diff options
Diffstat (limited to 'puppet')
32 files changed, 449 insertions, 183 deletions
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml deleted file mode 100644 index 1b719839..00000000 --- a/puppet/controller-config-pacemaker.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: ocata - -description: > - A software config which runs manifests/overcloud_controller_pacemaker.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ControllerPuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - outputs: - - name: result - inputs: - - name: step - type: Number - config: - list_join: - - '' - - - get_file: manifests/overcloud_controller_pacemaker.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller_pacemaker.pp - value: {get_resource: ControllerPuppetConfigImpl} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b70f5c71..9430a704 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -19,7 +19,7 @@ resources: # Upgrade Steps for all roles # FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(1, 8) %} +{% for step in range(0, 8) %} {% for role in roles %} # Step {{step}} resources {{role.name}}UpgradeConfig_Step{{step}}: @@ -28,7 +28,7 @@ resources: # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). - {% if step > 1 %} + {% if step > 0 %} depends_on: {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} @@ -40,7 +40,7 @@ resources: {{role.name}}Upgrade_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step > 1 %} + {% if step > 0 %} depends_on: {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp deleted file mode 100644 index d329d5fc..00000000 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('controller_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_role.pp b/puppet/manifests/overcloud_role.pp index 1a59620c..e2bf5146 100644 --- a/puppet/manifests/overcloud_role.pp +++ b/puppet/manifests/overcloud_role.pp @@ -24,3 +24,7 @@ if hiera('step') >= 4 { $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} + +# NOTE(gfidente): ensure deprecated package manifest is absent, can be removed after Pike +$absent_package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) +package_manifest{$absent_package_manifest_name: ensure => absent} diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index b898d0bf..aaa9b039 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -61,6 +61,12 @@ parameters: MonitoringSubscriptionCephExternal: default: 'overcloud-ceph-external' type: string + RbdDefaultFeatures: + default: '' + description: The default features enabled when creating a block device + image. Only applies to format 2 images. Set to '1' for Jewel + clients using older Ceph servers. + type: string conditions: glance_multiple_locations: @@ -81,6 +87,7 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::rbd_default_features: {get_param: RbdDefaultFeatures} ceph::profile::params::client_keys: str_replace: template: "{ diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f32bdd2b..68ad69b7 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -28,6 +28,12 @@ parameters: CinderRbdPoolName: default: volumes type: string + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string CinderBackupRbdPoolName: default: backups type: string @@ -87,6 +93,8 @@ outputs: for_each: <%pool%>: - {get_param: CinderRbdPoolName} + - {get_param: ManilaCephFSDataPoolName} + - {get_param: ManilaCephFSMetadataPoolName} - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 376ea2c5..7d197831 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -147,3 +147,19 @@ outputs: cinder::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: check for cinder running under apache (post upgrade) + tags: step2 + shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder" + register: cinder_apache + ignore_errors: true + - name: Stop cinder_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: "cinder_apache.rc == 0" + - name: Stop and disable cinder_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-cinder-api state=stopped enabled=no + - name: Start cinder_api service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml new file mode 100644 index 00000000..f22a3aeb --- /dev/null +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2017-02-24 + +description: > + Configure Cinder HPELeftHandISCSIDriver + +parameters: + # Config specific parameters, to be provided via parameter_defaults + CinderHPELeftHandISCSIApiUrl: + type: string + CinderHPELeftHandISCSIUserName: + type: string + CinderHPELeftHandISCSIPassword: + type: string + hidden: true + CinderHPELeftHandISCSIBackendName: + type: string + default: 'tripleo_hpelefthand' + CinderHPELeftHandISCSIChapEnabled: + type: boolean + default: false + CinderHPELeftHandClusterName: + type: string + CinderHPELeftHandDebug: + type: boolean + default: false + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for Cinder HPELeftHandISCSIDriver + value: + service_name: cinder_hpelefthand_iscsi + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_hpelefthand_backend: true + cinder::backend::hpelefthand_iscsi::hpelefthand_api_url: {get_param: CinderHPELeftHandISCSIApiUrl} + cinder::backend::hpelefthand_iscsi::hpelefthand_username: {get_param: CinderHPELeftHandISCSIUserName} + cinder::backend::hpelefthand_iscsi::hpelefthand_password: {get_param: CinderHPELeftHandISCSIPassword} + cinder::backend::hpelefthand_iscsi::volume_backend_name: {get_param: CinderHPELeftHandISCSIBackendName} + cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled: {get_param: CinderHPELeftHandISCSIChapEnabled} + cinder::backend::hpelefthand_iscsi::hpelefthand_clustername: {get_param: CinderHPELeftHandClusterName} + cinder::backend::hpelefthand_iscsi::hpelefthand_debug: {get_param: CinderHPELeftHandDebug} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 3dd3f64e..e12af631 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -51,3 +51,10 @@ outputs: - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler step_config: | include ::tripleo::profile::base::cinder::scheduler + upgrade_tasks: + - name: Stop cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped + - name: Start cinder_scheduler service + tags: step6 + service: name=openstack-cinder-scheduler state=started diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 66706bc4..cc06d87b 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -110,3 +110,14 @@ outputs: tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} step_config: | include ::tripleo::profile::base::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped + - name: Sync cinder_volume DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service + tags: step6 + service: name=openstack-cinder-volume state=started + diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 5eefe6bd..7e12894f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -95,6 +95,9 @@ outputs: step_config: | include ::tripleo::profile::base::database::mysql upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file - name: Stop service tags: step2 service: name=mariadb state=stopped diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 36df724b..6d01bd48 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -80,12 +80,8 @@ outputs: glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::api::registry_host: - str_replace: - template: "'REGISTRY_HOST'" - params: - REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } + glance::api::enable_v1_api: false + glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} @@ -109,3 +105,13 @@ outputs: include ::tripleo::profile::base::glance::api service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] + upgrade_tasks: + - name: Stop glance_api service + tags: step2 + service: name=openstack-glance-api state=stopped + - name: Sync glance_api DB + tags: step5 + command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync + - name: Start glance_api service + tags: step6 + service: name=openstack-glance-api state=started diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml index d715ac02..f5548982 100644 --- a/puppet/services/glance-base.yaml +++ b/puppet/services/glance-base.yaml @@ -105,8 +105,6 @@ outputs: glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} glance::notify::rabbitmq::notification_driver: messagingv2 - glance::registry::db::database_db_max_retries: -1 - glance::registry::db::database_max_retries: -1 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions} diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml deleted file mode 100644 index 1f7e6e3d..00000000 --- a/puppet/services/glance-registry.yaml +++ /dev/null @@ -1,102 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Glance Registry service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceWorkers: - default: '' - description: | - Number of worker processes for glance registry. If left unset (empty - string), the default value will result in the configuration being left - unset and a system-dependent default value will be chosen (e.g.: number of - processors). Please note that this will create a large number of processes - on systems with a large number of CPUs resulting in excess memory - consumption. It is recommended that a suitable non-default value be - selected on such systems. - type: string - MonitoringSubscriptionGlanceRegistry: - default: 'overcloud-glance-registry' - type: string - GlanceRegistryLoggingSource: - type: json - default: - tag: openstack.glance.registry - path: /var/log/glance/registry.log - -resources: - GlanceBase: - type: ./glance-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance Registry role. - value: - service_name: glance_registry - monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} - logging_source: {get_param: GlanceRegistryLoggingSource} - logging_groups: - - glance - config_settings: - map_merge: - - get_attr: [GlanceBase, role_data, config_settings] - - - glance::registry::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - glance::registry::authtoken::password: {get_param: GlancePassword} - glance::registry::authtoken::project_name: 'service' - glance::registry::pipeline: 'keystone' - glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::registry::debug: {get_param: Debug} - glance::registry::workers: {get_param: GlanceWorkers} - tripleo.glance_registry.firewall_rules: - '112 glance_registry': - dport: - - 9191 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} - step_config: | - include ::tripleo::profile::base::glance::registry - service_config_settings: - get_attr: [GlanceBase, role_data, config_settings] diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 10a7780b..f4d3cad3 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -84,3 +84,11 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api_cfn service + tags: step2 + service: name=openstack-heat-api-cfn state=stopped + - name: Start heat_api_cfn service + tags: step6 + service: name=openstack-heat-api-cfn state=started + diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 1178d62b..ba4a287a 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -66,3 +66,10 @@ outputs: heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + upgrade_tasks: + - name: Stop heat_api_cloudwatch service + tags: step2 + service: name=openstack-heat-api-cloudwatch state=stopped + - name: Start heat_api_cloudwatch service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index a32521c7..7ec9d6d4 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -84,3 +84,10 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api service + tags: step2 + service: name=openstack-heat-api state=stopped + - name: Start heat_api service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 8faccd2b..6efb0653 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -137,3 +137,13 @@ outputs: keystone: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} + upgrade_tasks: + - name: Stop heat_engine service + tags: step2 + service: name=openstack-heat-engine state=stopped + - name: Sync heat_engine DB + tags: step5 + command: heat-manage --config-file /etc/heat/heat.conf db_sync + - name: Start heat_engine service + tags: step6 + service: name=openstack-heat-engine state=started diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 91369a99..36ef1ea9 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -40,6 +40,20 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + # (jprovazn) default value is set to assure this templates works with an + # external ceph too (user/key is created only when ceph is deployed by + # TripleO) + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -54,4 +68,8 @@ outputs: manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index fa10cd94..bbb79bba 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -160,3 +160,14 @@ outputs: neutron::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop neutron_api service + tags: step2 + service: name=neutron-server state=stopped + - name: Sync neutron_api DB + tags: step5 + command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + - name: Start neutron_api service + tags: step6 + service: name=neutron-server state=started + diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index ad46c90f..c7965a64 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -74,3 +74,10 @@ outputs: dport: 68 step_config: | include tripleo::profile::base::neutron::dhcp + upgrade_tasks: + - name: Stop neutron_dhcp service + tags: step2 + service: name=neutron-dhcp-agent state=stopped + - name: Start neutron_dhcp service + tags: step6 + service: name=neutron-dhcp-agent state=started diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index f8c839d0..b3d7b3bf 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -72,10 +72,17 @@ outputs: tripleo.neutron_l3.firewall_rules: '106 neutron_l3 vrrp': proto: vrrp - - + - if: - external_network_bridge_empty - {} - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 + upgrade_tasks: + - name: Stop neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped + - name: Start neutron_l3 service + tags: step6 + service: name=neutron-l3-agent state=started diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 73b767d8..68d7110a 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -75,3 +75,10 @@ outputs: neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata + upgrade_tasks: + - name: Stop neutron_metadata service + tags: step2 + service: name=neutron-metadata-agent state=stopped + - name: Start neutron_metadata service + tags: step6 + service: name=neutron-metadata-agent state=started diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 5fa04867..e24fae7c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -70,6 +70,9 @@ parameters: tag: openstack.neutron.agent.openvswitch path: /var/log/neutron/openvswitch-agent.log +conditions: + no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} + resources: NeutronBase: @@ -104,12 +107,24 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} tripleo.neutron_ovs_agent.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::ovs + upgrade_tasks: + - name: Stop neutron_ovs_agent service + tags: step2 + service: name=neutron-openvswitch-agent state=stopped + - name: Start neutron_ovs_agent service + tags: step6 + service: name=neutron-openvswitch-agent state=started + diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml new file mode 100644 index 00000000..becd25c9 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -0,0 +1,73 @@ +heat_template_version: ocata + +description: > + Configure hieradata for Fujitsu C-Fabric plugin configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronFujitsuCfabAddress: + description: 'The address of the C-Fabric to telnet to.' + type: string + NeutronFujitsuCfabUserName: + description: 'The C-Fabric username to use.' + type: string + NeutronFujitsuCfabPassword: + description: 'The C-Fabric password to use.' + type: string + hidden: true + NeutronFujitsuCfabPhysicalNetworks: + description: 'List of <physical_network>:<vfab_id> tuples specifying physical_network names and corresponding vfab ids.' + type: comma_delimited_list + default: '' + NeutronFujitsuCfabSharePprofile: + description: '"Whether to share a C-Fabric pprofile among Neutron ports using the same VLAN ID.' + type: boolean + default: false + NeutronFujitsuCfabPprofilePrefix: + description: 'The prefix string for pprofile name.' + type: string + default: '' + NeutronFujitsuCfabSaveConfig: + description: 'Whether to save configuration.' + type: boolean + default: true + +resources: + + NeutronMl2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Fujitsu Cfab ML2 Driver + value: + service_name: neutron_plugin_ml2_fujitsu_cfab + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::plugins::ml2::fujitsu::cfab::address: {get_param: NeutronFujitsuCfabAddress} + neutron::plugins::ml2::fujitsu::cfab::username: {get_param: NeutronFujitsuCfabUserName} + neutron::plugins::ml2::fujitsu::cfab::password: {get_param: NeutronFujitsuCfabPassword} + neutron::plugins::ml2::fujitsu::cfab::physical_networks: {get_param: NeutronFujitsuCfabPhysicalNetworks} + neutron::plugins::ml2::fujitsu::cfab::share_pprofile: {get_param: NeutronFujitsuCfabSharePprofile} + neutron::plugins::ml2::fujitsu::cfab::pprofile_prefix: {get_param: NeutronFujitsuCfabPprofilePrefix} + neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig} + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index bf8e46be..d70e66a0 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -103,6 +103,17 @@ outputs: - '/nova_api' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + nova::placement_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_placement:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_placement' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' @@ -129,10 +140,6 @@ outputs: - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} service_config_settings: mysql: - # NOTE(aschultz): this should be configurable if/when we support more - # complex cell v2 configurations. For now, this is the default cell - # created for the cell v2 configuration - nova::db::mysql_api::setup_cell0: true nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml new file mode 100644 index 00000000..9b7120d8 --- /dev/null +++ b/puppet/services/nova-placement.yaml @@ -0,0 +1,124 @@ +heat_template_version: ocata + +description: > + OpenStack Nova Placement API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Placement API service. + type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-placement. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionNovaPlacement: + default: 'overcloud-nova-placement' + type: string + NovaPlacementLoggingSource: + type: json + default: + tag: openstack.nova.placement + path: /var/log/httpd/nova_placement_wsgi_error_ssl.log + EnableInternalTLS: + type: boolean + default: false + +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + +resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Placement API service. + value: + service_name: nova_placement + monitoring_subscription: {get_param: MonitoringSubscriptionNovaPlacement} + logging_source: {get_param: NovaPlacementLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - tripleo.nova_placement.firewall_rules: + '138 nova_placement': + dport: + - 8778 + - 13778 + nova::placement::project_name: 'service' + nova::placement::password: {get_param: NovaPassword} + nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::placement::os_region_name: {get_param: KeystoneRegion} + nova::wsgi::apache_placement::api_port: '8778' + nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_placement::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + - + if: + - nova_workers_zero + - {} + - nova::wsgi::apache_placement::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::placement + service_config_settings: + keystone: + nova::keystone::auth_placement::tenant: 'service' + nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]} + nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]} + nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]} + nova::keystone::auth_placement::password: {get_param: NovaPassword} + nova::keystone::auth_placement::region: {get_param: KeystoneRegion} + mysql: + map_merge: + - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} + - nova::db::mysql_placement::password: {get_param: NovaPassword} + nova::db::mysql_placement::user: nova_placement + nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_placement::dbname: nova_placement + nova::db::mysql_placement::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 302628d4..7f81afde 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OVN databases configured with puppet diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index af95dbd1..511a01ab 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -53,3 +53,7 @@ outputs: get_param: [ServiceNetMap, MysqlNetwork] step_config: | include ::tripleo::profile::pacemaker::database::mysql + upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 5526a6f2..ab9dad46 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -107,6 +107,6 @@ outputs: tags: step2 service: name=rabbitmq-server state=stopped - name: Start rabbitmq service - tags: step6 + tags: step4 service: name=rabbitmq-server state=started diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index da6e3083..737be829 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -33,6 +33,14 @@ outputs: step_config: | include ::tripleo::packages upgrade_tasks: + - name: Check yum for rpm-python present + tags: step0 + yum: "name=rpm-python state=present" + register: rpm_python_check + - name: Fail when rpm-python wasn't present + fail: msg="rpm-python package was not present before this run! Check environment before re-running" + when: rpm_python_check.changed != false + tags: step0 - name: Update all packages tags: step3 yum: name=* state=latest diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index 499160e5..e892d813 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -35,6 +35,7 @@ resources: template: "stepSTEP" params: STEP: {get_param: step} + modulepath: /usr/share/ansible-modules inputs: - name: role config: {get_attr: [AnsibleConfig, value]} |