aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml44
-rw-r--r--puppet/services/README.rst4
-rw-r--r--puppet/services/ceph-mon.yaml43
-rw-r--r--puppet/services/ceph-osd.yaml50
-rw-r--r--puppet/services/ceph-rgw.yaml4
-rw-r--r--puppet/services/congress.yaml8
-rw-r--r--puppet/services/heat-api-cfn.yaml2
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/heat-engine.yaml2
-rw-r--r--puppet/services/kernel.yaml1
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml25
-rw-r--r--puppet/services/neutron-l3.yaml13
-rw-r--r--puppet/services/nova-api.yaml3
-rw-r--r--puppet/services/nova-conductor.yaml5
-rw-r--r--puppet/services/nova-placement.yaml4
-rw-r--r--puppet/services/nova-scheduler.yaml3
-rw-r--r--puppet/services/pacemaker.yaml2
-rw-r--r--puppet/services/panko-api.yaml6
-rw-r--r--puppet/services/sahara-engine.yaml3
-rw-r--r--puppet/services/swift-proxy.yaml1
21 files changed, 170 insertions, 57 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index ee43c3a5..7edf17af 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -68,6 +68,32 @@ parameters:
type: boolean
default: false
+ InternalApiNetName:
+ default: internal_api
+ description: The name of the internal API network.
+ type: string
+ ExternalNetName:
+ default: external
+ description: The name of the external network.
+ type: string
+ ManagementNetName:
+ default: management
+ description: The name of the management network.
+ type: string
+ StorageNetName:
+ default: storage
+ description: The name of the storage network.
+ type: string
+ StorageMgmtNetName:
+ default: storage_mgmt
+ description: The name of the Storage management network.
+ type: string
+ TenantNetName:
+ default: tenant
+ description: The name of the tenant network.
+ type: string
+
+
resources:
allNodesConfigImpl:
@@ -175,21 +201,21 @@ resources:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
keystone_public_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
- public_virtual_ip: {get_param: [NetVipMap, external]}
+ public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
- storage_virtual_ip: {get_param: [NetVipMap, storage]}
- storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
+ storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
+ storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
redis_vip: {get_param: RedisVirtualIP}
# public_virtual_ip and controller_virtual_ip are needed in
# both HAproxy & keepalived.
- tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
- tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
- tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
+ tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
+ tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
cloud_name_external: {get_param: cloud_name_external}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index e5c11535..223c3ed0 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -104,7 +104,9 @@ step, "step2" for the second, etc.
2) Stop all control-plane services, ready for upgrade
- 3) Perform a package update, (either specific packages or the whole system)
+ 3) Perform a package update and install new packages: A general
+ upgrade is done, and only new package should go into service
+ ansible tasks.
4) Start services needed for migration tasks (e.g DB)
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 1ce58335..d589ef89 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -59,6 +59,14 @@ parameters:
}
default: {}
type: json
+ CephValidationRetries:
+ type: number
+ default: 5
+ description: Number of retry attempts for Ceph validation
+ CephValidationDelay:
+ type: number
+ default: 10
+ description: Interval (in seconds) in between validation checks
MonitoringSubscriptionCephMon:
default: 'overcloud-ceph-mon'
type: string
@@ -119,21 +127,32 @@ outputs:
# rolling upgrade of all osd nodes in step1
- name: Check status
tags: step0,validation
- shell: ceph health | grep -qv HEALTH_ERR
- # FIXME(shardy) I suspect we can use heat or ansible facts here instead?
- - name: Get hostname
+ shell: ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN"
+ - name: Stop CephMon
tags: step0
- shell: hostname -s
- register: mon_id
- - name: Stop Ceph Mon
+ service:
+ name: ceph-mon@{{ ansible_hostname }}
+ state: stopped
+ - name: Update Ceph packages
tags: step0
- service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped
- - name: Update ceph packages
+ yum:
+ name: ceph-mon
+ state: latest
+ - name: Start CephMon
tags: step0
- yum: name=ceph-mon state=latest
- - name: Start ceph-mon service
- tags: step0
- service: name=ceph-mon@{{mon_id.stdout}} state=started
+ service:
+ name: ceph-mon@{{ ansible_hostname }}
+ state: started
+ # ceph-ansible
+ # https://github.com/ceph/ceph-ansible/blob/master/infrastructure-playbooks/rolling_update.yml#L149-L157
+ - name: Wait for the monitor to join the quorum...
+ tags: step0,ceph_quorum_validation
+ shell: |
+ ceph -s | grep monmap | sed 's/.*quorum//' | egrep -sq {{ ansible_hostname }}
+ register: ceph_quorum_nodecheck
+ until: ceph_quorum_nodecheck.rc == 0
+ retries: {get_param: CephValidationRetries}
+ delay: {get_param: CephValidationDelay}
- name: ceph osd crush tunables default
tags: step0
shell: ceph osd crush tunables default
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index 9bd83aab..a97fa116 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -21,6 +21,24 @@ parameters:
MonitoringSubscriptionCephOsd:
default: 'overcloud-ceph-osd'
type: string
+ CephValidationRetries:
+ type: number
+ default: 40
+ description: Number of retry attempts for Ceph validation
+ CephValidationDelay:
+ type: number
+ default: 30
+ description: Interval (in seconds) in between validation checks
+ IgnoreCephUpgradeWarnings:
+ type: boolean
+ default: false
+ description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - IgnoreCephUpgradeWarnings
resources:
CephBase:
@@ -66,17 +84,37 @@ outputs:
- name: ceph osd set noscrub
tags: step1
command: ceph osd set noscrub
- - name: Stop Ceph OSD
+ - name: Stop CephOSD
tags: step1
- service: name=ceph-osd@{{ item }} state=stopped
+ service:
+ name: ceph-osd@{{ item }}
+ state: stopped
with_items: "{{osd_ids.stdout.strip().split()}}"
- - name: Update ceph OSD packages
+ - name: Update Ceph packages
tags: step1
- yum: name=ceph-osd state=latest
- - name: Start ceph-osd service
+ yum:
+ name: ceph-osd
+ state: latest
+ - name: Start CephOSD
tags: step1
- service: name=ceph-osd@{{ item }} state=started
+ service:
+ name: ceph-osd@{{ item }}
+ state: started
with_items: "{{osd_ids.stdout.strip().split()}}"
+ # with awk we are meant to check if $2 and $4 are *the same* but it returns 1 when
+ # they are, so the check is inverted to produce an useful exit code
+ - name: Wait for clean pgs...
+ tags: step1,ceph_pgs_clean_validation
+ vars:
+ ignore_warnings: {get_param: IgnoreCephUpgradeWarnings}
+ shell: |
+ ceph pg stat | awk '{exit($2!=$4)}' && ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN"
+ register: ceph_pgs_healthcheck
+ until: ceph_pgs_healthcheck.rc == 0
+ retries: {get_param: CephValidationRetries}
+ delay: {get_param: CephValidationDelay}
+ when:
+ - not ignore_warnings
- name: ceph osd unset noout
tags: step1
command: ceph osd unset noout
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index d7014e54..c5b29c7e 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -87,4 +87,6 @@ outputs:
tags: step0,validation
- name: Stop RGW instance
tags: step1
- service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped
+ service:
+ name: ceph-radosgw@{{rgw_id.stdout}}
+ state: stopped
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index aa8d9a9a..6855a838 100644
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -87,3 +87,11 @@ outputs:
step_config: |
include ::tripleo::profile::base::congress
+
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running"
+ shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop congress service
+ tags: step2
+ service: name=openstack-congress-server state=stopped
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 7bd2fcf1..3ae4cc70 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cfn service
tags: step2
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 0954ad19..56183535 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -68,7 +68,7 @@ outputs:
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api_cloudwatch service
tags: step2
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index ae656b1e..38c5b479 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -86,7 +86,7 @@ outputs:
heat::keystone::auth::region: {get_param: KeystoneRegion}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_api service
tags: step2
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index f7ec9a41..7787d0a7 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -138,7 +138,7 @@ outputs:
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
upgrade_tasks:
- name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
- shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
+ shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
tags: step0,validation
- name: Stop heat_engine service
tags: step2
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 29157959..fec455d1 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -31,6 +31,7 @@ outputs:
config_settings:
kernel_modules:
nf_conntrack: {}
+ ip_conntrack_proto_sctp: {}
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index 06927fe0..1d6a2371 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -22,10 +22,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
MonitoringSubscriptionNeutronL3Dvr:
default: 'overcloud-neutron-l3-dvr'
type: string
@@ -35,6 +31,19 @@ parameters:
tag: openstack.neutron.agent.l3-compute
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
+conditions:
+
+ external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
+
resources:
NeutronBase:
@@ -56,7 +65,11 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
- neutron::agents::l3::agent_mode : 'dvr'
+ - neutron::agents::l3::agent_mode : 'dvr'
+ -
+ if:
+ - external_network_bridge_empty
+ - {}
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 69803551..4fa49275 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -21,10 +21,6 @@ parameters:
Debug:
type: string
default: ''
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
@@ -43,6 +39,15 @@ parameters:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Pike cycle.
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic. Usually L2
+ agent handles port wiring into external bridge, and hence the
+ parameter should be unset.
+ type: string
+ default: ''
+
conditions:
external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 0adefecd..f27b53f2 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -197,9 +197,6 @@ outputs:
- name: Stop and disable nova_api service (pre-upgrade not under httpd)
tags: step2
service: name=openstack-nova-api state=stopped enabled=no
- - name: update nova api
- tags: step2
- yum: name=openstack-nova-api state=latest
- name: Create puppet manifest to set transport_url in nova.conf
tags: step5
when: is_bootstrap_node
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index 7b086536..a19d0f8d 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -69,13 +69,10 @@ outputs:
- name: Stop nova_conductor service
tags: step2
service: name=openstack-nova-conductor state=stopped
- - name: update nova conductor
- tags: step2
- yum: name=openstack-nova-conductor state=latest
# If not already set by puppet (e.g a pre-ocata version), set the
# upgrade_level for compute to "auto"
- name: Set compute upgrade level to auto
- tags: step3
+ tags: step2
ini_file:
str_replace:
template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 9389c801..3ae19a67 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -79,6 +79,10 @@ outputs:
dport:
- 8778
- 13778
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index 0e0b9d1e..e08bf182 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -67,6 +67,3 @@ outputs:
- name: Stop nova_scheduler service
tags: step2
service: name=openstack-nova-scheduler state=stopped
- - name: update nova scheduler
- tags: step2
- yum: name=openstack-nova-scheduler state=latest
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index ca21cfbe..9398d6b5 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -143,5 +143,5 @@ outputs:
pacemaker_cluster: state=online
- name: Check pacemaker resource
tags: step4
- pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200
+ pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500
with_items: {get_param: PacemakerResources}
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 4b74ad45..fc127a27 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -84,3 +84,9 @@ outputs:
include tripleo::profile::base::panko::api
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ # The panko API isn't installed in newton images, so install
+ # it on upgrade
+ - name: Install openstack-panko-api packages on upgrade
+ tags: step3
+ yum: name=openstack-panko-api state=latest
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index 987fe25b..176514ec 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -53,6 +53,3 @@ outputs:
- name: Stop sahara_engine service
tags: step2
service: name=openstack-sahara-engine state=stopped
- - name: Sync sahara_engine DB
- tags: step5
- command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 526fa888..c941b598 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -138,6 +138,7 @@ outputs:
- ''
- 'proxy-logging'
- 'proxy-server'
+ swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples