diff options
Diffstat (limited to 'puppet')
32 files changed, 806 insertions, 321 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 08bc03a5..f28f606f 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -69,8 +69,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. BlockStorageServerMetadata: default: {} description: > @@ -143,6 +143,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -150,6 +169,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: BlockStorage: @@ -178,6 +203,12 @@ resources: - {get_param: BlockStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -377,6 +408,7 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -614,3 +646,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [BlockStorage, os_collect_config]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 3f596423..85b276d6 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -75,8 +75,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. CephStorageServerMetadata: default: {} description: > @@ -149,6 +149,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -156,6 +175,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: CephStorage: @@ -184,6 +209,12 @@ resources: - {get_param: CephStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -383,6 +414,7 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -625,3 +657,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 8a3c487a..10d082cb 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -37,7 +37,7 @@ parameters: type: string NeutronPublicInterface: default: nic1 - description: A port to add to the NeutronPhysicalBridge. + description: Which interface to add to the NeutronPhysicalBridge. type: string NodeIndex: type: number @@ -90,8 +90,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. NovaComputeServerMetadata: default: {} description: > @@ -161,8 +161,33 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" server_not_blacklisted: not: equals: @@ -198,6 +223,12 @@ resources: - {get_param: NovaComputeServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -386,6 +417,7 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -651,3 +683,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" value: {get_resource: NovaCompute} condition: server_not_blacklisted + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [NovaCompute, os_collect_config]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 6bc23669..ca08c65d 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -58,9 +58,13 @@ parameters: type: string constraints: - custom_constraint: nova.keypair + NeutronPhysicalBridge: + default: 'br-ex' + description: An OVS bridge to create for accessing external networks. + type: string NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string ServiceNetMap: default: {} @@ -104,8 +108,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. ControllerServerMetadata: default: {} description: > @@ -175,6 +179,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} parameter_groups: - label: deprecated @@ -188,7 +211,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 - + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: @@ -218,6 +246,12 @@ resources: - {get_param: ControllerServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -406,6 +440,7 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -431,7 +466,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] input_values: - bridge_name: br-ex + bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} # Resource for site-specific injection of root certificate @@ -697,3 +732,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" tls_cert_modulus_md5: description: MD5 checksum of the TLS Certificate Modulus value: {get_attr: [NodeTLSData, cert_modulus_md5]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [Controller, os_collect_config]} diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 4e1ad89f..e4d20b49 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -10,16 +10,20 @@ if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do curl --globoff -o $TMP_DATA/file_data "$URL" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then - yum install -y $TMP_DATA/file_data + mv $TMP_DATA/file_data $TMP_DATA/file_data.rpm + yum install -y $TMP_DATA/file_data.rpm + rm $TMP_DATA/file_data.rpm elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then pushd / tar xvzf $TMP_DATA/file_data popd else - echo "ERROR: Unsupported file format." + echo "ERROR: Unsupported file format: $URL" exit 1 fi - rm $TMP_DATA/file_data + if [ -f $TMP_DATA/file_data ]; then + rm $TMP_DATA/file_data + fi done else echo "No artifact_urls was set. Skipping..." diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b44095bd..574c41b0 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -8,11 +8,14 @@ description: 'Upgrade steps for all roles' parameters: servers: type: json - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - + ctlplane_service_ips: + type: json UpdateIdentifier: type: string description: > @@ -206,7 +209,9 @@ resources: {%- endfor %} properties: servers: {get_param: servers} + stack_name: {get_param: stack_name} role_data: {get_param: role_data} + ctlplane_service_ips: {get_param: ctlplane_service_ips} outputs: # Output the config for each role, just use Step1 as the config should be diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index c35bb250..4a1670f8 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -69,8 +69,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. SwiftStorageServerMetadata: default: {} description: > @@ -143,6 +143,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -150,6 +169,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: @@ -178,6 +203,12 @@ resources: - {get_param: SwiftStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -377,6 +408,7 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -613,3 +645,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [SwiftStorage, os_collect_config]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml index c51b6e1b..bdd1e613 100644 --- a/puppet/post-upgrade.j2.yaml +++ b/puppet/post-upgrade.j2.yaml @@ -8,17 +8,20 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + ctlplane_service_ips: + type: json resources: # Note the include here is the same as post.j2.yaml but the data used at diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 3a15cec6..67e1ecfd 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -8,7 +8,9 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data @@ -23,6 +25,7 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + ctlplane_service_ips: + type: json -resources: {% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 5567d65d..82c6171e 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -1,3 +1,19 @@ +{% set deploy_steps_max = 6 %} + +conditions: +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}_Enabled: + or: + {% for role in roles %} + - not: + equals: + - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] + - '' + - False + {% endfor %} +{% endfor %} + +resources: # Post deployment steps for all roles # A single config is re-applied with an incrementing step number {% for role in roles %} @@ -24,17 +40,26 @@ StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} # Step through a series of configuration steps -{% for step in range(1, 6) %} +{% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - {% else %} depends_on: + - WorkflowTasks_Step{{step}}_Execution + # TODO(gfidente): the following if/else condition + # replicates what is already defined for the + # WorkflowTasks_StepX resource and can be remove + # if https://bugs.launchpad.net/heat/+bug/1700569 + # is fixed. + {% if step == 1 %} + {% for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {% endfor %} + {% else %} {% for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} {% endfor %} - {% endif %} + {% endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -72,3 +97,50 @@ {% endfor %} + +# BEGIN service_workflow_tasks handling +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}: + type: OS::Mistral::Workflow + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: + {% if step == 1 %} + {% for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {% endfor %} + {% else %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} + type: direct + tasks: + yaql: + expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() + data: + {% for role in roles %} + - get_param: [role_data, {{role.name}}, service_workflow_tasks] + {% endfor %} + + WorkflowTasks_Step{{step}}_Execution: + type: OS::Mistral::ExternalResource + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: WorkflowTasks_Step{{step}} + properties: + actions: + CREATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + UPDATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + always_update: true +{% endfor %} +# END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index b7f47594..5aac0892 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -28,9 +28,13 @@ parameters: constraints: - custom_constraint: nova.keypair {% endif %} + NeutronPhysicalBridge: + default: 'br-ex' + description: An OVS bridge to create for accessing tenant networks. + type: string NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string ServiceNetMap: default: {} @@ -85,8 +89,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. {{role}}ServerMetadata: default: {} description: > @@ -165,6 +169,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -172,10 +195,16 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: {{role}}: - type: OS::TripleO::{{role.name}}Server + type: OS::TripleO::{{role}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -200,6 +229,12 @@ resources: - {get_param: {{role}}ServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: {{role}}SchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -399,6 +434,7 @@ resources: properties: server: {get_resource: {{role}}} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -409,7 +445,7 @@ resources: server: {get_resource: {{role}}} actions: {get_param: NetworkDeploymentActions} input_values: - bridge_name: br-ex + bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} actions: if: @@ -648,3 +684,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [{{role}}, os_collect_config]} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 7a18ef0c..d55414b7 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -95,6 +95,30 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) +It is also possible to use Mistral actions or workflows together with +a deployment step, these are executed before the main configuration run. +To describe actions or workflows from within a service use: + + * service_workflow_tasks: One or more workflow task properties + +which expects a map where the key is the step and the value a list of +dictionaries descrbing each a workflow task, for example:: + + service_workflow_tasks: + step2: + - name: echo + action: std.echo output=Hello + step3: + - name: external + workflow: my-pre-existing-workflow-name + input: + workflow_param1: value + workflow_param2: value + +The Heat guide for the `OS::Mistral::Workflow task property +<https://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Mistral::Workflow-prop-tasks>`_ +has more details about the expected dictionary. + Batch Upgrade Steps ------------------- diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index e12c55eb..48d95993 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -29,20 +29,9 @@ parameters: GlanceRbdPoolName: default: images type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean NovaRbdPoolName: default: vms type: string @@ -82,16 +71,6 @@ parameter_groups: parameters: - ControllerEnableCephStorage -conditions: - glance_multiple_locations: - and: - - equals: - - get_param: GlanceBackend - - rbd - - equals: - - get_param: NovaEnableRbdBackend - - true - outputs: role_data: description: Role data for the Ceph base service. @@ -153,6 +132,3 @@ outputs: - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] - service_config_settings: - glance_api: - glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 599532c4..65e6ea80 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -27,20 +27,9 @@ parameters: GlanceRbdPoolName: default: images type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean NovaRbdPoolName: default: vms type: string @@ -76,16 +65,6 @@ parameters: clients using older Ceph servers. type: string -conditions: - glance_multiple_locations: - and: - - equals: - - get_param: GlanceBackend - - rbd - - equals: - - get_param: NovaEnableRbdBackend - - true - outputs: role_data: description: Role data for the Ceph External service. @@ -122,8 +101,5 @@ outputs: - ceph-base - ceph-mon - ceph-osd - service_config_settings: - glance_api: - glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} step_config: | include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 2bde9033..882ba299 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -118,6 +118,16 @@ outputs: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} principal: str_replace: template: "mysql/%{hiera('cloud_name_NETWORK')}" @@ -132,6 +142,9 @@ outputs: - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: vip + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: node - null upgrade_tasks: - name: Check for galera root password diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index df406a8c..9567a73f 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -52,3 +52,23 @@ outputs: - 26379 step_config: | include ::tripleo::profile::base::database::redis + upgrade_tasks: + - name: Check if redis is deployed + command: systemctl is-enabled redis + tags: common + ignore_errors: True + register: redis_enabled + - name: "PreUpgrade step0,validation: Check if redis is running" + shell: > + /usr/bin/systemctl show 'redis' --property ActiveState | + grep '\bactive\b' + when: redis_enabled.rc == 0 + tags: step0,validation + - name: Stop redis service + tags: step1 + when: redis_enabled.rc == 0 + service: name=redis state=stopped + - name: Install redis package if it was disabled + tags: step3 + yum: name=redis state=latest + when: redis_enabled.rc != 0 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 7812c8e2..a3d5a793 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -96,6 +96,10 @@ parameters: GlanceRbdPoolName: default: images type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean RabbitPassword: description: The password for RabbitMQ type: string @@ -129,6 +133,14 @@ conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} + glance_multiple_locations: + and: + - equals: + - get_param: GlanceBackend + - rbd + - equals: + - get_param: NovaEnableRbdBackend + - true resources: @@ -187,6 +199,7 @@ outputs: glance::keystone::authtoken::project_domain_name: 'Default' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true + glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 619cf131..5bdc3b88 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -38,6 +38,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxyStatsEnabled: + default: true + description: Whether or not to enable the HAProxy stats interface. + type: boolean RedisPassword: description: The password for Redis type: string @@ -95,6 +99,7 @@ outputs: tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} + tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 092d0720..1f97b8ba 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -89,7 +89,6 @@ outputs: horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: - add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' options: ['FollowSymLinks','MultiViews'] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 945033a1..0e8eacf1 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -43,8 +43,21 @@ parameters: e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + IronicBase: type: ./ironic-base.yaml properties: @@ -63,6 +76,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::user_domain_name: 'Default' @@ -80,7 +94,17 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::api::service_name: 'httpd' ironic::policy::policies: {get_param: IronicApiPolicies} + ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} + ironic::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS} tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -106,6 +130,9 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: - - name: Stop ironic_api service + - name: Stop ironic_api service (before httpd support) + tags: step1 + service: name=openstack-ironic-api state=stopped enabled=no + - name: Stop ironic_api service (running under httpd) tags: step1 - service: name=openstack-ironic-api state=stopped + service: name=httpd state=stopped diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 76d5c269..4493721c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -92,8 +92,12 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -138,7 +142,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] neutron_ovs_upgrade: - name: Check if neutron_ovs_agent is deployed command: systemctl is-enabled neutron-openvswitch-agent diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 29c10469..da7a4d68 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -26,32 +26,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - HostCpusList: - default: "0" - description: List of cores to be used for host process - type: string - constraints: - - allowed_pattern: "[0-9,-]+" - NeutronDpdkCoreList: - default: "" - description: List of cores to be used for DPDK Poll Mode Driver - type: string - constraints: - - allowed_pattern: "[0-9,-]*" - NeutronDpdkMemoryChannels: - default: "" - description: Number of memory channels to be used for DPDK - type: string - constraints: - - allowed_pattern: "[0-9]*" - NeutronDpdkSocketMemory: - default: "" - description: Memory allocated for each socket - type: string - NeutronDpdkDriverType: - default: "vfio-pci" - description: DPDK Driver type - type: string # below parameters has to be set in neutron agent only for compute nodes. # as of now there is no other usecase for these parameters except dpdk. # should be moved to compute only ovs agent in case of any other usecases. @@ -75,9 +49,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -89,20 +60,19 @@ resources: - map_replace: - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir - vswitch::dpdk::driver_type: NeutronDpdkDriverType - vswitch::dpdk::host_core_list: HostCpusList - vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList - vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels - vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory - values: {get_param: [RoleParameters]} - values: NeutronDatapathType: {get_param: NeutronDatapathType} NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} - HostCpusList: {get_param: HostCpusList} - NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} - NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} - NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -116,7 +86,8 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true + - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index fe2f2946..4ce5316d 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number NovaPassword: description: The password for the nova service and db account, used by nova-api. @@ -81,17 +81,15 @@ conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # ApacheServiceBase: - # type: ./apache.yaml - # properties: - # ServiceNetMap: {get_param: ServiceNetMap} - # DefaultPasswords: {get_param: DefaultPasswords} - # EndpointMap: {get_param: EndpointMap} - # RoleName: {get_param: RoleName} - # RoleParameters: {get_param: RoleParameters} - # EnableInternalTLS: {get_param: EnableInternalTLS} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -114,9 +112,7 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: @@ -143,23 +139,21 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - nova_wsgi_enabled: false - # nova::api::service_name: 'httpd' - # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + nova_wsgi_enabled: true + nova::api::service_name: 'httpd' + nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - # nova::wsgi::apache_api::servername: - # str_replace: - # template: - # "%{hiera('fqdn_$NETWORK')}" - # params: - # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -169,9 +163,7 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # nova::wsgi::apache_api::workers: {get_param: NovaWorkers} + nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -199,87 +191,91 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # metadata_settings: - # get_attr: [ApacheServiceBase, role_data, metadata_settings] + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: get bootstrap nodeid - tags: common - command: hiera bootstrap_nodeid - register: bootstrap_node - - name: set is_bootstrap_node fact - tags: common - set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} - - name: Extra migration for nova tripleo/+bug/1656791 - tags: step0,pre-upgrade - when: is_bootstrap_node - command: nova-manage db online_data_migrations - - name: Stop and disable nova_api service (pre-upgrade not under httpd) - tags: step2 - service: name=openstack-nova-api state=stopped enabled=no - - name: Create puppet manifest to set transport_url in nova.conf - tags: step5 - when: is_bootstrap_node - copy: - dest: /root/nova-api_upgrade_manifest.pp - mode: 0600 - content: > - $transport_url = os_transport_url({ - 'transport' => hiera('messaging_service_name', 'rabbit'), - 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), - 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), - 'username' => hiera('nova::rabbit_userid', 'guest'), - 'password' => hiera('nova::rabbit_password'), - 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) - }) - oslo::messaging::default { 'nova_config': - transport_url => $transport_url - } - - name: Run puppet apply to set tranport_url in nova.conf - tags: step5 - when: is_bootstrap_node - command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp - register: puppet_apply_nova_api_upgrade - failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] - changed_when: puppet_apply_nova_api_upgrade.rc == 2 - - name: Setup cell_v2 (map cell0) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) - - name: Setup cell_v2 (create default cell) - tags: step5 - when: is_bootstrap_node - # (owalsh) puppet-nova expects the cell name 'default' - # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 - shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) - register: nova_api_create_cell - failed_when: nova_api_create_cell.rc not in [0,2] - changed_when: nova_api_create_cell.rc == 0 - - name: Setup cell_v2 (sync nova/cell DB) - tags: step5 - when: is_bootstrap_node - command: nova-manage db sync - async: {get_param: NovaDbSyncTimeout} - poll: 10 - - name: Setup cell_v2 (get cell uuid) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' - register: nova_api_cell_uuid - - name: Setup cell_v2 (migrate hosts) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose - - name: Setup cell_v2 (migrate instances) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} - - name: Sync nova_api DB - tags: step5 - command: nova-manage api_db sync - when: is_bootstrap_node - - name: Online data migration for nova - tags: step5 - when: is_bootstrap_node - command: nova-manage db online_data_migrations + yaql: + expression: $.data.apache_upgrade + $.data.nova_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + nova_api_upgrade: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 30eb1277..b83b9852 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Conductor service. + description: Number of workers for Nova services. type: number MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 335b2c28..bc7dc1b0 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number conditions: diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 86aa079e..aaa7ef5b 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -28,7 +28,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Placement API service. + description: Number of workers for Nova services. type: number NovaPassword: description: The password for the nova service and db account, used by nova-placement. diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 5da6d43e..72a1fce7 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -45,6 +45,14 @@ parameters: default: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log + NovaSchedulerDiscoverHostsInCellsInterval: + type: number + default: -1 + description: > + This value controls how often (in seconds) the scheduler should + attempt to discover new hosts that have been added to cells. + The default value of -1 disables the periodic task completely. + It is recommended to set this parameter for deployments using Ironic. resources: NovaBase: @@ -71,6 +79,7 @@ outputs: - nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} + nova::scheduler::discover_hosts_in_cells_interval: {get_param: NovaSchedulerDiscoverHostsInCellsInterval} step_config: | include tripleo::profile::base::nova::scheduler upgrade_tasks: diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 0d859be1..1a8754a5 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -57,8 +57,14 @@ parameters: type: json resources: - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -66,19 +72,21 @@ outputs: value: service_name: opendaylight_ovs config_settings: - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} - opendaylight::username: {get_param: OpenDaylightUsername} - opendaylight::password: {get_param: OpenDaylightPassword} - opendaylight_check_url: {get_param: OpenDaylightCheckURL} - opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} - neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} - tripleo.opendaylight_ovs.firewall_rules: - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '136 neutron gre networks': - proto: 'gre' + map_merge: + - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} + opendaylight_check_url: {get_param: OpenDaylightCheckURL} + opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} + tripleo.opendaylight_ovs.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' + - get_attr: [Ovs, role_data, config_settings] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: @@ -86,7 +94,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] opendaylight_upgrade: - name: Check if openvswitch is deployed command: systemctl is-enabled openvswitch diff --git a/puppet/services/openvswitch-upgrade.yaml b/puppet/services/openvswitch-upgrade.yaml deleted file mode 100644 index f6e78462..00000000 --- a/puppet/services/openvswitch-upgrade.yaml +++ /dev/null @@ -1,50 +0,0 @@ -heat_template_version: pike - -description: > - Openvswitch package special handling for upgrade. - -outputs: - role_data: - description: Upgrade task for special handling of Openvswitch (OVS) upgrade. - value: - service_name: openvswitch_upgrade - upgrade_tasks: - - name: Check openvswitch version. - tags: step2 - register: ovs_version - ignore_errors: true - shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' - - name: Check openvswitch packaging. - tags: step2 - shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" - register: ovs_packaging_issue - ignore_errors: true - - block: - - name: "Ensure empty directory: emptying." - file: - state: absent - path: /root/OVS_UPGRADE - - name: "Ensure empty directory: creating." - file: - state: directory - path: /root/OVS_UPGRADE - owner: root - group: root - mode: 0750 - - name: Download OVS packages. - command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch - - name: Get rpm list for manual upgrade of OVS. - shell: ls -1 /root/OVS_UPGRADE/*.rpm - register: ovs_list_of_rpms - - name: Manual upgrade of OVS - shell: | - rpm -U --test {{item}} 2>&1 | grep "already installed" || \ - rpm -U --replacepkgs --notriggerun --nopostun {{item}}; - args: - chdir: /root/OVS_UPGRADE - with_items: - - "{{ovs_list_of_rpms.stdout_lines}}" - tags: step2 - when: "'2.5.0-14' in '{{ovs_version.stdout}}' - or - ovs_packaging_issue|succeeded" diff --git a/puppet/services/openvswitch.yaml b/puppet/services/openvswitch.yaml new file mode 100644 index 00000000..36aa5db7 --- /dev/null +++ b/puppet/services/openvswitch.yaml @@ -0,0 +1,178 @@ +heat_template_version: pike + +description: > + Open vSwitch Configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OvsDpdkCoreList: + description: > + List of cores to be used for DPDK lcore threads. Note, these threads + are used by the OVS control path for validator and handling functions. + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: "" + OvsDpdkMemoryChannels: + description: Number of memory channels per socket to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: "" + OvsDpdkSocketMemory: + default: "" + description: > + Sets the amount of hugepage memory to assign per NUMA node. It is + recommended to use the socket closest to the PCIe slot used for the + desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 + mem>, <socket n mem>", where the value is specified in MB. For example: + "1024,0". + type: string + OvsDpdkDriverType: + default: "vfio-pci" + description: > + DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports + this UIO/PMD driver. + type: string + OvsPmdCoreList: + description: > + A list or range of CPU cores for PMD threads to be pinned to. Note, NIC + location to cores on socket, number of hyper-threaded logical cores, and + desired number of PMD threads can all play a role in configuring this + setting. These cores should be on the same socket where + OvsDpdkSocketMemory is assigned. If using hyperthreading then specify + both logical cores that would equal the physical core. Also, specifying + more than one core will trigger multiple PMD threads to be spawned which + may improve dataplane performance. + constraints: + - allowed_pattern: "[0-9,-]*" + type: string + default: "" + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Queens cycle. + HostCpusList: + description: List of cores to be used for host process + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkCoreList: + description: List of cores to be used for DPDK Poll Mode Driver + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkMemoryChannels: + description: Number of memory channels to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: '' + NeutronDpdkSocketMemory: + default: '' + description: Memory allocated for each socket + type: string + NeutronDpdkDriverType: + default: "vfio-pci" + description: DPDK Driver type + type: string + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - HostCpusList + - NeutronDpdkCoreList + - NeutronDpdkMemoryChannels + - NeutronDpdkSocketMemory + - NeutronDpdkDriverType + +conditions: + l_cores_empty: {equals: [{get_param: OvsDpdkCoreList}, '']} + pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} + mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} + socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} + driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} + +outputs: + role_data: + description: Role data for the Open vSwitch service. + value: + service_name: openvswitch + config_settings: + map_replace: + - map_replace: + - vswitch::dpdk::driver_type: OvsDpdkDriverType + vswitch::dpdk::host_core_list: OvsDpdkCoreList + vswitch::dpdk::pmd_core_list: OvsPmdCoreList + vswitch::dpdk::memory_channels: OvsDpdkMemoryChannels + vswitch::dpdk::socket_mem: OvsDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} + OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} + OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} + OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} + OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} + + upgrade_tasks: + - name: Check openvswitch version. + tags: step2 + register: ovs_version + ignore_errors: true + shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' + - name: Check openvswitch packaging. + tags: step2 + shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" + register: ovs_packaging_issue + ignore_errors: true + - block: + - name: "Ensure empty directory: emptying." + file: + state: absent + path: /root/OVS_UPGRADE + - name: "Ensure empty directory: creating." + file: + state: directory + path: /root/OVS_UPGRADE + owner: root + group: root + mode: 0750 + - name: Download OVS packages. + command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch + - name: Get rpm list for manual upgrade of OVS. + shell: ls -1 /root/OVS_UPGRADE/*.rpm + register: ovs_list_of_rpms + - name: Manual upgrade of OVS + shell: | + rpm -U --test {{item}} 2>&1 | grep "already installed" || \ + rpm -U --replacepkgs --notriggerun --nopostun {{item}}; + args: + chdir: /root/OVS_UPGRADE + with_items: + - "{{ovs_list_of_rpms.stdout_lines}}" + tags: step2 + when: "'2.5.0-14' in '{{ovs_version.stdout}}' + or + ovs_packaging_issue|succeeded" diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d8e942d0..0a7659e0 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -61,6 +66,8 @@ outputs: # internal_api_subnet - > IP/CIDR tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: get_param: [ServiceNetMap, MysqlNetwork] + tripleo::profile::pacemaker::database::mysql::ca_file: + get_param: InternalTLSCAFile step_config: | include ::tripleo::profile::pacemaker::database::mysql metadata_settings: diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 9a304edb..c707efb1 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -59,10 +59,10 @@ parameters: type: string SwiftCeilometerPipelineEnabled: description: Set to False to disable the swift proxy ceilometer pipeline. - default: True + default: false type: boolean SwiftCeilometerIgnoreProjects: - default: ['services'] + default: ['service'] description: Comma-seperated list of project names to ignore. type: comma_delimited_list RabbitClientPort: @@ -81,7 +81,7 @@ parameters: conditions: - ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]} use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: @@ -118,14 +118,20 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} - swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} - swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - swift::proxy::ceilometer::password: {get_param: SwiftPassword} - swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} - swift::proxy::ceilometer::nonblocking_notify: true + - + if: + - ceilometer_pipeline_enabled + - + swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} + swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} + swift::proxy::ceilometer::nonblocking_notify: true + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + - {} + - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} @@ -168,7 +174,6 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' - swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples |