diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/all-nodes-config.yaml | 44 | ||||
-rw-r--r-- | puppet/services/README.rst | 4 | ||||
-rw-r--r-- | puppet/services/ceph-mon.yaml | 43 | ||||
-rw-r--r-- | puppet/services/ceph-osd.yaml | 50 | ||||
-rw-r--r-- | puppet/services/ceph-rgw.yaml | 4 | ||||
-rw-r--r-- | puppet/services/congress.yaml | 8 | ||||
-rw-r--r-- | puppet/services/heat-api-cfn.yaml | 2 | ||||
-rw-r--r-- | puppet/services/heat-api-cloudwatch.yaml | 2 | ||||
-rw-r--r-- | puppet/services/heat-api.yaml | 2 | ||||
-rw-r--r-- | puppet/services/heat-engine.yaml | 2 | ||||
-rw-r--r-- | puppet/services/kernel.yaml | 1 | ||||
-rw-r--r-- | puppet/services/neutron-l3-compute-dvr.yaml | 25 | ||||
-rw-r--r-- | puppet/services/neutron-l3.yaml | 13 | ||||
-rw-r--r-- | puppet/services/nova-api.yaml | 3 | ||||
-rw-r--r-- | puppet/services/nova-conductor.yaml | 5 | ||||
-rw-r--r-- | puppet/services/nova-placement.yaml | 4 | ||||
-rw-r--r-- | puppet/services/nova-scheduler.yaml | 3 | ||||
-rw-r--r-- | puppet/services/pacemaker.yaml | 2 | ||||
-rw-r--r-- | puppet/services/panko-api.yaml | 6 | ||||
-rw-r--r-- | puppet/services/sahara-engine.yaml | 3 | ||||
-rw-r--r-- | puppet/services/swift-proxy.yaml | 1 |
21 files changed, 170 insertions, 57 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index ee43c3a5..7edf17af 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -68,6 +68,32 @@ parameters: type: boolean default: false + InternalApiNetName: + default: internal_api + description: The name of the internal API network. + type: string + ExternalNetName: + default: external + description: The name of the external network. + type: string + ManagementNetName: + default: management + description: The name of the management network. + type: string + StorageNetName: + default: storage + description: The name of the storage network. + type: string + StorageMgmtNetName: + default: storage_mgmt + description: The name of the Storage management network. + type: string + TenantNetName: + default: tenant + description: The name of the tenant network. + type: string + + resources: allNodesConfigImpl: @@ -175,21 +201,21 @@ resources: get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] keystone_public_api_vip: get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] - public_virtual_ip: {get_param: [NetVipMap, external]} + public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]} controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - storage_virtual_ip: {get_param: [NetVipMap, storage]} - storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]} + storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]} redis_vip: {get_param: RedisVirtualIP} # public_virtual_ip and controller_virtual_ip are needed in # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]} tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]} tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]} tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} cloud_name_external: {get_param: cloud_name_external} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index e5c11535..223c3ed0 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -104,7 +104,9 @@ step, "step2" for the second, etc. 2) Stop all control-plane services, ready for upgrade - 3) Perform a package update, (either specific packages or the whole system) + 3) Perform a package update and install new packages: A general + upgrade is done, and only new package should go into service + ansible tasks. 4) Start services needed for migration tasks (e.g DB) diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 1ce58335..d589ef89 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -59,6 +59,14 @@ parameters: } default: {} type: json + CephValidationRetries: + type: number + default: 5 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 10 + description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string @@ -119,21 +127,32 @@ outputs: # rolling upgrade of all osd nodes in step1 - name: Check status tags: step0,validation - shell: ceph health | grep -qv HEALTH_ERR - # FIXME(shardy) I suspect we can use heat or ansible facts here instead? - - name: Get hostname + shell: ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + - name: Stop CephMon tags: step0 - shell: hostname -s - register: mon_id - - name: Stop Ceph Mon + service: + name: ceph-mon@{{ ansible_hostname }} + state: stopped + - name: Update Ceph packages tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped - - name: Update ceph packages + yum: + name: ceph-mon + state: latest + - name: Start CephMon tags: step0 - yum: name=ceph-mon state=latest - - name: Start ceph-mon service - tags: step0 - service: name=ceph-mon@{{mon_id.stdout}} state=started + service: + name: ceph-mon@{{ ansible_hostname }} + state: started + # ceph-ansible + # https://github.com/ceph/ceph-ansible/blob/master/infrastructure-playbooks/rolling_update.yml#L149-L157 + - name: Wait for the monitor to join the quorum... + tags: step0,ceph_quorum_validation + shell: | + ceph -s | grep monmap | sed 's/.*quorum//' | egrep -sq {{ ansible_hostname }} + register: ceph_quorum_nodecheck + until: ceph_quorum_nodecheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} - name: ceph osd crush tunables default tags: step0 shell: ceph osd crush tunables default diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 9bd83aab..a97fa116 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -21,6 +21,24 @@ parameters: MonitoringSubscriptionCephOsd: default: 'overcloud-ceph-osd' type: string + CephValidationRetries: + type: number + default: 40 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 30 + description: Interval (in seconds) in between validation checks + IgnoreCephUpgradeWarnings: + type: boolean + default: false + description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - IgnoreCephUpgradeWarnings resources: CephBase: @@ -66,17 +84,37 @@ outputs: - name: ceph osd set noscrub tags: step1 command: ceph osd set noscrub - - name: Stop Ceph OSD + - name: Stop CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=stopped + service: + name: ceph-osd@{{ item }} + state: stopped with_items: "{{osd_ids.stdout.strip().split()}}" - - name: Update ceph OSD packages + - name: Update Ceph packages tags: step1 - yum: name=ceph-osd state=latest - - name: Start ceph-osd service + yum: + name: ceph-osd + state: latest + - name: Start CephOSD tags: step1 - service: name=ceph-osd@{{ item }} state=started + service: + name: ceph-osd@{{ item }} + state: started with_items: "{{osd_ids.stdout.strip().split()}}" + # with awk we are meant to check if $2 and $4 are *the same* but it returns 1 when + # they are, so the check is inverted to produce an useful exit code + - name: Wait for clean pgs... + tags: step1,ceph_pgs_clean_validation + vars: + ignore_warnings: {get_param: IgnoreCephUpgradeWarnings} + shell: | + ceph pg stat | awk '{exit($2!=$4)}' && ceph health | egrep -sq "HEALTH_OK|HEALTH_WARN" + register: ceph_pgs_healthcheck + until: ceph_pgs_healthcheck.rc == 0 + retries: {get_param: CephValidationRetries} + delay: {get_param: CephValidationDelay} + when: + - not ignore_warnings - name: ceph osd unset noout tags: step1 command: ceph osd unset noout diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index d7014e54..c5b29c7e 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -87,4 +87,6 @@ outputs: tags: step0,validation - name: Stop RGW instance tags: step1 - service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped + service: + name: ceph-radosgw@{{rgw_id.stdout}} + state: stopped diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index aa8d9a9a..6855a838 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -87,3 +87,11 @@ outputs: step_config: | include ::tripleo::profile::base::congress + + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running" + shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop congress service + tags: step2 + service: name=openstack-congress-server state=stopped diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 7bd2fcf1..3ae4cc70 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cfn service tags: step2 diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 0954ad19..56183535 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -68,7 +68,7 @@ outputs: include ::tripleo::profile::base::heat::api_cloudwatch upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api_cloudwatch service tags: step2 diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ae656b1e..38c5b479 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -86,7 +86,7 @@ outputs: heat::keystone::auth::region: {get_param: KeystoneRegion} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_api service tags: step2 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index f7ec9a41..7787d0a7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -138,7 +138,7 @@ outputs: tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" - shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' + shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' tags: step0,validation - name: Stop heat_engine service tags: step2 diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 29157959..fec455d1 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -31,6 +31,7 @@ outputs: config_settings: kernel_modules: nf_conntrack: {} + ip_conntrack_proto_sctp: {} sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 06927fe0..1d6a2371 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -22,10 +22,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -35,6 +31,19 @@ parameters: tag: openstack.neutron.agent.l3-compute path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + +conditions: + + external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} + resources: NeutronBase: @@ -56,7 +65,11 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron::agents::l3::agent_mode : 'dvr' + - neutron::agents::l3::agent_mode : 'dvr' + - + if: + - external_network_bridge_empty + - {} + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 69803551..4fa49275 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -21,10 +21,6 @@ parameters: Debug: type: string default: '' - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -43,6 +39,15 @@ parameters: tag: openstack.neutron.agent.l3 path: /var/log/neutron/l3-agent.log + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Pike cycle. + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. Usually L2 + agent handles port wiring into external bridge, and hence the + parameter should be unset. + type: string + default: '' + conditions: external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 0adefecd..f27b53f2 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -197,9 +197,6 @@ outputs: - name: Stop and disable nova_api service (pre-upgrade not under httpd) tags: step2 service: name=openstack-nova-api state=stopped enabled=no - - name: update nova api - tags: step2 - yum: name=openstack-nova-api state=latest - name: Create puppet manifest to set transport_url in nova.conf tags: step5 when: is_bootstrap_node diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 7b086536..a19d0f8d 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -69,13 +69,10 @@ outputs: - name: Stop nova_conductor service tags: step2 service: name=openstack-nova-conductor state=stopped - - name: update nova conductor - tags: step2 - yum: name=openstack-nova-conductor state=latest # If not already set by puppet (e.g a pre-ocata version), set the # upgrade_level for compute to "auto" - name: Set compute upgrade level to auto - tags: step3 + tags: step2 ini_file: str_replace: template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 9389c801..3ae19a67 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -79,6 +79,10 @@ outputs: dport: - 8778 - 13778 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 0e0b9d1e..e08bf182 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -67,6 +67,3 @@ outputs: - name: Stop nova_scheduler service tags: step2 service: name=openstack-nova-scheduler state=stopped - - name: update nova scheduler - tags: step2 - yum: name=openstack-nova-scheduler state=latest diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ca21cfbe..9398d6b5 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -143,5 +143,5 @@ outputs: pacemaker_cluster: state=online - name: Check pacemaker resource tags: step4 - pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500 with_items: {get_param: PacemakerResources} diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 4b74ad45..fc127a27 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -84,3 +84,9 @@ outputs: include tripleo::profile::base::panko::api metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + # The panko API isn't installed in newton images, so install + # it on upgrade + - name: Install openstack-panko-api packages on upgrade + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 987fe25b..176514ec 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -53,6 +53,3 @@ outputs: - name: Stop sahara_engine service tags: step2 service: name=openstack-sahara-engine state=stopped - - name: Sync sahara_engine DB - tags: step5 - command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 526fa888..c941b598 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -138,6 +138,7 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples |