: '' + description: VPP main thread core pinning. + type: string + VppCpuCorelistWorkers: + default: '' + description: List of cores for VPP worker thread pinning + type: string + MonitoringSubscriptionVpp: + default: 'overcloud-vpp' + type: string + +outputs: + role_data: + description: Role data for the Vpp role. + value: + service_name: vpp + monitoring_subscription: {get_param: MonitoringSubscriptionVpp} + config_settings: + fdio::vpp_cpu_main_core: {get_param: VppCpuMainCore} + fdio::vpp_cpu_corelist_workers: {get_param: VppCpuCorelistWorkers} + step_config: | + include ::tripleo::profile::base::vpp + upgrade_tasks: + - name: Check if vpp is deployed + command: systemctl is-enabled vpp + tags: common + ignore_errors: True + register: vpp_enabled + - name: "PreUpgrade step0,validation: Check service vpp is running" + shell: /usr/bin/systemctl show 'vpp' --property ActiveState | grep '\bactive\b' + when: vpp_enabled.rc == 0 + tags: step0,validation + - name: Stop vpp service + tags: step1 + when: vpp_enabled.rc == 0 + service: name=vpp state=stopped diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index cb860fa8..a320f694 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -64,3 +64,23 @@ outputs: step_config: | include ::tripleo::profile::base::zaqar + upgrade_tasks: + - name: Check if zaqar is deployed + command: systemctl is-enabled openstack-zaqar + tags: common + ignore_errors: True + register: zaqar_enabled + - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" + shell: > + /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | + grep '\bactive\b' + when: zaqar_enabled.rc == 0 + tags: step0,validation + - name: Stop zaqar service + tags: step1 + when: zaqar_enabled.rc == 0 + service: name=openstack-zaqar state=stopped + - name: Install openstack-zaqar package if it was disabled + tags: step3 + yum: name=openstack-zaqar state=latest + when: zaqar_enabled.rc != 0 |