diff options
Diffstat (limited to 'puppet')
46 files changed, 693 insertions, 4229 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 24aa1525..3044fe39 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -76,7 +76,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -92,7 +92,7 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml deleted file mode 100644 index de7b6b49..00000000 --- a/puppet/blockstorage-role.yaml +++ /dev/null @@ -1,704 +0,0 @@ -heat_template_version: pike -description: 'OpenStack cinder storage configured by Puppet' -parameters: - BlockStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that BlockStorageExtraConfig takes precedence over ExtraConfig. - type: json - BlockStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - BlockStorageIPs: - default: {} - type: json - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - default: baremetal - constraints: - - custom_constraint: nova.flavor - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - BlockStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - BlockStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - BlockStorage: - type: OS::TripleO::BlockStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: - {get_param: BlockStorageImage} - flavor: {get_param: OvercloudBlockStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: BlockStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: BlockStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::BlockStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::BlockStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::BlockStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::BlockStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::BlockStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::BlockStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - IPPool: {get_param: BlockStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::BlockStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::BlockStorage::PreNetworkConfig - properties: - server: {get_resource: BlockStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: BlockStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - BlockStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - BlockStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: BlockStorageUpgradeInitDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: BlockStorageUpgradeInitDeployment - properties: - name: BlockStorageDeployment - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Map heat metadata into hiera datafiles - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: {get_param: BlockStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - volume: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: BlockStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: BlockStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: BlockStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - config: {get_resource: UpdateConfig} - server: {get_resource: BlockStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: BlockStorageDeployment - properties: - server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [BlockStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [BlockStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [BlockStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the block storage server - value: - {get_resource: BlockStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [BlockStorage, os_collect_config]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml deleted file mode 100644 index ce44fd68..00000000 --- a/puppet/cephstorage-role.yaml +++ /dev/null @@ -1,718 +0,0 @@ -heat_template_version: pike -description: 'OpenStack ceph storage node configured by Puppet' -parameters: - OvercloudCephStorageFlavor: - description: Flavor for the Ceph Storage node. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - CephStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - CephStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - CephStorage: - type: OS::TripleO::CephStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: CephStorageImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudCephStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: CephStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: CephStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::CephStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::CephStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::CephStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::CephStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::CephStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - IPPool: {get_param: CephStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::CephStorage::PreNetworkConfig - properties: - server: {get_resource: CephStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - CephStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - CephStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: CephStorageUpgradeInitDeployment - server: {get_resource: CephStorage} - config: {get_resource: CephStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: CephStorageUpgradeInitDeployment - properties: - name: CephStorageDeployment - config: {get_resource: CephStorageConfig} - server: {get_resource: CephStorage} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: {get_param: CephStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - ceph: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: CephStorageDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - CephStorageExtraConfigPre: - depends_on: CephStorageDeployment - type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: CephStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: CephStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: CephStorageDeployment - properties: - server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [CephStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [CephStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [CephStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the ceph storage server - value: - {get_resource: CephStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml deleted file mode 100644 index af45793e..00000000 --- a/puppet/compute-role.yaml +++ /dev/null @@ -1,744 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack hypervisor node configured via Puppet. - -parameters: - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that NovaComputeExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudComputeFlavor: - description: Flavor for the nova compute node - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - NovaImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - NodeIndex: - type: number - default: 0 - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeIPs: - default: {} - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - NovaComputeServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - NovaComputeSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - -resources: - - NovaCompute: - type: OS::TripleO::ComputeServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: NovaImage} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: OvercloudComputeFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: NovaComputeServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: NovaComputeSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Compute::NodeUserData - - ExternalPort: - type: OS::TripleO::Compute::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::Compute::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::Compute::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::Compute::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::Compute::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::Compute::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - IPPool: {get_param: NovaComputeIPs} - NodeIndex: {get_param: NodeIndex} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Compute::PreNetworkConfig - properties: - server: {get_resource: NovaCompute} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Compute::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - config: {get_resource: NetworkConfig} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - NovaComputeUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - NovaComputeUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: NovaComputeUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: NovaCompute} - config: {get_resource: NovaComputeUpgradeInitConfig} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: {get_param: NovaComputeExtraConfig} - extraconfig: {get_param: ExtraConfig} - compute: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: NovaComputeUpgradeInitDeployment - properties: - name: NovaComputeDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NovaComputeDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ComputeExtraConfigPre: - depends_on: NovaComputeDeployment - type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ComputeExtraConfigPre, NodeTLSCAData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: NovaCompute} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: NovaCompute} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: NovaComputeDeployment - properties: - server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [NovaCompute, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} - condition: server_not_blacklisted - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [NovaCompute, os_collect_config]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml deleted file mode 100644 index 38589a4e..00000000 --- a/puppet/controller-role.yaml +++ /dev/null @@ -1,782 +0,0 @@ -heat_template_version: pike - -description: > - OpenStack controller node configured by Puppet. - -parameters: - controllerExtraConfig: - default: {} - description: | - Deprecated. Use ControllerExtraConfig via parameter_defaults instead. - type: json - ControllerExtraConfig: - default: {} - description: | - Controller specific hiera configuration data to inject into the cluster. - type: json - ControllerIPs: - default: {} - description: > - A network mapped list of IPs to assign to Controllers in the following form: - { - "internal_api": ["a.b.c.d", "e.f.g.h"], - ... - } - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional hieradata to inject into the cluster, note that - ControllerExtraConfig takes precedence over ExtraConfig. - type: json - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - controllerImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: Which interface to add to the NeutronPhysicalBridge. - type: string - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - NodeIndex: - type: number - default: 0 - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - ControllerServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ControllerSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - Controller: - type: OS::TripleO::ControllerServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: controllerImage} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: OvercloudControlFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: ControllerServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ControllerSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::Controller::NodeUserData - - ExternalPort: - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - InternalApiPort: - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Controller::Ports::StoragePort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Controller::Ports::TenantPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - ManagementPort: - type: OS::TripleO::Controller::Ports::ManagementPort - properties: - IPPool: {get_param: ControllerIPs} - NodeIndex: {get_param: NodeIndex} - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::Controller::PreNetworkConfig - properties: - server: {get_resource: Controller} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkConfig: - type: OS::TripleO::Controller::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: Controller} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: NetworkDeployment - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: Controller} - - # Resource for site-specific passing of private keys/certificates - NodeTLSData: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeTLSData - properties: - server: {get_resource: Controller} - NodeIndex: {get_param: NodeIndex} - - ControllerUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - ControllerUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: ControllerUpgradeInitDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - server: {get_resource: Controller} - config: {get_resource: ControllerUpgradeInitConfig} - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: ControllerUpgradeInitDeployment - properties: - name: ControllerDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - - # Map heat metadata into hiera datafiles - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: {get_param: ExtraConfig} - controller: - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ControllerExtraConfigPre: - depends_on: ControllerDeployment - type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: [ControllerExtraConfigPre, NodeTLSData] - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: Controller} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: UpdateDeployment - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - config: {get_resource: UpdateConfig} - server: {get_resource: Controller} - input_values: - update_identifier: - get_param: UpdateIdentifier - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: ControllerDeployment - properties: - server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [Controller, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [Controller, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [Controller, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - condition: server_not_blacklisted - tls_key_modulus_md5: - description: MD5 checksum of the TLS Key Modulus - value: {get_attr: [NodeTLSData, key_modulus_md5]} - tls_cert_modulus_md5: - description: MD5 checksum of the TLS Certificate Modulus - value: {get_attr: [NodeTLSData, cert_modulus_md5]} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [Controller, os_collect_config]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 8cba4351..e81b1142 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -7,6 +7,7 @@ description: > parameters: # Can be overridden via parameter_defaults in the environment SSLCertificate: + default: '' description: > The content of the SSL certificate (without Key) in PEM format. type: string diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml deleted file mode 100644 index 11113eec..00000000 --- a/puppet/major_upgrade_steps.j2.yaml +++ /dev/null @@ -1,225 +0,0 @@ -{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% set batch_upgrade_steps_max = 3 -%} -{% set upgrade_steps_max = 6 -%} -{% set deliver_script = {'deliver': False} -%} -heat_template_version: pike -description: 'Upgrade steps for all roles' - -parameters: - servers: - type: json - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - ctlplane_service_ips: - type: json - UpdateIdentifier: - type: string - default: '' - description: > - Setting to a previously unused value during stack-update will trigger - the Upgrade resources to re-run on all roles. - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - NovaPassword: - description: The password for the nova service and db account - type: string - hidden: true - -resources: - -{% for role in roles if role.disable_upgrade_deployment|default(false) %} - {{role.name}}DeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "set -eu\n\n" - - str_replace: - template: | - ROLE='ROLE_NAME' - params: - ROLE_NAME: {{role.name}} - - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh - - get_file: ../extraconfig/tasks/run_puppet.sh - - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh - - {{role.name}}DeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} -{% endfor %} - -# Upgrade Steps for all roles, batched updates -# The UpgradeConfig resources could actually be created without -# serialization, but the event output is easier to follow if we -# do, and there should be minimal performance hit (creating the -# config is cheap compared to the time to apply the deployment). -{% for step in range(0, batch_upgrade_steps_max) %} - # Batch config resources step {{step}} - {%- for role in roles %} - {{role.name}}UpgradeBatchConfig_Step{{step}}: - type: OS::TripleO::UpgradeConfig - {%- if step > 0 %} - depends_on: - {%- for role_inside in enabled_roles %} - - {{role_inside.name}}UpgradeBatch_Step{{step -1}} - {%- endfor %} - {% else %} - {% for role in roles if role.disable_upgrade_deployment|default(false) %} - {% if deliver_script.update({'deliver': True}) %} {% endif %} - {% endfor %} - {% if deliver_script.deliver %} - depends_on: - {% for dep in roles if dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}DeliverUpgradeScriptDeployment - {% endfor %} - {% endif %} - {% endif %} - properties: - UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} - step: {{step}} - {%- endfor %} - - # Batch deployment resources for step {{step}} (only for enabled roles) - {%- for role in enabled_roles %} - {{role.name}}UpgradeBatch_Step{{step}}: - type: OS::Heat::SoftwareDeploymentGroup - {%- if step > 0 %} - depends_on: - {%- for role_inside in enabled_roles %} - - {{role_inside.name}}UpgradeBatch_Step{{step -1}} - {%- endfor %} - {% else %} - {% for role in roles if role.disable_upgrade_deployment|default(false) %} - {% if deliver_script.update({'deliver': True}) %} {% endif %} - {% endfor %} - {% if deliver_script.deliver %} - depends_on: - {% for dep in roles if dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}DeliverUpgradeScriptDeployment - {% endfor %} - {% endif %} - {% endif %} - update_policy: - batch_create: - max_batch_size: {{role.upgrade_batch_size|default(1)}} - rolling_update: - max_batch_size: {{role.upgrade_batch_size|default(1)}} - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}} - input_values: - role: {{role.name}} - update_identifier: {get_param: UpdateIdentifier} - {%- endfor %} -{%- endfor %} - -# Dump the puppet manifests to be apply later when disable_upgrade_deployment -# is to true -{% for role in roles if role.disable_upgrade_deployment|default(false) %} - {{role.name}}DeliverPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT - PUPPET_CLASSES - ENDOFCAT - params: - PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]} - - {{role.name}}DeliverPuppetDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}DeliverPuppetConfig} -{% endfor %} - -# Upgrade Steps for all roles -{%- for step in range(0, upgrade_steps_max) %} - # Config resources for step {{step}} - {%- for role in roles %} - {{role.name}}UpgradeConfig_Step{{step}}: - type: OS::TripleO::UpgradeConfig - # The UpgradeConfig resources could actually be created without - # serialization, but the event output is easier to follow if we - # do, and there should be minimal performance hit (creating the - # config is cheap compared to the time to apply the deployment). - depends_on: - {%- for role_inside in enabled_roles %} - {%- if step > 0 %} - - {{role_inside.name}}Upgrade_Step{{step -1}} - {%- else %} - - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}} - {%- endif %} - {%- endfor %} - properties: - UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} - step: {{step}} - {%- endfor %} - - # Deployment resources for step {{step}} (only for enabled roles) - {%- for role in enabled_roles %} - {{role.name}}Upgrade_Step{{step}}: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: - {%- for role_inside in enabled_roles %} - {%- if step > 0 %} - - {{role_inside.name}}Upgrade_Step{{step -1}} - {%- else %} - - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}} - {%- endif %} - {%- endfor %} - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}} - input_values: - role: {{role.name}} - update_identifier: {get_param: UpdateIdentifier} - {%- endfor %} -{%- endfor %} - - # Post upgrade deployment steps for all roles - # This runs the normal configuration (e.g puppet) steps unless upgrade - # is disabled for the role - AllNodesPostUpgradeSteps: - type: OS::TripleO::PostUpgradeSteps - depends_on: -{%- for dep in enabled_roles %} - - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}} -{%- endfor %} - properties: - servers: {get_param: servers} - stack_name: {get_param: stack_name} - role_data: {get_param: role_data} - ctlplane_service_ips: {get_param: ctlplane_service_ips} - -outputs: - # Output the config for each role, just use Step1 as the config should be - # the same for all steps (only the tag provided differs) - upgrade_configs: - description: The per-role upgrade configuration used - value: -{% for role in roles %} - {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} -{% endfor %} diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml deleted file mode 100644 index 10e56450..00000000 --- a/puppet/objectstorage-role.yaml +++ /dev/null @@ -1,703 +0,0 @@ -heat_template_version: pike -description: 'OpenStack swift storage node configured by Puppet' -parameters: - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-full - type: string - constraints: - - custom_constraint: glance.image - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Hostname: - type: string - default: '' # Defaults to Heat created hostname - HostnameMap: - type: json - default: {} - description: Optional mapping to override hostnames - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that ObjectStorageExtraConfig takes precedence over ExtraConfig. - type: json - ObjectStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - SwiftStorageIPs: - default: {} - type: json - NetworkDeploymentActions: - type: comma_delimited_list - description: > - Heat action when to apply network configuration changes - default: ['CREATE'] - SoftwareConfigTransport: - default: POLL_SERVER_CFN - description: | - How the server should receive the metadata required for software configuration. - type: string - constraints: - - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This must match the - overcloud_domain_name configured on the undercloud. - SwiftStorageServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This option is - role-specific and is merged with the values given to the ServerMetadata - parameter. - type: json - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. This applies to - all roles and is merged with a role-specific metadata parameter. - type: json - ObjectStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NodeIndex: - type: number - default: 0 - ServiceConfigSettings: - type: json - default: {} - ServiceNames: - type: comma_delimited_list - default: [] - MonitoringSubscriptions: - type: comma_delimited_list - default: [] - ServiceMetadataSettings: - type: json - default: {} - ConfigCommand: - type: string - description: Command which will be run whenever configuration data changes - default: os-refresh-config --timeout 14400 - ConfigCollectSplay: - type: number - default: 30 - description: | - Maximum amount of time to possibly to delay configuation collection - polling. Defaults to 30 seconds. Set to 0 to disable it which will cause - the configuration collection to occur as soon as the collection process - starts. This setting is used to prevent the configuration collection - processes from polling all at the exact same time. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeInitCommonCommand: - type: string - description: | - Common commands required by the upgrades process. This should not - normally be modified by the operator and is set and unset in the - major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml - environment files. - default: '' - DeploymentServerBlacklistDict: - default: {} - type: json - description: > - Map of server hostnames to blacklist from any triggered - deployments. If the value is 1, the server will be blacklisted. This - parameter is generated from the parent template. - RoleParameters: - type: json - description: Parameters specific to the role - default: {} - DeploymentSwiftDataMap: - type: json - description: | - Map of servers to Swift container and object for storing deployment data. - The keys are the Heat assigned hostnames, and the value is a map of the - container/object name in Swift. Example value: - overcloud-controller-0: - container: overcloud-controller - object: 0 - overcloud-controller-1: - container: overcloud-controller - object: 1 - overcloud-controller-2: - container: overcloud-controller - object: 2 - overcloud-novacompute-0: - container: overcloud-compute - object: 0 - default: {} - -conditions: - server_not_blacklisted: - not: - equals: - - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - - 1 - deployment_swift_data_map_unset: - equals: - - get_param: - - DeploymentSwiftDataMap - - {get_param: Hostname} - - "" - -resources: - - SwiftStorage: - type: OS::TripleO::ObjectStorageServer - metadata: - os-collect-config: - command: {get_param: ConfigCommand} - splay: {get_param: ConfigCollectSplay} - properties: - image: {get_param: SwiftStorageImage} - flavor: {get_param: OvercloudSwiftStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: - str_replace: - template: {get_param: Hostname} - params: {get_param: HostnameMap} - software_config_transport: {get_param: SoftwareConfigTransport} - metadata: - map_merge: - - {get_param: ServerMetadata} - - {get_param: SwiftStorageServerMetadata} - - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: ObjectStorageSchedulerHints} - deployment_swift_data: - if: - - deployment_swift_data_map_unset - - {} - - {get_param: [DeploymentSwiftDataMap, - {get_param: Hostname}]} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - config: {get_resource: RoleUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - # For optional operator role-specific userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - RoleUserData: - type: OS::TripleO::ObjectStorage::NodeUserData - - ExternalPort: - type: OS::TripleO::SwiftStorage::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::SwiftStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::SwiftStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - TenantPort: - type: OS::TripleO::SwiftStorage::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::SwiftStorage::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - IPPool: {get_param: SwiftStorageIPs} - NodeIndex: {get_param: NodeIndex} - - NetworkConfig: - type: OS::TripleO::ObjectStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetHostMap: - type: OS::Heat::Value - properties: - type: json - value: - external: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - internal_api: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - storage: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - storage_mgmt: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - tenant: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - management: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - ctlplane: - fqdn: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} - short: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - PreNetworkConfig: - type: OS::TripleO::ObjectStorage::PreNetworkConfig - properties: - server: {get_resource: SwiftStorage} - RoleParameters: {get_param: RoleParameters} - ServiceNames: {get_param: ServiceNames} - deployment_actions: {get_attr: [DeploymentActions, value]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: PreNetworkConfig - properties: - name: NetworkDeployment - config: {get_resource: NetworkConfig} - server: {get_resource: SwiftStorage} - actions: - if: - - server_not_blacklisted - - {get_param: NetworkDeploymentActions} - - [] - - - SwiftStorageUpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - get_param: UpgradeInitCommonCommand - - # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty - # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - SwiftStorageUpgradeInitDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - name: SwiftStorageUpgradeInitDeployment - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageUpgradeInitConfig} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SwiftStorageHieraConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - config_step - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: {get_param: ObjectStorageExtraConfig} - extraconfig: {get_param: ExtraConfig} - object: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} - fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} - fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - - SwiftStorageHieraDeploy: - type: OS::Heat::StructuredDeployment - depends_on: SwiftStorageUpgradeInitDeployment - properties: - name: SwiftStorageHieraDeploy - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageHieraConfig} - input_values: - enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - # Resource for site-specific injection of root certificate - NodeTLSCAData: - depends_on: SwiftStorageHieraDeploy - type: OS::TripleO::NodeTLSCAData - properties: - server: {get_resource: SwiftStorage} - - # Hook for site-specific additional pre-deployment config, - # applying to all nodes, e.g node registration/unregistration - NodeExtraConfig: - depends_on: NodeTLSCAData - type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted - properties: - server: {get_resource: SwiftStorage} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: SwiftStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - actions: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - - SshHostPubKey: - type: OS::TripleO::Ssh::HostPubKey - depends_on: SwiftStorageHieraDeploy - properties: - server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [SwiftStorage, name]} - hostname_map: - description: Mapping of network names to hostnames - value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} - ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} - hosts_entry: - value: - str_replace: - template: | - PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST - CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - known_hosts_entry: - description: Entry for ssh known hosts - value: - str_replace: - template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ -CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [SwiftStorage, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} - HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} - deployed_server_port_map: - description: | - Map of Heat created hostname of the server to ip address. This is the - hostname before it has been mapped with the HostnameMap parameter, and - the IP address from the ctlplane network. This map can be used to construct - the DeployedServerPortMap parameter when using split-stack. - value: - map_replace: - - hostname: - fixed_ips: - - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - keys: - hostname: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - deployed_server_deployment_swift_data_map: - description: - Map of Heat created hostname of the server to the Swift container and object - used to created the temporary url for metadata polling with - os-collect-config. - value: - map_replace: - - hostname: - container: - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 5 - object: - str_split: - - '?' - - str_split: - - '/' - - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} - - 6 - - 0 - - keys: {hostname: {get_param: Hostname}} - os_collect_config: - description: The os-collect-config configuration associated with this server resource - value: {get_attr: [SwiftStorage, os_collect_config]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml deleted file mode 100644 index bdd1e613..00000000 --- a/puppet/post-upgrade.j2.yaml +++ /dev/null @@ -1,30 +0,0 @@ -heat_template_version: pike - -description: > - Post-upgrade configuration steps via puppet for all roles - where upgrade is not disabled as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -resources: -# Note the include here is the same as post.j2.yaml but the data used at -# the time of rendering is different if any roles disable upgrades -{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'puppet-steps.j2' %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml deleted file mode 100644 index 67e1ecfd..00000000 --- a/puppet/post.j2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -heat_template_version: pike - -description: > - Post-deploy configuration steps via puppet for all roles, - as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -{% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 deleted file mode 100644 index f7651a57..00000000 --- a/puppet/puppet-steps.j2 +++ /dev/null @@ -1,156 +0,0 @@ -{% set deploy_steps_max = 6 %} -conditions: -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}_Enabled: - or: - {%- for role in roles %} - - not: - equals: - - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] - - '' - - False - {%- endfor %} -{% endfor %} - -resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number -{% for role in roles %} - # {{role.name}} Role post-deploy steps - {{role.name}}ArtifactsConfig: - type: deploy-artifacts.yaml - - {{role.name}}ArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - name: {{role.name}}ArtifactsDeploy - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ArtifactsConfig} - - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - - # Step through a series of configuration steps -{% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - WorkflowTasks_Step{{step}}_Execution - # TODO(gfidente): the following if/else condition - # replicates what is already defined for the - # WorkflowTasks_StepX resource and can be remove - # if https://bugs.launchpad.net/heat/+bug/1700569 - # is fixed. - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {{role.name}}Deployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: {{step}} - update_identifier: {get_param: DeployIdentifier} -{% endfor %} - - # Note, this should be the last step to execute configuration changes. - # Ensure that all {{role.name}}ExtraConfigPost steps are executed - # after all the previous deployment steps. - {{role.name}}ExtraConfigPost: - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step5 - {%- endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} - - # The {{role.name}}PostConfig steps are in charge of - # quiescing all services, i.e. in the Controller case, - # we should run a full service reload. - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig - depends_on: - {%- for dep in roles %} - - {{dep.name}}ExtraConfigPost - {%- endfor %} - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - -{% endfor %} - -# BEGIN service_workflow_tasks handling -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}: - type: OS::Mistral::Workflow - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} - type: direct - tasks: - yaql: - expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() - data: - {%- for role in roles %} - - get_param: [role_data, {{role.name}}, service_workflow_tasks] - {%- endfor %} - - WorkflowTasks_Step{{step}}_Execution: - type: OS::Mistral::ExternalResource - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: WorkflowTasks_Step{{step}} - properties: - actions: - CREATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - UPDATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - always_update: true -{% endfor %} -# END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 23d8896e..5453e65c 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,27 +1,40 @@ -{# ## Some variables are set to enable rendering backwards compatible templates #} -{# ## where a few parameter/resource names don't match the expected pattern #} -{# ## FIXME: we need some way to deprecate the old inconsistent parameters #} -{%- if role.name == 'Controller' -%} - {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%} -{% endif %} +{#- ## Some variables are set to enable rendering backwards compatible templates #} +{#- ## where a few parameter/resource names don't match the expected pattern #} +{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #} +{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%} heat_template_version: pike description: 'OpenStack {{role.name}} node configured by Puppet' parameters: +{%- set default_flavor_name = 'baremetal' %} +{%- if role.deprecated_param_flavor is defined %} + {{role.deprecated_param_flavor}}: + description: DEPRECATED Use Overcloud{{role.name}}Flavor instead. + default: {{default_flavor_name}} + type: string +{%- endif %} Overcloud{{role.name}}Flavor: description: Flavor for the {{role.name}} node. - default: baremetal + default: {{default_flavor_name}} type: string -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor -{% endif %} +{%- endif %} +{%- set default_image_name = 'overcloud-full' %} +{%- if role.deprecated_param_image is defined %} + {{role.deprecated_param_image}}: + type: string + default: {{default_image_name}} + description: DEPRECATED Use {{role.name}}Image instead +{%- endif %} {{role.name}}Image: type: string - default: overcloud-full -{% if role.disable_constraints is not defined %} + default: {{default_image_name}} + description: The disk image file to use for the role. +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: glance.image -{% endif %} +{%- endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -30,13 +43,13 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default -{% if role.disable_constraints is not defined %} +{%- if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair -{% endif %} +{%- endif %} NeutronPhysicalBridge: default: 'br-ex' - description: An OVS bridge to create for accessing tenant networks. + description: An OVS bridge to create for accessing external networks. type: string NeutronPublicInterface: default: nic1 @@ -76,8 +89,8 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json -{%- if deprecated_extraconfig_param is defined %} - {{deprecated_extraconfig_param}}: +{%- if role.deprecated_param_extraconfig is defined %} + {{role.deprecated_param_extraconfig}}: default: {} description: | DEPRECATED use {{role.name}}ExtraConfig instead @@ -86,6 +99,12 @@ parameters: {{role.name}}IPs: default: {} type: json +{%- if role.deprecated_param_ips is defined %} + {{role.deprecated_param_ips}}: + default: {} + description: DEPRECATED - use {{role.name}}IPs instead + type: json +{%- endif %} NetworkDeploymentActions: type: comma_delimited_list description: > @@ -112,6 +131,12 @@ parameters: role-specific and is merged with the values given to the ServerMetadata parameter. type: json +{%- if role.deprecated_param_metadata is defined %} + {{role.deprecated_param_metadata}}: + default: {} + description: DEPRECATED - use {{role.name}}ServerMetadata instead + type: json +{%- endif %} ServerMetadata: default: {} description: > @@ -123,6 +148,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} +{%- if role.deprecated_param_scheduler_hints is defined %} + {{role.deprecated_param_scheduler_hints}}: + type: json + description: DEPRECATED - use {{role.name}}SchedulerHints instead + default: {} +{%- endif %} NodeIndex: type: number default: 0 @@ -202,12 +233,16 @@ parameters: object: 0 default: {} -{% if deprecated_extraconfig_param is defined %} +{% if role.uses_deprecated_params is defined %} parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - - {{deprecated_extraconfig_param}} +{%- for property in role %} +{%- if property.startswith('deprecated_param_') %} + - {{role[property]}} +{%- endif %} +{%- endfor %} {%- endif %} conditions: @@ -222,18 +257,48 @@ conditions: - DeploymentSwiftDataMap - {get_param: Hostname} - "" +{%- if role.deprecated_param_image is defined %} + deprecated_param_image_set: + not: + equals: + - {get_param: {{role.deprecated_param_image}}} + - {{default_image_name}} +{%- endif %} +{%- if role.deprecated_param_flavor is defined %} + deprecated_param_flavor_set: + not: + equals: + - {get_param: {{role.deprecated_param_flavor}}} + - {{default_flavor_name}} +{%- endif %} resources: - {{role.name}}: + {{server_resource_name}}: type: OS::TripleO::{{role.name}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} splay: {get_param: ConfigCollectSplay} properties: - image: {get_param: {{role.name}}Image} + image: +{%- if role.deprecated_param_image is defined %} + if: + - deprecated_param_image_set + - {get_param: {{role.deprecated_param_image}}} + - {get_param: {{role.name}}Image} +{%- else %} + get_param: {{role.name}}Image +{%- endif %} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Overcloud{{role.name}}Flavor} + flavor: +{%- if role.deprecated_param_flavor is defined %} + if: + - deprecated_param_flavor_set + - {get_param: {{role.deprecated_param_flavor}}} + - {get_param: Overcloud{{role.name}}Flavor} +{%- else %} + get_param: Overcloud{{role.name}}Flavor +{%- endif %} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -247,9 +312,17 @@ resources: metadata: map_merge: - {get_param: ServerMetadata} +{%- if role.deprecated_param_metadata is defined %} + - {get_param: {{role.deprecated_param_metadata}}} +{%- endif %} - {get_param: {{role.name}}ServerMetadata} - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: {{role.name}}SchedulerHints} + scheduler_hints: + map_merge: +{%- if role.deprecated_param_scheduler_hints is defined %} + - {get_param: {{role.deprecated_param_scheduler_hints}}} +{%- endif %} + - {get_param: {{role.name}}SchedulerHints} deployment_swift_data: if: - deployment_swift_data_map_unset @@ -288,15 +361,20 @@ resources: {{network.name}}Port: type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port properties: - ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role.name}}IPs} + ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} + IPPool: + map_merge: +{%- if role.deprecated_param_ips is defined %} + - {get_param: {{role.deprecated_param_ips}}} +{%- endif %} + - {get_param: {{role.name}}IPs} NodeIndex: {get_param: NodeIndex} {%- endfor %} NetworkConfig: type: OS::TripleO::{{role.name}}::Net::SoftwareConfig properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} {%- endfor %} @@ -304,7 +382,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} {%- for network in networks %} {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} @@ -320,91 +398,91 @@ resources: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - external internal_api: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - internalapi storage: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storage storage_mgmt: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - storagemgmt tenant: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - tenant management: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - management ctlplane: fqdn: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role.name}}, name]} + - - {get_attr: [{{server_resource_name}}, name]} - ctlplane PreNetworkConfig: type: OS::TripleO::{{role.name}}::PreNetworkConfig properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} RoleParameters: {get_param: RoleParameters} ServiceNames: {get_param: ServiceNames} deployment_actions: {get_attr: [DeploymentActions, value]} @@ -415,7 +493,7 @@ resources: properties: name: NetworkDeployment config: {get_resource: NetworkConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} @@ -426,7 +504,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] - {{role.name}}UpgradeInitConfig: + {{server_resource_name}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig properties: group: script @@ -440,26 +518,26 @@ resources: # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - {{role.name}}UpgradeInitDeployment: + {{server_resource_name}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment properties: - name: {{role.name}}UpgradeInitDeployment - server: {get_resource: {{role.name}}} - config: {get_resource: {{role.name}}UpgradeInitConfig} + name: {{server_resource_name}}UpgradeInitDeployment + server: {get_resource: {{server_resource_name}}} + config: {get_resource: {{server_resource_name}}UpgradeInitConfig} actions: if: - server_not_blacklisted - ['CREATE', 'UPDATE'] - [] - {{role.name}}Deployment: + {{server_resource_name}}Deployment: type: OS::Heat::StructuredDeployment - depends_on: {{role.name}}UpgradeInitDeployment + depends_on: {{server_resource_name}}UpgradeInitDeployment properties: - name: {{role.name}}Deployment - config: {get_resource: {{role.name}}Config} - server: {get_resource: {{role.name}}} + name: {{server_resource_name}}Deployment + config: {get_resource: {{server_resource_name}}Config} + server: {get_resource: {{server_resource_name}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} actions: @@ -468,7 +546,7 @@ resources: - ['CREATE', 'UPDATE'] - [] - {{role.name}}Config: + {{server_resource_name}}Config: type: OS::Heat::StructuredConfig properties: group: hiera @@ -486,6 +564,13 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' + # The following are required for compatibility with the Controller role + # where some vendor integrations added hieradata via ExtraConfigPre + - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre + - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre merge_behavior: deeper datafiles: service_names: @@ -497,10 +582,10 @@ resources: - values: {get_attr: [NetIpMap, net_ip_map]} {{role.name.lower()}}_extraconfig: map_merge: -{%- if deprecated_extraconfig_param is defined %} - - {get_param: {{deprecated_extraconfig_param}}} +{%- if role.deprecated_param_extraconfig is defined %} + - {get_param: {{role.deprecated_param_extraconfig}}} {%- endif %} - - {get_param: {{role.name}}ExtraConfig} + - {get_param: {{server_resource_name}}ExtraConfig} extraconfig: {get_param: ExtraConfig} {{role.name.lower()}}: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -513,16 +598,13 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - {%- if 'primary' in role.tags and 'controller' in role.tags %} - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} {%- if 'primary' in role.tags and 'controller' in role.tags %} # Resource for site-specific passing of private keys/certificates @@ -530,19 +612,19 @@ resources: depends_on: NodeTLSCAData type: OS::TripleO::NodeTLSData properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} NodeIndex: {get_param: NodeIndex} {%- endif -%} # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment type: OS::TripleO::{{role.name}}ExtraConfigPre # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration @@ -559,7 +641,7 @@ resources: # compatibility with templates everywhere condition: server_not_blacklisted properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -570,7 +652,7 @@ resources: properties: name: UpdateDeployment config: {get_resource: UpdateConfig} - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} input_values: update_identifier: get_param: UpdateIdentifier @@ -591,18 +673,18 @@ resources: SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey - depends_on: {{role.name}}Deployment + depends_on: {{server_resource_name}}Deployment properties: - server: {get_resource: {{role.name}}} + server: {get_resource: {{server_resource_name}}} deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: description: IP address of the server in the ctlplane network - value: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} hostname: description: Hostname of the server - value: {get_attr: [{{role.name}}, name]} + value: {get_attr: [{{server_resource_name}}, name]} hostname_map: description: Mapping of network names to hostnames value: @@ -622,12 +704,12 @@ outputs: params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} known_hosts_entry: description: Entry for ssh known hosts @@ -641,18 +723,18 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role.name}}, name]} + PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]} {%- for network in networks %} {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} {%- endfor %} - CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} nova_server_resource: description: Heat resource handle for {{role.name}} server value: - {get_resource: {{role.name}}} + {get_resource: {{server_resource_name}}} condition: server_not_blacklisted deployed_server_port_map: description: | @@ -664,7 +746,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" map_replace: - hostname: fixed_ips: - - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]} - keys: hostname: list_join: @@ -682,14 +764,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" container: str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 5 object: str_split: - '?' - str_split: - '/' - - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]} - 6 - 0 - keys: {hostname: {get_param: Hostname}} @@ -703,7 +785,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource - value: {get_attr: [{{role.name}}, os_collect_config]} + value: {get_attr: [{{server_resource_name}}, os_collect_config]} {%- for network in networks %} {{network.name_lower|default(network.name.lower())}}_ip_address: description: IP address of the server in the {{network.name}} network diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d55414b7..a593d55e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc. - Steps/tages correlate to the following: + Steps/tags correlate to the following: 1) Stop all control-plane services. @@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services. +Update Steps +------------ + +Each service template may optionally define a `update_tasks` key, which is a +list of ansible tasks to be performed during the minor update process. + +Similar to the upgrade_tasks, we allow a series of steps for the per-service +update sequence, but note update_task selects the steps via a conditional +referencing the step variable e.g when: step == 2, which is different to the +tags based approach used for upgrade_tasks (the two may be aligned in future). + + Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml new file mode 100644 index 00000000..c8b8bd8f --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-unity.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC Unity backend + +parameters: + CinderEnableDellEMCUnityBackend: + type: boolean + default: true + CinderDellEMCUnityBackendName: + type: string + default: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: + type: string + CinderDellEMCUnitySanLogin: + type: string + default: 'Admin' + CinderDellEMCUnitySanPassword: + type: string + hidden: true + CinderDellEMCUnityStorageProtocol: + type: string + default: 'iSCSI' + CinderDellEMCUnityIoPorts: + type: string + default: '' + CinderDellEMCUnityStoragePoolNames: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellemc_unity + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend} + cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName} + cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp} + cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin} + cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword} + cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol} + cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts} + cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 04f34e24..dcead0f7 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -47,6 +47,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -98,6 +103,7 @@ outputs: generate_service_certificates: true mongodb::server::ssl: true mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb::server::ssl_ca: {get_param: InternalTLSCAFile} mongodb_certificate_specs: service_pem: '/etc/pki/tls/certs/mongodb.pem' service_certificate: '/etc/pki/tls/certs/mongodb.crt' diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bd96823b..bdcc4fcd 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -77,3 +77,6 @@ outputs: tags: step3 yum: name=redis state=latest when: redis_enabled.rc != 0 + - name: Start redis service + tags: step4 + service: name=redis state=started diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d11ef66a..2cda08eb 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -7,8 +7,9 @@ parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. - type: string - default: '' + The value can be multiple addresses separated by commas. + type: comma_delimited_list + default: [] EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,7 +38,7 @@ parameters: type: json conditions: - insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} outputs: role_data: @@ -48,11 +49,10 @@ outputs: if: - insecure_registry_is_empty - {} - - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} + - tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: - name: Install docker packages on upgrade if missing tags: step3 yum: name=docker state=latest - diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..e0173d88 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -55,16 +61,31 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" for_each: NETWORK: {get_attr: [HAProxyNetworks, value]} diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..14d171dc 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string outputs: role_data: @@ -38,14 +44,33 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" metadata_settings: - service: haproxy diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8796209b..218ba740 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -178,10 +178,10 @@ parameters: Cron to purge expired tokens - Week Day default: '*' KeystoneCronTokenFlushMaxDelay: - type: string + type: number description: > Cron to purge expired tokens - Max Delay - default: '0' + default: 0 KeystoneCronTokenFlushDestination: type: string description: > diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml index 1f331894..65b2a2a1 100644 --- a/puppet/services/network/contrail-dpdk.yaml +++ b/puppet/services/network/contrail-dpdk.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 058b9dc9..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string + hidden: true ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 981fe2fb..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b9556890..b6980045 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,12 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + NeutronDBSyncExtraParams: + default: '' + description: | + String of extra command line parameters to append to the neutron-db-manage + upgrade head command. + type: string ServiceData: default: {} description: Dictionary packing service data @@ -134,6 +140,7 @@ outputs: neutron::db::database_max_retries: -1 neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} - if: - dhcp_agents_zero - {} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml new file mode 100644 index 00000000..a7dc2e8b --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -0,0 +1,99 @@ +heat_template_version: pike + +description: > + OpenStack Neutron ML2/Nuage plugin configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronML2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron ML2/Nuage plugin + value: + service_name: neutron_plugin_ml2_nuage + config_settings: + map_merge: + - get_attr: [NeutronML2Base, role_data, config_settings] + - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index cc4cd8f4..68bba110 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -33,7 +33,7 @@ parameters: OpenDaylightPortBindingController: description: OpenDaylight port binding controller type: string - default: 'network-topology' + default: 'pseudo-agentdb-binding' resources: diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index dd757b5d..1ea6b1ae 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -72,6 +72,16 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: 'openvswitch' + NeutronOverlayIPVersion: + default: 4 + description: IP version used for all overlay network endpoints. + type: number + constraints: + - allowed_values: [4,6] resources: NeutronBase: @@ -100,6 +110,8 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} + neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} + neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index a12bfd0f..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -97,7 +97,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > @@ -170,6 +170,11 @@ outputs: tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index e2ae7260..3f37cd94 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -139,6 +139,11 @@ outputs: # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::nova::migration::client::libvirt_enabled: true @@ -157,7 +162,7 @@ outputs: dport: - 16514 - '49152-49215' - - '5900-5999' + - '5900-6923' - if: @@ -165,6 +170,8 @@ outputs: - generate_service_certificates: true tripleo::profile::base::nova::migration::client::libvirt_tls: true + nova::migration::libvirt::listen_address: + get_param: [ServiceNetMap, NovaLibvirtNetwork] nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 2027292c..139ab7c7 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -33,6 +33,28 @@ parameters: Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" + HostAllowedNetworkTypes: + description: Allowed tenant network types for this OVS host. Note this can + vary per host or role to constrain which hosts nova instances + and networks are scheduled to. + type: comma_delimited_list + default: ['local', 'vlan', 'vxlan', 'gre'] + OvsEnableDpdk: + description: Whether or not to configure enable DPDK in OVS + default: false + type: boolean + OvsVhostuserMode: + description: Specify the mode for OVS with vhostuser port creation. In + client mode, the hypervisor will be responsible for creating + vhostuser sockets. In server mode, OVS will create them. + type: string + default: "client" + constraints: + - allowed_values: [ 'client', 'server' ] + VhostuserSocketDir: + description: Specify the directory to use for vhostuser sockets + type: string + default: "/var/run/openvswitch" EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -71,6 +93,28 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes + neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk + neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir + neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode + neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings + - values: {get_param: [RoleParameters]} + - values: + HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} + OvsEnableDpdk: {get_param: OvsEnableDpdk} + VhostuserSocketDir: {get_param: VhostuserSocketDir} + OvsVhostuserMode: {get_param: OvsVhostuserMode} + OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} + outputs: role_data: description: Role data for the OpenDaylight service. @@ -86,7 +130,6 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' @@ -94,6 +137,7 @@ outputs: '136 neutron gre networks': proto: 'gre' - get_attr: [Ovs, role_data, config_settings] + - get_attr: [RoleParametersValue, value] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index fbc5559a..30720448 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -45,7 +45,7 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index a1134f3e..f4675875 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,11 +66,17 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: Sync cinder DB + - name: get bootstrap nodeid tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable + command: hiera bootstrap_nodeid + register: bootstrap_node + - block: + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable + when: bootstrap_node.stdout == ansible_hostname diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 76511784..47ca6142 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -35,6 +35,11 @@ parameters: description: The authkey for the pacemaker remote service. hidden: true default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string @@ -103,5 +108,13 @@ outputs: tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + pacemaker::corosync::manage_fw: false + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e471c2a6..2a8620c8 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -56,3 +56,7 @@ outputs: - name: Update all packages tags: step3 yum: name=* state=latest + update_tasks: + - name: Update all packages + yum: name=* state=latest + when: step == "3" diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar-api.yaml index 4a1ad179..82d105ef 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar-api.yaml @@ -87,9 +87,9 @@ resources: outputs: role_data: - description: Shared role data for the Heat services. + description: Shared role data for the Zaqar services. value: - service_name: zaqar + service_name: zaqar_api config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] |