diff options
Diffstat (limited to 'puppet')
37 files changed, 224 insertions, 9 deletions
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index cb8d498c..9b900bc4 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -245,7 +245,9 @@ resources: for map_name in mappings: f_name = '/root/' + map_name map_data = os.getenv(map_name, "Nada") - with open(f_name, 'a') as f: + with os.fdopen(os.open(f_name, + os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644), + 'w') as f: f.write(map_data) if map_data is not "Nada": if map_name is not 'nexus_config': @@ -260,7 +262,9 @@ resources: for mac in vals[1:]: mac2host[mac.lower()] = vals[0] - with open('/root/mac2host', 'a') as f: + with os.fdopen(os.open('/root/mac2host', + os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644), + 'w') as f: f.write(str(mac2host)) # now we have mac to host, map host to switchport in hieradata diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 62c4b093..2401d764 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -86,6 +86,9 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-aodh-api is running" + shell: /usr/bin/systemctl show 'openstack-aodh-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop aodh_api service (running under httpd) tags: step2 service: name=httpd state=stopped diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index bd87bf86..56dbb558 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -41,6 +41,9 @@ outputs: step_config: | include tripleo::profile::base::aodh::evaluator upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-aodh-evaluator is running" + shell: /usr/bin/systemctl show 'openstack-aodh-evaluator' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop aodh_evaluator service tags: step2 service: name=openstack-aodh-evaluator state=stopped diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index 606131ee..76db0ca8 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -41,6 +41,9 @@ outputs: step_config: | include tripleo::profile::base::aodh::listener upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-aodh-listener is running" + shell: /usr/bin/systemctl show 'openstack-aodh-listener' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop aodh_listener service tags: step2 service: name=openstack-aodh-listener state=stopped diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 666e641f..30c67635 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -41,6 +41,9 @@ outputs: step_config: | include tripleo::profile::base::aodh::notifier upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-aodh-notifier is running" + shell: /usr/bin/systemctl show 'openstack-aodh-notifier' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop aodh_notifier service tags: step2 service: name=openstack-aodh-notifier state=stopped diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 97d6ff8e..4c21e02a 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -63,3 +63,7 @@ outputs: type: node for_each: $NETWORK: {get_attr: [ApacheNetworks, value]} + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service httpd is running" + shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + tags: step0,validation diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 82e0c5ff..74ddbde8 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -66,3 +66,7 @@ outputs: - "%{hiera('apache_remote_proxy_ips_network')}" metadata_settings: get_attr: [ApacheTLS, role_data, metadata_settings] + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service httpd is running" + shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' + tags: step0,validation diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml new file mode 100644 index 00000000..639631e1 --- /dev/null +++ b/puppet/services/auditd.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + AuditD configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AuditdRules: + description: Mapping of auditd rules + type: json + default: {} + +outputs: + role_data: + description: Role data for the auditd service + value: + service_name: auditd + config_settings: + auditd::rules: {get_param: AuditdRules} + step_config: | + include ::tripleo::profile::base::auditd diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 4e420750..186af1cc 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -146,3 +146,7 @@ outputs: get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix] metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" + shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 99982db9..cf8a8a8e 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -55,6 +55,9 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::central upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-central is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-central' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop ceilometer_agent_central service tags: step2 service: name=openstack-ceilometer-central state=stopped diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index d2d299be..00042914 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -49,6 +49,9 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::compute upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-compute is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-compute' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop ceilometer_agent_compute service tags: step2 service: name=openstack-ceilometer-compute state=stopped diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 4cd7c431..760acd65 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -50,6 +50,9 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::agent::notification upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-notification is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-notification' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop ceilometer_agent_notification service tags: step2 service: name=openstack-ceilometer-notification state=stopped diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index cd0c46e1..9ee07592 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -93,9 +93,9 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-api is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop ceilometer_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run ceilometer upgrade - tags: step5 - command: ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 5250c2c8..a219f9eb 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -60,6 +60,9 @@ outputs: step_config: | include ::tripleo::profile::base::ceilometer::collector upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-collector is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-collector' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop ceilometer_collector service tags: step2 service: name=openstack-ceilometer-collector state=stopped diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 714434b1..5341cfee 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -40,3 +40,7 @@ outputs: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::ceilometer::expirer + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-expirer is running" + shell: /usr/bin/systemctl show 'openstack-ceilometer-expirer' --property ActiveState | grep '\bactive\b' + tags: step0,validation diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 92536994..83339f2b 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -77,3 +77,14 @@ outputs: ceph::rgw::keystone::auth::tenant: service ceph::rgw::keystone::auth::user: swift ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + upgrade_tasks: + - name: Gather RGW instance ID + tags: step0 + shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway + register: rgw_id + - name: Check status + shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop RGW instance + tags: step1 + service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index e3c96325..bc5f080d 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -149,7 +149,7 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0: Check service openstack-cinder-api is running" + - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: check for cinder running under apache (post upgrade) diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 6a0b1f24..f102810e 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -52,6 +52,9 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::scheduler upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-cinder-scheduler is running" + shell: /usr/bin/systemctl show 'openstack-cinder-scheduler' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop cinder_scheduler service tags: step2 service: name=openstack-cinder-scheduler state=stopped diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 8834eaa5..dd1d3833 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -116,6 +116,9 @@ outputs: step_config: | include ::tripleo::profile::base::cinder::volume upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running" + shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop cinder_volume service tags: step2 service: name=openstack-cinder-volume state=stopped diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 09ea5d22..b49b29f7 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -138,6 +138,9 @@ outputs: service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running" + shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop glance_api service tags: step2 service: name=openstack-glance-api state=stopped diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index bb2ff581..2aea29fd 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -134,6 +134,9 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-api is running" + shell: /usr/bin/systemctl show 'openstack-gnocchi-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop gnocchi_api service (running under httpd) tags: step2 service: name=httpd state=stopped diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d92b1766..8fddae4b 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -69,7 +69,7 @@ outputs: - '/gnocchi' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' + gnocchi::db::sync::extra_opts: '--skip-storage' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index d888e2a4..1337b0cb 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -47,6 +47,9 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::metricd upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-metricd is running" + shell: /usr/bin/systemctl show 'openstack-gnocchi-metricd' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop gnocchi_metricd service tags: step2 service: name=openstack-gnocchi-metricd state=stopped diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index d5012cb9..41222a79 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -46,6 +46,9 @@ outputs: step_config: | include ::tripleo::profile::base::gnocchi::statsd upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-statsd is running" + shell: /usr/bin/systemctl show 'openstack-gnocchi-statsd' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop gnocchi_statsd service tags: step2 service: name=openstack-gnocchi-statsd state=stopped diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 981a08d2..358698dd 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -78,6 +78,9 @@ outputs: step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service haproxy is running" + shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop haproxy service tags: step1 service: name=haproxy state=stopped diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 28317dd3..7bd2fcf1 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -85,6 +85,9 @@ outputs: heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" + shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop heat_api_cfn service tags: step2 service: name=openstack-heat-api-cfn state=stopped diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 5de25ab8..0954ad19 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -67,6 +67,9 @@ outputs: step_config: | include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" + shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop heat_api_cloudwatch service tags: step2 service: name=openstack-heat-api-cloudwatch state=stopped diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 0ce8e1fa..ae656b1e 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -85,6 +85,9 @@ outputs: heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" + shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop heat_api service tags: step2 service: name=openstack-heat-api state=stopped diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 976d413c..3b73eb88 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -138,6 +138,9 @@ outputs: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" + shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop heat_engine service tags: step2 service: name=openstack-heat-engine state=stopped diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index cf444215..65fa0d8f 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -71,6 +71,9 @@ parameters: removed in Ocata. Future releases will enable L3 HA by default if it is appropriate for the deployment type. Alternate mechanisms will be available to override. + EnableInternalTLS: + type: boolean + default: false parameter_groups: - label: deprecated @@ -82,8 +85,19 @@ parameter_groups: parameters: - NeutronL3HA +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + resources: + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + NeutronBase: type: ./neutron-base.yaml properties: @@ -103,6 +117,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [TLSProxyBase, role_data, config_settings] - neutron::server::database_connection: list_join: - '' @@ -140,7 +155,23 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_bind_ip: + get_param: [ServiceNetMap, NeutronApiNetwork] + tripleo::profile::base::neutron::server::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_port: + get_param: [EndpointMap, NeutronInternal, port] + # Bind to localhost if internal TLS is enabled, since we put a TLS + # proxy in front. + neutron::bind_host: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NeutronApiNetwork]} tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server @@ -161,6 +192,9 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop neutron_api service tags: step2 service: name=neutron-server state=stopped diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index bb4742c9..062edaa4 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -80,6 +80,9 @@ outputs: step_config: | include tripleo::profile::base::neutron::dhcp upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop neutron_dhcp service tags: step2 service: name=neutron-dhcp-agent state=stopped diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 9d858441..69803551 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -80,6 +80,9 @@ outputs: step_config: | include tripleo::profile::base::neutron::l3 upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running" + shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop neutron_l3 service tags: step2 service: name=neutron-l3-agent state=stopped diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 43066767..199b5809 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -76,6 +76,9 @@ outputs: step_config: | include tripleo::profile::base::neutron::metadata upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop neutron_metadata service tags: step2 service: name=neutron-metadata-agent state=stopped diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index baeb0c66..c27bb909 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -121,6 +121,9 @@ outputs: step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" + shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' + tags: step0,validation - name: Stop neutron_ovs_agent service tags: step2 service: name=neutron-openvswitch-agent state=stopped diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 5c77e35d..e25bc495 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -18,6 +18,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HostCpusList: + description: List of cores to be used for host process + type: string + constraints: + - allowed_pattern: "'[0-9,-]+'" NeutronDpdkCoreList: description: List of cores to be used for DPDK Poll Mode Driver type: string @@ -68,7 +73,8 @@ outputs: - neutron::agents::ml2::ovs::enable_dpdk: true neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} - vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList} + vswitch::dpdk::host_core_list: {get_param: HostCpusList} + vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList} vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml new file mode 100644 index 00000000..41e144a0 --- /dev/null +++ b/puppet/services/sshd.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + Configure sshd_config + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + BannerText: + default: '' + description: Configures Banner text in sshd_config + type: string + +outputs: + role_data: + description: Role data for the ssh + value: + service_name: sshd + config_settings: + BannerText: {get_param: BannerText} + step_config: | + include ::tripleo::profile::base::sshd diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 62d227a2..31a4c178 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -57,6 +57,12 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string conditions: @@ -91,6 +97,7 @@ outputs: swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': |