aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/blockstorage-role.yaml704
-rw-r--r--puppet/cephstorage-role.yaml718
-rw-r--r--puppet/compute-role.yaml744
-rw-r--r--puppet/controller-role.yaml782
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml1
-rw-r--r--puppet/major_upgrade_steps.j2.yaml225
-rw-r--r--puppet/objectstorage-role.yaml703
-rw-r--r--puppet/post-upgrade.j2.yaml30
-rw-r--r--puppet/post.j2.yaml31
-rw-r--r--puppet/puppet-steps.j2156
-rw-r--r--puppet/role.role.j2.yaml240
-rw-r--r--puppet/services/README.rst14
-rw-r--r--puppet/services/database/mongodb.yaml6
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml30
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml36
-rw-r--r--puppet/services/haproxy.yaml26
-rw-r--r--puppet/services/nova-compute.yaml5
-rw-r--r--puppet/services/nova-libvirt.yaml5
-rw-r--r--puppet/services/pacemaker_remote.yaml13
-rw-r--r--puppet/services/tripleo-packages.yaml4
20 files changed, 287 insertions, 4186 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
deleted file mode 100644
index de7b6b49..00000000
--- a/puppet/blockstorage-role.yaml
+++ /dev/null
@@ -1,704 +0,0 @@
-heat_template_version: pike
-description: 'OpenStack cinder storage configured by Puppet'
-parameters:
- BlockStorageImage:
- default: overcloud-full
- type: string
- constraints:
- - custom_constraint: glance.image
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that BlockStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- BlockStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- BlockStorageIPs:
- default: {}
- type: json
- OvercloudBlockStorageFlavor:
- description: Flavor for block storage nodes to request when deploying.
- type: string
- default: baremetal
- constraints:
- - custom_constraint: nova.flavor
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- BlockStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- BlockStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
- BlockStorage:
- type: OS::TripleO::BlockStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image:
- {get_param: BlockStorageImage}
- flavor: {get_param: OvercloudBlockStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: BlockStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: BlockStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::BlockStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::BlockStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::BlockStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::BlockStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::BlockStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::BlockStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::BlockStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::BlockStorage::PreNetworkConfig
- properties:
- server: {get_resource: BlockStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: BlockStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
- BlockStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- BlockStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: BlockStorageUpgradeInitDeployment
- server: {get_resource: BlockStorage}
- config: {get_resource: BlockStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- BlockStorageDeployment:
- type: OS::Heat::StructuredDeployment
- depends_on: BlockStorageUpgradeInitDeployment
- properties:
- name: BlockStorageDeployment
- server: {get_resource: BlockStorage}
- config: {get_resource: BlockStorageConfig}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- # Map heat metadata into hiera datafiles
- BlockStorageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - volume_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - volume
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- volume_extraconfig: {get_param: BlockStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- volume:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: BlockStorageDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: BlockStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: BlockStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- config: {get_resource: UpdateConfig}
- server: {get_resource: BlockStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: BlockStorageDeployment
- properties:
- server: {get_resource: BlockStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [BlockStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [BlockStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [BlockStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the block storage server
- value:
- {get_resource: BlockStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [BlockStorage, os_collect_config]}
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
deleted file mode 100644
index ce44fd68..00000000
--- a/puppet/cephstorage-role.yaml
+++ /dev/null
@@ -1,718 +0,0 @@
-heat_template_version: pike
-description: 'OpenStack ceph storage node configured by Puppet'
-parameters:
- OvercloudCephStorageFlavor:
- description: Flavor for the Ceph Storage node.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- CephStorageImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that CephStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- CephStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- CephStorageIPs:
- default: {}
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- CephStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- CephStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
- CephStorage:
- type: OS::TripleO::CephStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: CephStorageImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudCephStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: CephStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: CephStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::CephStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::CephStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::CephStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::CephStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::CephStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::CephStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::CephStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::CephStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::CephStorage::PreNetworkConfig
- properties:
- server: {get_resource: CephStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: CephStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
- CephStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- CephStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: CephStorageUpgradeInitDeployment
- server: {get_resource: CephStorage}
- config: {get_resource: CephStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageDeployment:
- type: OS::Heat::StructuredDeployment
- depends_on: CephStorageUpgradeInitDeployment
- properties:
- name: CephStorageDeployment
- config: {get_resource: CephStorageConfig}
- server: {get_resource: CephStorage}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - ceph_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - ceph
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- ceph_extraconfig: {get_param: CephStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- ceph:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: CephStorageDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- CephStorageExtraConfigPre:
- depends_on: CephStorageDeployment
- type: OS::TripleO::CephStorageExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- config: {get_resource: UpdateConfig}
- server: {get_resource: CephStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: CephStorageDeployment
- properties:
- server: {get_resource: CephStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [CephStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [CephStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the ceph storage server
- value:
- {get_resource: CephStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [CephStorage, os_collect_config]}
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
deleted file mode 100644
index af45793e..00000000
--- a/puppet/compute-role.yaml
+++ /dev/null
@@ -1,744 +0,0 @@
-heat_template_version: pike
-
-description: >
- OpenStack hypervisor node configured via Puppet.
-
-parameters:
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that NovaComputeExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudComputeFlavor:
- description: Flavor for the nova compute node
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- NovaImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- NodeIndex:
- type: number
- default: 0
- NovaComputeExtraConfig:
- default: {}
- description: |
- NovaCompute specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- NovaComputeIPs:
- default: {}
- type: json
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- NovaComputeServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- NovaComputeSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
-
-resources:
-
- NovaCompute:
- type: OS::TripleO::ComputeServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: NovaImage}
- image_update_policy:
- get_param: ImageUpdatePolicy
- flavor: {get_param: OvercloudComputeFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: NovaComputeServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: NovaComputeSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Compute::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Compute::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::Compute::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::Compute::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::Compute::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::Compute::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::Compute::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Compute::PreNetworkConfig
- properties:
- server: {get_resource: NovaCompute}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Compute::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- config: {get_resource: NetworkConfig}
- server: {get_resource: NovaCompute}
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- NovaComputeUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- NovaComputeUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: NovaComputeUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: NovaCompute}
- config: {get_resource: NovaComputeUpgradeInitConfig}
-
- NovaComputeConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - compute_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - compute
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- - nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- - midonet_data # Optionally provided by AllNodesExtraConfig
- - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- compute_extraconfig: {get_param: NovaComputeExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- compute:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- NovaComputeDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: NovaComputeUpgradeInitDeployment
- properties:
- name: NovaComputeDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: NovaComputeConfig}
- server: {get_resource: NovaCompute}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ComputeExtraConfigPre:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::ComputeExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: NovaCompute}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: NovaComputeDeployment
- properties:
- server: {get_resource: NovaCompute}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [NovaCompute, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: NovaCompute}
- condition: server_not_blacklisted
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [NovaCompute, os_collect_config]}
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
deleted file mode 100644
index 38589a4e..00000000
--- a/puppet/controller-role.yaml
+++ /dev/null
@@ -1,782 +0,0 @@
-heat_template_version: pike
-
-description: >
- OpenStack controller node configured by Puppet.
-
-parameters:
- controllerExtraConfig:
- default: {}
- description: |
- Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
- type: json
- ControllerExtraConfig:
- default: {}
- description: |
- Controller specific hiera configuration data to inject into the cluster.
- type: json
- ControllerIPs:
- default: {}
- description: >
- A network mapped list of IPs to assign to Controllers in the following form:
- {
- "internal_api": ["a.b.c.d", "e.f.g.h"],
- ...
- }
- type: json
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- ExtraConfig:
- default: {}
- description: |
- Additional hieradata to inject into the cluster, note that
- ControllerExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudControlFlavor:
- description: Flavor for control nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- controllerImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- NodeIndex:
- type: number
- default: 0
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- ControllerServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- ControllerSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - controllerExtraConfig
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
-
- Controller:
- type: OS::TripleO::ControllerServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: controllerImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudControlFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: ControllerServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: ControllerSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Controller::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Controller::Ports::ExternalPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- InternalApiPort:
- type: OS::TripleO::Controller::Ports::InternalApiPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StoragePort:
- type: OS::TripleO::Controller::Ports::StoragePort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StorageMgmtPort:
- type: OS::TripleO::Controller::Ports::StorageMgmtPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- TenantPort:
- type: OS::TripleO::Controller::Ports::TenantPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- ManagementPort:
- type: OS::TripleO::Controller::Ports::ManagementPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Controller::PreNetworkConfig
- properties:
- server: {get_resource: Controller}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Controller::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: Controller}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NetworkDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: Controller}
-
- # Resource for site-specific passing of private keys/certificates
- NodeTLSData:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeTLSData
- properties:
- server: {get_resource: Controller}
- NodeIndex: {get_param: NodeIndex}
-
- ControllerUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- ControllerUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: ControllerUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: Controller}
- config: {get_resource: ControllerUpgradeInitConfig}
-
- ControllerDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: ControllerUpgradeInitDeployment
- properties:
- name: ControllerDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: ControllerConfig}
- server: {get_resource: Controller}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Map heat metadata into hiera datafiles
- ControllerConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - controller_extraconfig
- - extraconfig
- - service_configs
- - service_names
- - controller
- - bootstrap_node # provided by BootstrapNodeConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- - midonet_data #Optionally provided by AllNodesExtraConfig
- - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- controller_extraconfig:
- map_merge:
- - {get_param: controllerExtraConfig}
- - {get_param: ControllerExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- controller:
- # Misc
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ControllerExtraConfigPre:
- depends_on: ControllerDeployment
- type: OS::TripleO::ControllerExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ControllerExtraConfigPre, NodeTLSData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: Controller}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: ControllerDeployment
- properties:
- server: {get_resource: Controller}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [Controller, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description:
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [Controller, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [Controller, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: Controller}
- condition: server_not_blacklisted
- tls_key_modulus_md5:
- description: MD5 checksum of the TLS Key Modulus
- value: {get_attr: [NodeTLSData, key_modulus_md5]}
- tls_cert_modulus_md5:
- description: MD5 checksum of the TLS Certificate Modulus
- value: {get_attr: [NodeTLSData, cert_modulus_md5]}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [Controller, os_collect_config]}
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 8cba4351..e81b1142 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -7,6 +7,7 @@ description: >
parameters:
# Can be overridden via parameter_defaults in the environment
SSLCertificate:
+ default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
deleted file mode 100644
index 11113eec..00000000
--- a/puppet/major_upgrade_steps.j2.yaml
+++ /dev/null
@@ -1,225 +0,0 @@
-{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% set batch_upgrade_steps_max = 3 -%}
-{% set upgrade_steps_max = 6 -%}
-{% set deliver_script = {'deliver': False} -%}
-heat_template_version: pike
-description: 'Upgrade steps for all roles'
-
-parameters:
- servers:
- type: json
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- ctlplane_service_ips:
- type: json
- UpdateIdentifier:
- type: string
- default: ''
- description: >
- Setting to a previously unused value during stack-update will trigger
- the Upgrade resources to re-run on all roles.
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
- NovaPassword:
- description: The password for the nova service and db account
- type: string
- hidden: true
-
-resources:
-
-{% for role in roles if role.disable_upgrade_deployment|default(false) %}
- {{role.name}}DeliverUpgradeScriptConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "set -eu\n\n"
- - str_replace:
- template: |
- ROLE='ROLE_NAME'
- params:
- ROLE_NAME: {{role.name}}
- - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
- - get_file: ../extraconfig/tasks/run_puppet.sh
- - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
-
- {{role.name}}DeliverUpgradeScriptDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
-{% endfor %}
-
-# Upgrade Steps for all roles, batched updates
-# The UpgradeConfig resources could actually be created without
-# serialization, but the event output is easier to follow if we
-# do, and there should be minimal performance hit (creating the
-# config is cheap compared to the time to apply the deployment).
-{% for step in range(0, batch_upgrade_steps_max) %}
- # Batch config resources step {{step}}
- {%- for role in roles %}
- {{role.name}}UpgradeBatchConfig_Step{{step}}:
- type: OS::TripleO::UpgradeConfig
- {%- if step > 0 %}
- depends_on:
- {%- for role_inside in enabled_roles %}
- - {{role_inside.name}}UpgradeBatch_Step{{step -1}}
- {%- endfor %}
- {% else %}
- {% for role in roles if role.disable_upgrade_deployment|default(false) %}
- {% if deliver_script.update({'deliver': True}) %} {% endif %}
- {% endfor %}
- {% if deliver_script.deliver %}
- depends_on:
- {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
- - {{dep.name}}DeliverUpgradeScriptDeployment
- {% endfor %}
- {% endif %}
- {% endif %}
- properties:
- UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
- step: {{step}}
- {%- endfor %}
-
- # Batch deployment resources for step {{step}} (only for enabled roles)
- {%- for role in enabled_roles %}
- {{role.name}}UpgradeBatch_Step{{step}}:
- type: OS::Heat::SoftwareDeploymentGroup
- {%- if step > 0 %}
- depends_on:
- {%- for role_inside in enabled_roles %}
- - {{role_inside.name}}UpgradeBatch_Step{{step -1}}
- {%- endfor %}
- {% else %}
- {% for role in roles if role.disable_upgrade_deployment|default(false) %}
- {% if deliver_script.update({'deliver': True}) %} {% endif %}
- {% endfor %}
- {% if deliver_script.deliver %}
- depends_on:
- {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
- - {{dep.name}}DeliverUpgradeScriptDeployment
- {% endfor %}
- {% endif %}
- {% endif %}
- update_policy:
- batch_create:
- max_batch_size: {{role.upgrade_batch_size|default(1)}}
- rolling_update:
- max_batch_size: {{role.upgrade_batch_size|default(1)}}
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}}
- input_values:
- role: {{role.name}}
- update_identifier: {get_param: UpdateIdentifier}
- {%- endfor %}
-{%- endfor %}
-
-# Dump the puppet manifests to be apply later when disable_upgrade_deployment
-# is to true
-{% for role in roles if role.disable_upgrade_deployment|default(false) %}
- {{role.name}}DeliverPuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - str_replace:
- template: |
- #!/bin/bash
- cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT
- PUPPET_CLASSES
- ENDOFCAT
- params:
- PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]}
-
- {{role.name}}DeliverPuppetDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}DeliverPuppetConfig}
-{% endfor %}
-
-# Upgrade Steps for all roles
-{%- for step in range(0, upgrade_steps_max) %}
- # Config resources for step {{step}}
- {%- for role in roles %}
- {{role.name}}UpgradeConfig_Step{{step}}:
- type: OS::TripleO::UpgradeConfig
- # The UpgradeConfig resources could actually be created without
- # serialization, but the event output is easier to follow if we
- # do, and there should be minimal performance hit (creating the
- # config is cheap compared to the time to apply the deployment).
- depends_on:
- {%- for role_inside in enabled_roles %}
- {%- if step > 0 %}
- - {{role_inside.name}}Upgrade_Step{{step -1}}
- {%- else %}
- - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
- {%- endif %}
- {%- endfor %}
- properties:
- UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
- step: {{step}}
- {%- endfor %}
-
- # Deployment resources for step {{step}} (only for enabled roles)
- {%- for role in enabled_roles %}
- {{role.name}}Upgrade_Step{{step}}:
- type: OS::Heat::SoftwareDeploymentGroup
- depends_on:
- {%- for role_inside in enabled_roles %}
- {%- if step > 0 %}
- - {{role_inside.name}}Upgrade_Step{{step -1}}
- {%- else %}
- - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
- {%- endif %}
- {%- endfor %}
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}}
- input_values:
- role: {{role.name}}
- update_identifier: {get_param: UpdateIdentifier}
- {%- endfor %}
-{%- endfor %}
-
- # Post upgrade deployment steps for all roles
- # This runs the normal configuration (e.g puppet) steps unless upgrade
- # is disabled for the role
- AllNodesPostUpgradeSteps:
- type: OS::TripleO::PostUpgradeSteps
- depends_on:
-{%- for dep in enabled_roles %}
- - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}}
-{%- endfor %}
- properties:
- servers: {get_param: servers}
- stack_name: {get_param: stack_name}
- role_data: {get_param: role_data}
- ctlplane_service_ips: {get_param: ctlplane_service_ips}
-
-outputs:
- # Output the config for each role, just use Step1 as the config should be
- # the same for all steps (only the tag provided differs)
- upgrade_configs:
- description: The per-role upgrade configuration used
- value:
-{% for role in roles %}
- {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
-{% endfor %}
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
deleted file mode 100644
index 10e56450..00000000
--- a/puppet/objectstorage-role.yaml
+++ /dev/null
@@ -1,703 +0,0 @@
-heat_template_version: pike
-description: 'OpenStack swift storage node configured by Puppet'
-parameters:
- OvercloudSwiftStorageFlavor:
- description: Flavor for Swift storage nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- SwiftStorageImage:
- default: overcloud-full
- type: string
- constraints:
- - custom_constraint: glance.image
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that ObjectStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- ObjectStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- SwiftStorageIPs:
- default: {}
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- SwiftStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- ObjectStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
-
- SwiftStorage:
- type: OS::TripleO::ObjectStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: SwiftStorageImage}
- flavor: {get_param: OvercloudSwiftStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: SwiftStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: ObjectStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::ObjectStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::SwiftStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::SwiftStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::SwiftStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::SwiftStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::SwiftStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::ObjectStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::ObjectStorage::PreNetworkConfig
- properties:
- server: {get_resource: SwiftStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: SwiftStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
-
- SwiftStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- SwiftStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: SwiftStorageUpgradeInitDeployment
- server: {get_resource: SwiftStorage}
- config: {get_resource: SwiftStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SwiftStorageHieraConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - object_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - object
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- object_extraconfig: {get_param: ObjectStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- object:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- SwiftStorageHieraDeploy:
- type: OS::Heat::StructuredDeployment
- depends_on: SwiftStorageUpgradeInitDeployment
- properties:
- name: SwiftStorageHieraDeploy
- server: {get_resource: SwiftStorage}
- config: {get_resource: SwiftStorageHieraConfig}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: SwiftStorageHieraDeploy
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: SwiftStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: SwiftStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- config: {get_resource: UpdateConfig}
- server: {get_resource: SwiftStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: SwiftStorageHieraDeploy
- properties:
- server: {get_resource: SwiftStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [SwiftStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [SwiftStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [SwiftStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the swift storage server
- value:
- {get_resource: SwiftStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [SwiftStorage, os_collect_config]}
diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml
deleted file mode 100644
index bdd1e613..00000000
--- a/puppet/post-upgrade.j2.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-heat_template_version: pike
-
-description: >
- Post-upgrade configuration steps via puppet for all roles
- where upgrade is not disabled as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-resources:
-# Note the include here is the same as post.j2.yaml but the data used at
-# the time of rendering is different if any roles disable upgrades
-{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% include 'puppet-steps.j2' %}
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
deleted file mode 100644
index 67e1ecfd..00000000
--- a/puppet/post.j2.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-heat_template_version: pike
-
-description: >
- Post-deploy configuration steps via puppet for all roles,
- as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-{% include 'puppet-steps.j2' %}
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
deleted file mode 100644
index f7651a57..00000000
--- a/puppet/puppet-steps.j2
+++ /dev/null
@@ -1,156 +0,0 @@
-{% set deploy_steps_max = 6 %}
-conditions:
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}_Enabled:
- or:
- {%- for role in roles %}
- - not:
- equals:
- - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
- - ''
- - False
- {%- endfor %}
-{% endfor %}
-
-resources:
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
-{% for role in roles %}
- # {{role.name}} Role post-deploy steps
- {{role.name}}ArtifactsConfig:
- type: deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- name: {{role.name}}ArtifactsDeploy
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
-
- # Step through a series of configuration steps
-{% for step in range(1, deploy_steps_max) %}
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- depends_on:
- - WorkflowTasks_Step{{step}}_Execution
- # TODO(gfidente): the following if/else condition
- # replicates what is already defined for the
- # WorkflowTasks_StepX resource and can be remove
- # if https://bugs.launchpad.net/heat/+bug/1700569
- # is fixed.
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-{% endfor %}
-
- # Note, this should be the last step to execute configuration changes.
- # Ensure that all {{role.name}}ExtraConfigPost steps are executed
- # after all the previous deployment steps.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {%- endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- # The {{role.name}}PostConfig steps are in charge of
- # quiescing all services, i.e. in the Controller case,
- # we should run a full service reload.
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}ExtraConfigPost
- {%- endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
-
-{% endfor %}
-
-# BEGIN service_workflow_tasks handling
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}:
- type: OS::Mistral::Workflow
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on:
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
- type: direct
- tasks:
- yaql:
- expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
- data:
- {%- for role in roles %}
- - get_param: [role_data, {{role.name}}, service_workflow_tasks]
- {%- endfor %}
-
- WorkflowTasks_Step{{step}}_Execution:
- type: OS::Mistral::ExternalResource
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on: WorkflowTasks_Step{{step}}
- properties:
- actions:
- CREATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- UPDATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- always_update: true
-{% endfor %}
-# END service_workflow_tasks handling
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 23d8896e..5453e65c 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -1,27 +1,40 @@
-{# ## Some variables are set to enable rendering backwards compatible templates #}
-{# ## where a few parameter/resource names don't match the expected pattern #}
-{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
-{%- if role.name == 'Controller' -%}
- {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
-{% endif %}
+{#- ## Some variables are set to enable rendering backwards compatible templates #}
+{#- ## where a few parameter/resource names don't match the expected pattern #}
+{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
heat_template_version: pike
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
+{%- set default_flavor_name = 'baremetal' %}
+{%- if role.deprecated_param_flavor is defined %}
+ {{role.deprecated_param_flavor}}:
+ description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
+ default: {{default_flavor_name}}
+ type: string
+{%- endif %}
Overcloud{{role.name}}Flavor:
description: Flavor for the {{role.name}} node.
- default: baremetal
+ default: {{default_flavor_name}}
type: string
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.flavor
-{% endif %}
+{%- endif %}
+{%- set default_image_name = 'overcloud-full' %}
+{%- if role.deprecated_param_image is defined %}
+ {{role.deprecated_param_image}}:
+ type: string
+ default: {{default_image_name}}
+ description: DEPRECATED Use {{role.name}}Image instead
+{%- endif %}
{{role.name}}Image:
type: string
- default: overcloud-full
-{% if role.disable_constraints is not defined %}
+ default: {{default_image_name}}
+ description: The disk image file to use for the role.
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: glance.image
-{% endif %}
+{%- endif %}
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
@@ -30,13 +43,13 @@ parameters:
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
default: default
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.keypair
-{% endif %}
+{%- endif %}
NeutronPhysicalBridge:
default: 'br-ex'
- description: An OVS bridge to create for accessing tenant networks.
+ description: An OVS bridge to create for accessing external networks.
type: string
NeutronPublicInterface:
default: nic1
@@ -76,8 +89,8 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
-{%- if deprecated_extraconfig_param is defined %}
- {{deprecated_extraconfig_param}}:
+{%- if role.deprecated_param_extraconfig is defined %}
+ {{role.deprecated_param_extraconfig}}:
default: {}
description: |
DEPRECATED use {{role.name}}ExtraConfig instead
@@ -86,6 +99,12 @@ parameters:
{{role.name}}IPs:
default: {}
type: json
+{%- if role.deprecated_param_ips is defined %}
+ {{role.deprecated_param_ips}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}IPs instead
+ type: json
+{%- endif %}
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -112,6 +131,12 @@ parameters:
role-specific and is merged with the values given to the ServerMetadata
parameter.
type: json
+{%- if role.deprecated_param_metadata is defined %}
+ {{role.deprecated_param_metadata}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}ServerMetadata instead
+ type: json
+{%- endif %}
ServerMetadata:
default: {}
description: >
@@ -123,6 +148,12 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ {{role.deprecated_param_scheduler_hints}}:
+ type: json
+ description: DEPRECATED - use {{role.name}}SchedulerHints instead
+ default: {}
+{%- endif %}
NodeIndex:
type: number
default: 0
@@ -202,12 +233,16 @@ parameters:
object: 0
default: {}
-{% if deprecated_extraconfig_param is defined %}
+{% if role.uses_deprecated_params is defined %}
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- - {{deprecated_extraconfig_param}}
+{%- for property in role %}
+{%- if property.startswith('deprecated_param_') %}
+ - {{role[property]}}
+{%- endif %}
+{%- endfor %}
{%- endif %}
conditions:
@@ -222,18 +257,48 @@ conditions:
- DeploymentSwiftDataMap
- {get_param: Hostname}
- ""
+{%- if role.deprecated_param_image is defined %}
+ deprecated_param_image_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_image}}}
+ - {{default_image_name}}
+{%- endif %}
+{%- if role.deprecated_param_flavor is defined %}
+ deprecated_param_flavor_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {{default_flavor_name}}
+{%- endif %}
resources:
- {{role.name}}:
+ {{server_resource_name}}:
type: OS::TripleO::{{role.name}}Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
splay: {get_param: ConfigCollectSplay}
properties:
- image: {get_param: {{role.name}}Image}
+ image:
+{%- if role.deprecated_param_image is defined %}
+ if:
+ - deprecated_param_image_set
+ - {get_param: {{role.deprecated_param_image}}}
+ - {get_param: {{role.name}}Image}
+{%- else %}
+ get_param: {{role.name}}Image
+{%- endif %}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Overcloud{{role.name}}Flavor}
+ flavor:
+{%- if role.deprecated_param_flavor is defined %}
+ if:
+ - deprecated_param_flavor_set
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {get_param: Overcloud{{role.name}}Flavor}
+{%- else %}
+ get_param: Overcloud{{role.name}}Flavor
+{%- endif %}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -247,9 +312,17 @@ resources:
metadata:
map_merge:
- {get_param: ServerMetadata}
+{%- if role.deprecated_param_metadata is defined %}
+ - {get_param: {{role.deprecated_param_metadata}}}
+{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: {{role.name}}SchedulerHints}
+ scheduler_hints:
+ map_merge:
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ - {get_param: {{role.deprecated_param_scheduler_hints}}}
+{%- endif %}
+ - {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
@@ -288,15 +361,20 @@ resources:
{{network.name}}Port:
type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
properties:
- ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role.name}}IPs}
+ ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
+ IPPool:
+ map_merge:
+{%- if role.deprecated_param_ips is defined %}
+ - {get_param: {{role.deprecated_param_ips}}}
+{%- endif %}
+ - {get_param: {{role.name}}IPs}
NodeIndex: {get_param: NodeIndex}
{%- endfor %}
NetworkConfig:
type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
{%- endfor %}
@@ -304,7 +382,7 @@ resources:
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
@@ -320,91 +398,91 @@ resources:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
internal_api:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
storage:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
storage_mgmt:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
tenant:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
management:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
ctlplane:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
PreNetworkConfig:
type: OS::TripleO::{{role.name}}::PreNetworkConfig
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
deployment_actions: {get_attr: [DeploymentActions, value]}
@@ -415,7 +493,7 @@ resources:
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
@@ -426,7 +504,7 @@ resources:
- {get_param: NetworkDeploymentActions}
- []
- {{role.name}}UpgradeInitConfig:
+ {{server_resource_name}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
@@ -440,26 +518,26 @@ resources:
# Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- {{role.name}}UpgradeInitDeployment:
+ {{server_resource_name}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
properties:
- name: {{role.name}}UpgradeInitDeployment
- server: {get_resource: {{role.name}}}
- config: {get_resource: {{role.name}}UpgradeInitConfig}
+ name: {{server_resource_name}}UpgradeInitDeployment
+ server: {get_resource: {{server_resource_name}}}
+ config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
actions:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Deployment:
+ {{server_resource_name}}Deployment:
type: OS::Heat::StructuredDeployment
- depends_on: {{role.name}}UpgradeInitDeployment
+ depends_on: {{server_resource_name}}UpgradeInitDeployment
properties:
- name: {{role.name}}Deployment
- config: {get_resource: {{role.name}}Config}
- server: {get_resource: {{role.name}}}
+ name: {{server_resource_name}}Deployment
+ config: {get_resource: {{server_resource_name}}Config}
+ server: {get_resource: {{server_resource_name}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
actions:
@@ -468,7 +546,7 @@ resources:
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Config:
+ {{server_resource_name}}Config:
type: OS::Heat::StructuredConfig
properties:
group: hiera
@@ -486,6 +564,13 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
+ # The following are required for compatibility with the Controller role
+ # where some vendor integrations added hieradata via ExtraConfigPre
+ - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -497,10 +582,10 @@ resources:
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.name.lower()}}_extraconfig:
map_merge:
-{%- if deprecated_extraconfig_param is defined %}
- - {get_param: {{deprecated_extraconfig_param}}}
+{%- if role.deprecated_param_extraconfig is defined %}
+ - {get_param: {{role.deprecated_param_extraconfig}}}
{%- endif %}
- - {get_param: {{role.name}}ExtraConfig}
+ - {get_param: {{server_resource_name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -513,16 +598,13 @@ resources:
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
- {%- if 'primary' in role.tags and 'controller' in role.tags %}
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- {%- endif -%}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
{%- if 'primary' in role.tags and 'controller' in role.tags %}
# Resource for site-specific passing of private keys/certificates
@@ -530,19 +612,19 @@ resources:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeTLSData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
NodeIndex: {get_param: NodeIndex}
{%- endif -%}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
type: OS::TripleO::{{role.name}}ExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
@@ -559,7 +641,7 @@ resources:
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
@@ -570,7 +652,7 @@ resources:
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
input_values:
update_identifier:
get_param: UpdateIdentifier
@@ -591,18 +673,18 @@ resources:
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
- value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
hostname:
description: Hostname of the server
- value: {get_attr: [{{role.name}}, name]}
+ value: {get_attr: [{{server_resource_name}}, name]}
hostname_map:
description: Mapping of network names to hostnames
value:
@@ -622,12 +704,12 @@ outputs:
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
known_hosts_entry:
description: Entry for ssh known hosts
@@ -641,18 +723,18 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for {{role.name}} server
value:
- {get_resource: {{role.name}}}
+ {get_resource: {{server_resource_name}}}
condition: server_not_blacklisted
deployed_server_port_map:
description: |
@@ -664,7 +746,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
map_replace:
- hostname:
fixed_ips:
- - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
- keys:
hostname:
list_join:
@@ -682,14 +764,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
container:
str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 5
object:
str_split:
- '?'
- str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 6
- 0
- keys: {hostname: {get_param: Hostname}}
@@ -703,7 +785,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
{%- endif %}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [{{role.name}}, os_collect_config]}
+ value: {get_attr: [{{server_resource_name}}, os_collect_config]}
{%- for network in networks %}
{{network.name_lower|default(network.name.lower())}}_ip_address:
description: IP address of the server in the {{network.name}} network
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index d55414b7..a593d55e 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service
upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
step, "step2" for the second, etc.
- Steps/tages correlate to the following:
+ Steps/tags correlate to the following:
1) Stop all control-plane services.
@@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run
puppet which does any reconfiguration required for the new version, then starts
the services.
+Update Steps
+------------
+
+Each service template may optionally define a `update_tasks` key, which is a
+list of ansible tasks to be performed during the minor update process.
+
+Similar to the upgrade_tasks, we allow a series of steps for the per-service
+update sequence, but note update_task selects the steps via a conditional
+referencing the step variable e.g when: step == 2, which is different to the
+tags based approach used for upgrade_tasks (the two may be aligned in future).
+
+
Nova Server Metadata Settings
-----------------------------
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 04f34e24..dcead0f7 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -47,6 +47,11 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -98,6 +103,7 @@ outputs:
generate_service_certificates: true
mongodb::server::ssl: true
mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
mongodb_certificate_specs:
service_pem: '/etc/pki/tls/certs/mongodb.pem'
service_certificate: '/etc/pki/tls/certs/mongodb.crt'
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 3355a0d3..642685a8 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
@@ -55,16 +61,30 @@ outputs:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index f1739f78..b2766c44 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
outputs:
role_data:
@@ -38,14 +44,32 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::haproxy::service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index a37135da..6b2d028f 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -57,6 +57,16 @@ parameters:
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
+ SSLCertificate:
+ default: ''
+ description: >
+ The content of the SSL certificate (without Key) in PEM format.
+ type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
@@ -68,6 +78,14 @@ parameters:
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
+conditions:
+
+ public_tls_enabled:
+ not:
+ equals:
+ - {get_param: SSLCertificate}
+ - ""
+
resources:
HAProxyPublicTLS:
@@ -98,8 +116,6 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- - get_attr: [HAProxyPublicTLS, role_data, config_settings]
- - get_attr: [HAProxyInternalTLS, role_data, config_settings]
- tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
@@ -115,6 +131,12 @@ outputs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
+ - if:
+ - public_tls_enabled
+ - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
+ - {}
+ - get_attr: [HAProxyPublicTLS, role_data, config_settings]
+ - get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 6e1f3f56..36866a3a 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -170,6 +170,11 @@ outputs:
tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index e2ae7260..04936c33 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -139,6 +139,11 @@ outputs:
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
tripleo::profile::base::nova::migration::client::libvirt_enabled: true
diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml
index 76511784..47ca6142 100644
--- a/puppet/services/pacemaker_remote.yaml
+++ b/puppet/services/pacemaker_remote.yaml
@@ -35,6 +35,11 @@ parameters:
description: The authkey for the pacemaker remote service.
hidden: true
default: ''
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
@@ -103,5 +108,13 @@ outputs:
tripleo::fencing::config: {get_param: FencingConfig}
enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+ pacemaker::corosync::manage_fw: false
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
index e471c2a6..2a8620c8 100644
--- a/puppet/services/tripleo-packages.yaml
+++ b/puppet/services/tripleo-packages.yaml
@@ -56,3 +56,7 @@ outputs:
- name: Update all packages
tags: step3
yum: name=* state=latest
+ update_tasks:
+ - name: Update all packages
+ yum: name=* state=latest
+ when: step == "3"