diff options
Diffstat (limited to 'puppet')
200 files changed, 1115 insertions, 259 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 60290f64..baafe03d 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'All Nodes Config for Puppet' parameters: diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index b9e5c6fe..60ddeb8a 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'OpenStack cinder storage configured by Puppet' parameters: BlockStorageImage: @@ -109,6 +109,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -123,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: BlockStorage: @@ -130,6 +153,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: BlockStorageImage} @@ -356,7 +380,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] BlockStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -379,6 +407,11 @@ resources: name: BlockStorageUpgradeInitDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] BlockStorageDeployment: type: OS::Heat::StructuredDeployment @@ -389,6 +422,11 @@ resources: config: {get_resource: BlockStorageConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Map heat metadata into hiera datafiles BlockStorageConfig: @@ -399,6 +437,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - volume_extraconfig - extraconfig - service_names @@ -456,6 +495,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -545,6 +589,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the block storage server value: {get_resource: BlockStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 075f42ba..9d30ab29 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'OpenStack ceph storage node configured by Puppet' parameters: OvercloudCephStorageFlavor: @@ -115,6 +115,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -129,6 +138,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: CephStorage: @@ -136,6 +159,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} @@ -362,7 +386,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] CephStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -385,6 +413,11 @@ resources: name: CephStorageUpgradeInitDeployment server: {get_resource: CephStorage} config: {get_resource: CephStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageDeployment: type: OS::Heat::StructuredDeployment @@ -395,6 +428,11 @@ resources: server: {get_resource: CephStorage} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageConfig: type: OS::Heat::StructuredConfig @@ -404,6 +442,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - ceph_extraconfig - extraconfig - service_names @@ -467,6 +506,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -556,6 +600,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the ceph storage server value: {get_resource: CephStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 351b3823..06a31ec9 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack hypervisor node configured via Puppet. @@ -127,6 +127,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -141,6 +150,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -149,6 +172,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: NovaImage} image_update_policy: @@ -374,9 +398,13 @@ resources: depends_on: PreNetworkConfig properties: name: NetworkDeployment + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} - actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -400,6 +428,11 @@ resources: depends_on: NetworkDeployment properties: name: NovaComputeUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: NovaCompute} config: {get_resource: NovaComputeUpgradeInitConfig} @@ -411,6 +444,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - compute_extraconfig - extraconfig - service_names @@ -451,6 +485,11 @@ resources: depends_on: NovaComputeUpgradeInitDeployment properties: name: NovaComputeDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: @@ -486,6 +525,11 @@ resources: depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: NovaCompute} input_values: @@ -599,4 +643,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" nova_server_resource: description: Heat resource handle for the Nova compute server value: - {get_resource: NovaCompute}
\ No newline at end of file + {get_resource: NovaCompute} + condition: server_not_blacklisted diff --git a/puppet/config.role.j2.yaml b/puppet/config.role.j2.yaml index cdbc76f0..832656ba 100644 --- a/puppet/config.role.j2.yaml +++ b/puppet/config.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > A software config which runs puppet on the {{role}} role diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 92eb70ad..cccfdef1 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack controller node configured by Puppet. @@ -141,6 +141,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -155,6 +164,13 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. parameter_groups: - label: deprecated @@ -162,6 +178,14 @@ parameter_groups: parameters: - controllerExtraConfig +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 + + resources: Controller: @@ -169,6 +193,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} @@ -395,7 +420,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: Controller} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} @@ -434,6 +463,11 @@ resources: depends_on: NetworkDeployment properties: name: ControllerUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: Controller} config: {get_resource: ControllerUpgradeInitConfig} @@ -442,6 +476,11 @@ resources: depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: @@ -458,6 +497,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - controller_extraconfig - extraconfig - service_configs @@ -525,6 +565,11 @@ resources: depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: @@ -639,6 +684,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the Nova compute server value: {get_resource: Controller} + condition: server_not_blacklisted tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/deploy-artifacts.yaml b/puppet/deploy-artifacts.yaml index 5e89405b..3a7a73c0 100644 --- a/puppet/deploy-artifacts.yaml +++ b/puppet/deploy-artifacts.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Software Config to install deployment artifacts (tarball's and/or diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index b6d1239a..e1c464b0 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for all MidoNet nodes diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index b05fa636..313c1261 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Network Cisco configuration diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml index e3f4cce6..93408dd1 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Big Switch agents on compute node diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml index 1d16e909..ea2fd71c 100644 --- a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml +++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Nuage configuration on the Compute diff --git a/puppet/extraconfig/pre_deploy/controller/multiple.yaml b/puppet/extraconfig/pre_deploy/controller/multiple.yaml index d3d546dd..69cd7033 100644 --- a/puppet/extraconfig/pre_deploy/controller/multiple.yaml +++ b/puppet/extraconfig/pre_deploy/controller/multiple.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'Extra Pre-Deployment Config, multiple' parameters: server: diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index e7d0b830..71a915df 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Neutron Big Switch configuration diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml index 40b407bc..b346bbd4 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Cisco N1KV configuration diff --git a/puppet/extraconfig/pre_deploy/default.yaml b/puppet/extraconfig/pre_deploy/default.yaml index 5da07f87..f14e13ff 100644 --- a/puppet/extraconfig/pre_deploy/default.yaml +++ b/puppet/extraconfig/pre_deploy/default.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'Noop Extra Pre-Deployment Config' parameters: server: diff --git a/puppet/extraconfig/pre_deploy/per_node.yaml b/puppet/extraconfig/pre_deploy/per_node.yaml index 65113f6a..7fb67d84 100644 --- a/puppet/extraconfig/pre_deploy/per_node.yaml +++ b/puppet/extraconfig/pre_deploy/per_node.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata overrides for specific nodes diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index 04b5ccf6..11f2769b 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > This is a template which will inject the trusted anchor. diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml index 7ce15069..9c6a402d 100644 --- a/puppet/extraconfig/tls/freeipa-enroll.yaml +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Enroll nodes to FreeIPA diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 2a61afc0..8cba4351 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > This is a template which will build the TLS Certificates necessary diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 4fdc491a..b44095bd 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -2,7 +2,7 @@ {% set batch_upgrade_steps_max = 3 -%} {% set upgrade_steps_max = 6 -%} {% set deliver_script = {'deliver': False} -%} -heat_template_version: ocata +heat_template_version: pike description: 'Upgrade steps for all roles' parameters: @@ -44,24 +44,6 @@ resources: - '' - - "#!/bin/bash\n\n" - "set -eu\n\n" - - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" - - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" - - " crudini --set /etc/nova/nova.conf placement username placement\n\n" - - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" - - " crudini --set /etc/nova/nova.conf placement os_interface internal\n\n" - - str_replace: - template: | - crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' - crudini --set /etc/nova/nova.conf placement os_region_name 'REGION_NAME' - crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' - params: - SERVICE_PASSWORD: { get_param: NovaPassword } - REGION_NAME: { get_param: KeystoneRegion } - AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - - " systemctl restart openstack-nova-compute\n\n" - - "fi\n\n" - str_replace: template: | ROLE='ROLE_NAME' diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index fb60d2be..19ea1b65 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'OpenStack swift storage node configured by Puppet' parameters: OvercloudSwiftStorageFlavor: @@ -109,6 +109,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. UpgradeInitCommand: type: string description: | @@ -123,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -131,6 +154,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: SwiftStorageImage} flavor: {get_param: OvercloudSwiftStorageFlavor} @@ -356,7 +380,12 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] + SwiftStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -379,6 +408,11 @@ resources: name: SwiftStorageUpgradeInitDeployment server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -388,6 +422,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - object_extraconfig - extraconfig - service_names @@ -426,6 +461,11 @@ resources: config: {get_resource: SwiftStorageHieraConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -454,6 +494,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -543,6 +588,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the swift storage server value: {get_resource: SwiftStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml index b84039de..c51b6e1b 100644 --- a/puppet/post-upgrade.j2.yaml +++ b/puppet/post-upgrade.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Post-upgrade configuration steps via puppet for all roles diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 21202775..3a15cec6 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Post-deploy configuration steps via puppet for all roles, diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 960f0d58..7af90e24 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'OpenStack {{role}} node configured by Puppet' parameters: Overcloud{{role}}Flavor: @@ -125,6 +125,15 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + ConfigCollectSplay: + type: number + default: 30 + description: | + Maximum amount of time to possibly to delay configuation collection + polling. Defaults to 30 seconds. Set to 0 to disable it which will cause + the configuration collection to occur as soon as the collection process + starts. This setting is used to prevent the configuration collection + processes from polling all at the exact same time. LoggingSources: type: json default: [] @@ -145,6 +154,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: {{role}}: @@ -152,6 +175,7 @@ resources: metadata: os-collect-config: command: {get_param: ConfigCommand} + splay: {get_param: ConfigCollectSplay} properties: image: {get_param: {{role}}Image} image_update_policy: {get_param: ImageUpdatePolicy} @@ -382,6 +406,11 @@ resources: input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] {{role}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -404,6 +433,11 @@ resources: name: {{role}}UpgradeInitDeployment server: {get_resource: {{role}}} config: {get_resource: {{role}}UpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Deployment: type: OS::Heat::StructuredDeployment @@ -414,6 +448,11 @@ resources: server: {get_resource: {{role}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Config: type: OS::Heat::StructuredConfig @@ -423,6 +462,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - {{role.lower()}}_extraconfig - extraconfig - service_names @@ -489,6 +529,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -578,6 +623,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for {{role}} server value: {get_resource: {{role}}} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 23df7d23..561b48cb 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Aodh API service configured with Puppet diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 331fe9a9..0563d08b 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -56,11 +56,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + AodhDebug: + default: '' + description: Set to True to enable debugging Aodh services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: AodhDebug}, '']} + outputs: role_data: description: Role data for the Aodh role. @@ -78,7 +85,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - aodh::debug: {get_param: Debug} + aodh::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: AodhDebug } aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} aodh::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 509ae765..669c11dd 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Aodh Evaluator service configured with Puppet diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index 336a9a34..17710ecb 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Aodh Listener service configured with Puppet diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index e3db1055..2eed1b75 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Aodh Notifier service configured with Puppet diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index f3021060..23fcab90 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Apache service configured with Puppet. Note this is typically included @@ -38,6 +38,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -88,6 +93,7 @@ outputs: - internal_tls_enabled - generate_service_certificates: true + apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile} tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' apache_certificates_specs: diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml index 989ad7a7..3eff534b 100644 --- a/puppet/services/auditd.yaml +++ b/puppet/services/auditd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > AuditD configured with Puppet diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 53fba63e..51331242 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -38,6 +38,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + BarbicanDebug: + default: '' + description: Set to True to enable debugging Barbican service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -81,6 +85,9 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']} + outputs: role_data: description: Role data for the Barbican API role. @@ -97,7 +104,11 @@ outputs: barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} barbican::api::db_auto_create: false barbican::api::enabled_certificate_plugins: ['simple_certificate'] - barbican::api::logging::debug: {get_param: Debug} + barbican::api::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: BarbicanDebug } barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} barbican::api::rabbit_userid: {get_param: RabbitUserName} barbican::api::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml index 144d9d98..6249c1ab 100644 --- a/puppet/services/ca-certs.yaml +++ b/puppet/services/ca-certs.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > HAproxy service configured with Puppet diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 50608d50..2dbaf554 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer Central Agent service configured with Puppet diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 002851cf..c453a43d 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer Compute Agent service configured with Puppet diff --git a/puppet/services/ceilometer-agent-ipmi.yaml b/puppet/services/ceilometer-agent-ipmi.yaml index 0f6390d2..7dd1e78d 100644 --- a/puppet/services/ceilometer-agent-ipmi.yaml +++ b/puppet/services/ceilometer-agent-ipmi.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer Ipmi Agent service configured with Puppet diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 174aff7f..6e893564 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer Notification Agent service configured with Puppet diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 2df0e442..74b0c3d2 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer API service configured with Puppet diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index e60eb425..1d86369b 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer service configured with Puppet @@ -64,6 +64,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CeilometerDebug: + default: '' + description: Set to True to enable debugging Ceilometer services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -100,13 +104,20 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']} + outputs: role_data: description: Role data for the Ceilometer role. value: service_name: ceilometer_base config_settings: - ceilometer::debug: {get_param: Debug} + ceilometer::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CeilometerDebug } ceilometer::keystone::authtoken::project_name: 'service' ceilometer::keystone::authtoken::user_domain_name: 'Default' ceilometer::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 529b84f3..775e921a 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ceilometer Expirer service configured with Puppet diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index e458855b..e12c55eb 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph base service. Shared by all Ceph services. @@ -99,7 +99,6 @@ outputs: service_name: ceph_base config_settings: tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index 66c7a368..ec34fcae 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph Client service. diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 3d64cf44..599532c4 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph External service. diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index 0236087d..270d3a26 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph MDS service. diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 45fca89f..28552301 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph Monitor service. @@ -78,6 +78,10 @@ parameters: MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string + CephPoolDefaultSize: + description: default minimum replication for RBD copies + type: number + default: 3 resources: CephBase: @@ -102,7 +106,7 @@ outputs: ceph::profile::params::mon_key: {get_param: CephMonKey} ceph::profile::params::osd_pool_default_pg_num: 32 ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 + ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize} # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: map_merge: diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 64c1c73e..24b2886a 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph OSD service. diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 3ed158b7..ad91b4ec 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph RadosGW service. diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml index d04b5874..6ad451a8 100644 --- a/puppet/services/certmonger-user.yaml +++ b/puppet/services/certmonger-user.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Requests certificates using certmonger through Puppet diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 3e6d8805..036209f3 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder API service configured with Puppet diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml index 50c9bef7..d0382534 100644 --- a/puppet/services/cinder-backend-dellps.yaml +++ b/puppet/services/cinder-backend-dellps.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -heat_template_version: ocata +heat_template_version: pike description: > Openstack Cinder Dell EMC PS Series backend diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml index b5b0e009..a201134c 100644 --- a/puppet/services/cinder-backend-dellsc.yaml +++ b/puppet/services/cinder-backend-dellsc.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -heat_template_version: ocata +heat_template_version: pike description: > Openstack Cinder Dell EMC Storage Center backend @@ -49,6 +49,18 @@ parameters: CinderDellScVolumeFolder: type: string default: 'dellsc_volume' + CinderDellScSecondarySanIp: + type: string + default: '' + CinderDellScSecondarySanLogin: + type: string + default: 'Admin' + CinderDellScSecondarySanPassword: + type: string + hidden: true + CinderDellScSecondaryScApiPort: + type: number + default: 3033 ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -89,5 +101,9 @@ outputs: cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort} cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder} cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder} + cinder::backend::dellsc_iscsi::secondary_san_ip: {get_param: CinderDellScSecondarySanIp} + cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin} + cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword} + cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml index cc44d422..bddc8e1a 100644 --- a/puppet/services/cinder-backend-netapp.yaml +++ b/puppet/services/cinder-backend-netapp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Openstack Cinder Netapp backend diff --git a/puppet/services/cinder-backend-pure.yaml b/puppet/services/cinder-backend-pure.yaml index 853d2733..576896a4 100644 --- a/puppet/services/cinder-backend-pure.yaml +++ b/puppet/services/cinder-backend-pure.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -heat_template_version: ocata +heat_template_version: pike description: > Openstack Cinder Pure Storage FlashArray backend diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml index fa22fae7..832cc099 100644 --- a/puppet/services/cinder-backend-scaleio.yaml +++ b/puppet/services/cinder-backend-scaleio.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -heat_template_version: ocata +heat_template_version: pike description: > Openstack Cinder Dell EMC ScaleIO backend diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml index 44177817..629a0f5b 100644 --- a/puppet/services/cinder-backup.yaml +++ b/puppet/services/cinder-backup.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder Backup service configured with Puppet diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 2ba5aa52..f7dfe5e1 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -12,6 +12,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CinderDebug: + default: '' + description: Set to True to enable debugging on Cinder services. + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -93,6 +97,9 @@ parameters: Cron to move deleted instances to another table - Log destination default: '/var/log/cinder/cinder-rowsflush.log' +conditions: + service_debug_unset: {equals : [{get_param: CinderDebug}, '']} + outputs: role_data: description: Role data for the Cinder base service. @@ -109,7 +116,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - cinder::debug: {get_param: Debug} + cinder::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CinderDebug } cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml index c4b79bb1..3ea0fd87 100644 --- a/puppet/services/cinder-hpelefthand-iscsi.yaml +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configure Cinder HPELeftHandISCSIDriver diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index c74f0a1e..806f9bb4 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder Scheduler service configured with Puppet diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 7de4b7b0..fe95222b 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder Volume service configured with Puppet diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 8fbcd99d..5bca94d7 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + CongressDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: CongressDebug}, '']} + outputs: role_data: description: Role data for the Congress role. @@ -79,7 +86,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - congress::debug: {get_param: Debug} + congress::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CongressDebug } congress::rpc_backend: rabbit congress::rabbit_userid: {get_param: RabbitUserName} congress::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index 0d3a9ead..b5fced4c 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configuration details for MongoDB service using composable roles diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 72a37c68..968d4355 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > MongoDb service deployment using puppet @@ -40,6 +40,13 @@ parameters: format: >- /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4}) (?<message>.*)$/ + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: MongoDbBase: @@ -79,6 +86,28 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]} + - + if: + - internal_tls_enabled + - + generate_service_certificates: true + mongodb::server::ssl: true + mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb_certificate_specs: + service_pem: '/etc/pki/tls/certs/mongodb.pem' + service_certificate: '/etc/pki/tls/certs/mongodb.crt' + service_key: '/etc/pki/tls/private/mongodb.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]} + principal: + str_replace: + template: "mongodb/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::mongodb upgrade_tasks: @@ -88,3 +117,11 @@ outputs: - name: Start mongodb service tags: step4 service: name=mongod state=started + metadata_settings: + if: + - internal_tls_enabled + - + - service: mongodb + network: {get_param: [ServiceNetMap, MongodbNetwork]} + type: node + - null diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml index 4b0201f3..19d732dd 100644 --- a/puppet/services/database/mysql-client.yaml +++ b/puppet/services/database/mysql-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Mysql client settings diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 0b6797c3..2bde9033 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > MySQL service deployment using puppet diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index fff817ef..89fa8065 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 9c7144c4..df406a8c 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/disabled/ceilometer-collector.yaml b/puppet/services/disabled/ceilometer-collector-disabled.yaml index 64fd476d..18092a8f 100644 --- a/puppet/services/disabled/ceilometer-collector.yaml +++ b/puppet/services/disabled/ceilometer-collector-disabled.yaml @@ -31,7 +31,7 @@ outputs: role_data: description: Role data for the disabled Ceilometer Collector role. value: - service_name: ceilometer_collector + service_name: ceilometer_collector_disabled upgrade_tasks: - name: Stop and disable ceilometer_collector service on upgrade tags: step1 diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index 182193ec..7be394b6 100644 --- a/puppet/services/disabled/ceilometer-expirer.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -29,10 +29,10 @@ parameters: outputs: role_data: - description: Role data for the disabled Ceilometer Expirer role. + description: Role data for the disabling Ceilometer Expirer role. value: - service_name: ceilometer_expirer + service_name: ceilometer_expirer_disabled upgrade_tasks: - - name: Stop and disable ceilometer_expirer service on upgrade + - name: Remove ceilometer expirer cron tab on upgrade tags: step1 - service: name=openstack-ceilometer-expirer state=stopped enabled=no + shell: '/usr/bin/crontab -u ceilometer -r' diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry-disabled.yaml index d90923da..85a5c5ef 100644 --- a/puppet/services/disabled/glance-registry.yaml +++ b/puppet/services/disabled/glance-registry-disabled.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Glance Registry service, disabled since ocata @@ -31,7 +31,7 @@ outputs: role_data: description: Role data for the disabled Glance Registry role. value: - service_name: glance_registry + service_name: glance_registry_disabled upgrade_tasks: - name: Stop and disable glance_registry service on upgrade tags: step1 diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml new file mode 100644 index 00000000..fa3fe9a8 --- /dev/null +++ b/puppet/services/disabled/mongodb-disabled.yaml @@ -0,0 +1,38 @@ +heat_template_version: pike + +description: > + Mongodb service, disabled by default since pike + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +outputs: + role_data: + description: Role data for the disabled MongoDB role. + value: + service_name: mongodb_disabled + upgrade_tasks: + - name: Stop and disable mongodb service on upgrade + tags: step1 + service: name=mongod state=stopped enabled=no diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index 9eaa5c99..2be21122 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configures docker on the host diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 9e9638d3..2e87764d 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Etcd service configured with Puppet diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml index de97dd92..206536d7 100644 --- a/puppet/services/external-swift-proxy.yaml +++ b/puppet/services/external-swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > External Swift Proxy endpoint configured with Puppet diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 28151744..7812c8e2 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + GlanceDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string GlancePassword: description: The password for the glance service and db account, used by the glance services. type: string @@ -59,10 +63,6 @@ parameters: CephClientUserName: default: openstack type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string @@ -128,6 +128,7 @@ parameters: conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} + service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} resources: @@ -170,7 +171,11 @@ outputs: glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true - glance::api::debug: {get_param: Debug} + glance::api::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GlanceDebug } glance::policy::policies: {get_param: GlanceApiPolicies} tripleo.glance_api.firewall_rules: '112 glance_api': diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index dfa337db..2411d42d 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Gnocchi service configured with Puppet diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d62c349e..e6a172a0 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -31,9 +31,13 @@ parameters: description: The short name of the Gnocchi indexer backend to use. type: string MetricProcessingDelay: - default: 60 + default: 30 description: Delay between processing metrics. type: number + NumberOfStorageSacks: + default: '128' + description: Number of storage sacks to create. + type: string GnocchiPassword: description: The password for the gnocchi service and db account. type: string @@ -52,6 +56,13 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + GnocchiDebug: + default: '' + description: Set to True to enable debugging Gnocchi services. + type: string + +conditions: + service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']} outputs: aux_parameters: @@ -65,7 +76,11 @@ outputs: config_settings: #Gnocchi engine gnocchi_redis_password: {get_param: RedisPassword} - gnocchi::debug: {get_param: Debug} + gnocchi::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GnocchiDebug } gnocchi::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} @@ -76,7 +91,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - gnocchi::db::sync::extra_opts: '--skip-storage' + gnocchi::db::sync::extra_opts: + list_join: + - ' ' + - - '--num-storage-sacks' + - {get_param: NumberOfStorageSacks} gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay} gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 3 diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 626d37ec..5ada99fa 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Gnocchi service configured with Puppet diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 5a4a283d..5ba1dfc7 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Gnocchi service configured with Puppet diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index ad3a5287..1866bb97 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > HAProxy deployment with TLS enabled, powered by certmonger diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index f9d04ebd..7ebacdbc 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > HAProxy deployment with TLS enabled, powered by certmonger diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index bdb5445b..92d73cfb 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Heat CloudFormation API service configured with Puppet diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index af32d3d1..a740d201 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Heat CloudWatch API service configured with Puppet diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 46ab3004..ced7f0c4 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Heat API service configured with Puppet diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 314f609f..d89fe46a 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Heat base service. Shared for all Heat services. @@ -8,6 +8,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HeatDebug: + default: '' + description: Set to True to enable debugging Heat services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -112,6 +116,9 @@ parameters: description: Maximum raw byte size of the Heat API JSON request body. type: number +conditions: + service_debug_unset: {equals : [{get_param: HeatDebug}, '']} + outputs: role_data: description: Shared role data for the Heat services. @@ -122,7 +129,11 @@ outputs: heat::rabbit_password: {get_param: RabbitPassword} heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} heat::rabbit_port: {get_param: RabbitClientPort} - heat::debug: {get_param: Debug} + heat::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: HeatDebug } heat::enable_proxy_headers_parsing: true heat::rpc_response_timeout: 600 # We need this because the default heat policy.json no longer works on TripleO diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 59cdae59..93bced8b 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Horizon service configured with Puppet @@ -14,6 +14,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HorizonDebug: + default: false + description: Set to True to enable debugging Horizon service. + type: string DefaultPasswords: default: {} type: json @@ -62,7 +66,7 @@ parameters: conditions: - debug_empty: {equals : [{get_param: Debug}, '']} + debug_unset: {equals : [{get_param: Debug}, '']} outputs: role_data: @@ -104,9 +108,9 @@ outputs: memcached_ipv6: {get_param: MemcachedIPv6} - if: - - debug_empty - - {} - - horizon::django_debug: {get_param: Debug} + - debug_unset + - horizon::django_debug: { get_param: HorizonDebug } + - horizon::django_debug: { get_param: Debug } step_config: | include ::tripleo::profile::base::horizon # Ansible tasks to handle upgrade @@ -126,3 +130,10 @@ outputs: tags: step1 when: httpd_enabled.rc == 0 service: name=httpd state=stopped + service_config_settings: + haproxy: + tripleo.horizon.firewall_rules: + '127 horizon': + dport: + - 80 + - 443 diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 5ae52db4..945033a1 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ironic API configured with Puppet diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index da485161..41d6cedc 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + IronicDebug: + default: '' + description: Set to True to enable debugging Ironic services. + type: string IronicPassword: description: The password for the Ironic service and db account, used by the Ironic services type: string @@ -53,6 +57,9 @@ parameters: an SSL connection to the RabbitMQ host. type: string +conditions: + service_debug_unset: {equals : [{get_param: IronicDebug}, '']} + outputs: role_data: description: Role data for the Ironic role. @@ -69,7 +76,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - ironic::debug: {get_param: Debug} + ironic::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: IronicDebug } ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 7ec84526..b1676715 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Ironic conductor configured with Puppet @@ -61,9 +61,19 @@ parameters: description: Enabled Ironic drivers type: comma_delimited_list IronicEnabledHardwareTypes: - default: ['ipmi'] + default: ['ipmi', 'redfish'] description: Enabled Ironic hardware types type: comma_delimited_list + IronicEnabledManagementInterfaces: + default: ['ipmitool', 'redfish'] + description: Enabled management interface implementations. Each hardware + type must have at least one valid implementation enabled. + type: comma_delimited_list + IronicEnabledPowerInterfaces: + default: ['ipmitool', 'redfish'] + description: Enabled power interface implementations. Each hardware + type must have at least one valid implementation enabled. + type: comma_delimited_list IronicIPXEEnabled: default: true description: Whether to use iPXE instead of PXE for deployment. @@ -136,7 +146,9 @@ outputs: ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console'] + ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces} ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron'] + ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces} ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} tripleo.ironic_conductor.firewall_rules: '134 ironic conductor TFTP': diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index cbdc9d3e..44e6b248 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Keepalived service configured with Puppet diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 8121454b..c142b475 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Load kernel modules with kmod and configure kernel options with sysctl. @@ -77,6 +77,8 @@ outputs: value: 0 net.ipv4.conf.all.send_redirects: value: 0 + net.ipv4.conf.all.arp_accept: + value: 1 net.ipv4.conf.default.accept_redirects: value: 0 net.ipv4.conf.default.secure_redirects: diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 7262e478..f3a9cbc4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -63,6 +63,10 @@ parameters: Debug: type: string default: '' + KeystoneDebug: + default: '' + description: Set to True to enable debugging Keystone service. + type: string AdminEmail: default: 'admin@example.com' description: The email for the keystone admin account. @@ -198,6 +202,7 @@ resources: conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} + service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']} outputs: role_data: @@ -242,7 +247,11 @@ outputs: '/etc/keystone/fernet-keys/1': content: {get_param: KeystoneFernetKey1} keystone::fernet_replace_keys: false - keystone::debug: {get_param: Debug} + keystone::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: KeystoneDebug } keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml index 72109662..21049a9e 100644 --- a/puppet/services/logging/fluentd-base.yaml +++ b/puppet/services/logging/fluentd-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Fluentd base service diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index 931646e6..e34f31fa 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Fluentd client configured with Puppet diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index 3bc90ac1..9ade6419 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Fluentd logging configuration diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 0b656d87..2710d789 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Manila-api service configured with Puppet diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 060762fe..f4c7a074 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Manila Cephfs backend diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml index 032aa1be..7be92399 100644 --- a/puppet/services/manila-backend-generic.yaml +++ b/puppet/services/manila-backend-generic.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Manila generic backend. diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml index b865e3d9..b1068488 100644 --- a/puppet/services/manila-backend-netapp.yaml +++ b/puppet/services/manila-backend-netapp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Manila netapp backend. diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index a299fffa..d0ee2125 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ManilaDebug: + default: '' + description: Set to True to enable debugging Manila services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -53,6 +57,9 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: ManilaDebug}, '']} + outputs: role_data: description: Role data for the Manila Base service. @@ -63,7 +70,11 @@ outputs: manila::rabbit_password: {get_param: RabbitPassword} manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} manila::rabbit_port: {get_param: RabbitClientPort} - manila::debug: {get_param: Debug} + manila::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ManilaDebug } manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 manila::sql_connection: diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 9ce90f0d..b3d1ffa2 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Manila-scheduler service configured with Puppet diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index dbfe5976..50d7f7c6 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Manila-share service configured with Puppet diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 8c1e4cf8..5b98e02b 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Memcached service configured with Puppet diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml index 26dbd4c5..da77ef0e 100644 --- a/puppet/services/metrics/collectd.yaml +++ b/puppet/services/metrics/collectd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Collectd client service diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index f4ec2273..b865ec1f 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Mistral API service configured with Puppet @@ -36,8 +36,21 @@ parameters: e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} MistralBase: type: ./mistral-base.yaml properties: @@ -57,12 +70,25 @@ outputs: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: '133 mistral': dport: - 8989 - 13989 + mistral::api::service_name: 'httpd' + mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + - if: + - mistral_workers_zero + - {} + - mistral::wsgi::apache::workers: {get_param: MistralWorkers} service_config_settings: get_attr: [MistralBase, role_data, service_config_settings] step_config: | @@ -79,10 +105,16 @@ outputs: grep '\bactive\b' when: mistral_api_enabled.rc == 0 tags: step0,validation - - name: Stop mistral_api service + - name: check for mistral_api running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi" + register: mistral_api_apache + ignore_errors: true + - name: Stop mistral_api service (running under httpd) tags: step1 - service: name=openstack-mistral-api state=stopped - - name: Install openstack-mistral-api package if it was disabled - tags: step3 - yum: name=openstack-mistral-api state=latest - when: mistral_api_enabled.rc != 0 + service: name=httpd state=stopped + when: mistral_api_apache.rc == 0 + - name: Stop and disable mistral_api service (pre-upgrade not under httpd) + tags: step1 + when: mistral_api_enabled.rc == 0 + service: name=openstack-mistral-api state=stopped enabled=no diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 2e708650..8b3655dd 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -31,6 +31,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + MistralDebug: + default: '' + description: Set to True to enable debugging Mistral services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -58,6 +62,9 @@ parameters: default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: MistralDebug}, '']} + outputs: role_data: description: Shared role data for the Mistral services. @@ -78,7 +85,11 @@ outputs: mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} mistral::rabbit_port: {get_param: RabbitClientPort} - mistral::debug: {get_param: Debug} + mistral::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: MistralDebug } mistral::keystone_password: {get_param: MistralPassword} mistral::keystone_tenant: 'service' mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml index 7513afa2..6a0fed1a 100644 --- a/puppet/services/mistral-engine.yaml +++ b/puppet/services/mistral-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Mistral Engine service configured with Puppet diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml index 1935d402..57f29dd4 100644 --- a/puppet/services/mistral-executor.yaml +++ b/puppet/services/mistral-executor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Mistral API service configured with Puppet diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 961ff3b0..5e7e9940 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Sensu base service diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index cebf6476..25e2b947 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Sensu client configured with Puppet diff --git a/puppet/services/network/contrail-analytics-database.yaml b/puppet/services/network/contrail-analytics-database.yaml index e8066403..9b78437b 100644 --- a/puppet/services/network/contrail-analytics-database.yaml +++ b/puppet/services/network/contrail-analytics-database.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Analytics Database service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index 02d2fd44..f85ba7cc 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Analytics service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index 68def625..bdcdbb86 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Base parameters for all Contrail Services. diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index 03f9a551..feda5854 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Config service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index a233bc40..f1108547 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Control service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml index 826b85e4..5ce25a2e 100644 --- a/puppet/services/network/contrail-database.yaml +++ b/puppet/services/network/contrail-database.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Database service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-heat.yaml b/puppet/services/network/contrail-heat.yaml index c19be1d6..da86714e 100644 --- a/puppet/services/network/contrail-heat.yaml +++ b/puppet/services/network/contrail-heat.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail Heat plugin adds Contrail specific heat resources enabling heat diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml index 8fc49284..0c5e2a86 100644 --- a/puppet/services/network/contrail-neutron-plugin.yaml +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Opencontrail plugin diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/network/contrail-provision.yaml index 259def34..8918f6da 100644 --- a/puppet/services/network/contrail-provision.yaml +++ b/puppet/services/network/contrail-provision.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Provision Contrail services after deployment diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 6718335b..9d48e0e6 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail TSN Service diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 47934a23..f03ed9c6 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Compute OpenContrail plugin diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index 5ef52445..f723e6a8 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Contrail WebUI service deployment using puppet, this YAML file diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b4a21a31..8e1e0b80 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -166,6 +166,7 @@ outputs: - 9696 - 13696 neutron::server::router_distributed: {get_param: NeutronEnableDVR} + neutron::server::enable_dvr: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 764d548d..3c7518b3 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron base service. Shared for all Neutron agents. @@ -50,6 +50,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NeutronDebug: + default: '' + description: Set to True to enable debugging Neutron services. + type: string EnableConfigPurge: type: boolean default: false @@ -90,6 +94,7 @@ parameters: conditions: dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} + service_debug_unset: {equals : [{get_param: NeutronDebug}, '']} outputs: role_data: @@ -104,7 +109,11 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::core_plugin: {get_param: NeutronCorePlugin} neutron::service_plugins: {get_param: NeutronServicePlugins} - neutron::debug: {get_param: Debug} + neutron::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronDebug } neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::dns_domain: {get_param: NeutronDnsDomain} diff --git a/puppet/services/neutron-bgpvpn-api.yaml b/puppet/services/neutron-bgpvpn-api.yaml index 606e5b26..a70337d1 100644 --- a/puppet/services/neutron-bgpvpn-api.yaml +++ b/puppet/services/neutron-bgpvpn-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > BGPVPN API service configured with Puppet diff --git a/puppet/services/neutron-bigswitch-agent.yaml b/puppet/services/neutron-bigswitch-agent.yaml index 7e42a015..3faf7887 100644 --- a/puppet/services/neutron-bigswitch-agent.yaml +++ b/puppet/services/neutron-bigswitch-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Installs bigswitch agent and enables the services diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml index f6890887..75b03044 100644 --- a/puppet/services/neutron-compute-plugin-midonet.yaml +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Compute Midonet plugin diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index 4fcc49a2..a1657258 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Compute Nuage plugin diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index 3aefe378..b5ce790d 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Compute OVN agent diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml index 2d5bfc79..08cecf64 100644 --- a/puppet/services/neutron-compute-plugin-plumgrid.yaml +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Compute Plumgrid plugin diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index b8c307a5..91582db8 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron DHCP agent configured with Puppet diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml new file mode 100644 index 00000000..39c443f7 --- /dev/null +++ b/puppet/services/neutron-l2gw-agent.yaml @@ -0,0 +1,106 @@ +heat_template_version: pike + +description: > + L2 Gateway agent configured with Puppet +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + L2gwAgentOvsdbHosts: + default: '' + description: L2 gateway agent OVSDB server list. + type: comma_delimited_list + L2gwAgentEnableManager: + default: false + description: Connection can be initiated by the ovsdb server. + type: boolean + L2gwAgentManagerTableListeningPort: + default: 6632 + description: port number for L2 gateway agent, so that it can listen + type: number + L2gwAgentPeriodicInterval: + default: 20 + description: The L2 gateway agent checks connection state with the OVSDB + servers. The interval is number of seconds between attempts. + type: number + L2gwAgentMaxConnectionRetries: + default: 10 + description: The L2 gateway agent retries to connect to the OVSDB server + type: number + L2gwAgentSocketTimeout: + default: 30 + description: socket timeout + type: number + MonitoringSubscriptionNeutronL2gwAgent: + default: 'overcloud-neutron-l2gw-agent' + type: string + NeutronL2gwAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l2gw + path: /var/log/neutron/l2gw-agent.log + +conditions: + internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]} + +outputs: + role_data: + description: Role data for the L2 Gateway role. + value: + service_name: neutron_l2gw_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent} + logging_source: {get_param: NeutronL2gwAgentLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts} + neutron::agents::l2gw::enable_manager: {get_param: L2gwAgentEnableManager} + neutron::agents::l2gw::manager_table_listening_port: {get_param: L2gwAgentManagerTableListeningPort} + neutron::agents::l2gw::periodic_interval: {get_param: L2gwAgentPeriodicInterval} + neutron::agents::l2gw::max_connection_retries: {get_param: L2gwAgentMaxConnectionRetries} + neutron::agents::l2gw::socket_timeout: {get_param: L2gwAgentSocketTimeout} + - + if: + - internal_manager_enabled + - tripleo.neutron_l2gw_agent.firewall_rules: + '142 neutron l2gw agent input': + proto: 'tcp' + dport: {get_param: L2gwAgentManagerTableListeningPort} + - null + + step_config: | + include tripleo::profile::base::neutron::agents::l2gw + upgrade_tasks: + - name: Check if neutron_l2gw_agent is deployed + command: systemctl is-enabled neutron-l2gw-agent + tags: common + ignore_errors: True + register: neutron_l2gw_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-l2gw-agent is running" + shell: /usr/bin/systemctl show 'neutron-l2gw-agent' --property ActiveState | grep '\bactive\b' + when: neutron_l2gw_agent_enabled.rc == 0 + tags: step0,validation + - name: Stop neutron_l2gw_agent service + tags: step1 + when: neutron_l2gw_agent_enabled.rc == 0 + service: name=neutron-l2gw-agent state=stopped diff --git a/puppet/services/neutron-l2gw-api.yaml b/puppet/services/neutron-l2gw-api.yaml index 5e92a2ce..1ad009b4 100644 --- a/puppet/services/neutron-l2gw-api.yaml +++ b/puppet/services/neutron-l2gw-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > L2 Gateway service plugin configured with Puppet diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index f23df436..1a4a4f68 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron L3 agent for DVR enabled compute nodes diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index f1d3095b..0598639c 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron L3 agent configured with Puppet diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml new file mode 100644 index 00000000..f4324054 --- /dev/null +++ b/puppet/services/neutron-linuxbridge-agent.yaml @@ -0,0 +1,83 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Linuxbridge agent configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + PhysicalInterfaceMapping: + description: List of <physical_network>:<physical_interface> tuples + mapping physical network names to agent's node-specific + physical network interfaces. Defaults to empty list. + type: comma_delimited_list + default: '' + NeutronLinuxbridgeFirewallDriver: + default: '' + description: Configure the classname of the firewall driver to use for + implementing security groups. Possible values depend on + system configuration. The default value of an empty string + will result in a default supported configuration. + type: string + NeutronEnableL2Pop: + type: string + description: Enable/disable the L2 population feature in the Neutron agents. + default: 'False' + NeutronTunnelTypes: + default: 'vxlan' + description: The tunnel types for the Neutron tenant network. + type: comma_delimited_list + +conditions: + no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']} + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Linuxbridge agent service. + value: + service_name: neutron_linuxbridge_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping} + neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' + neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver} + step_config: | + include ::tripleo::profile::base::neutron::linuxbridge diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index ec4a3df6..593fae43 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Metadata agent configured with Puppet diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index f79674f6..8ace3e59 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Midonet plugin and services diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 69001947..76d5c269 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron OVS agent configured with Puppet diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 6dcc59c6..29c10469 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron OVS DPDK configured with Puppet for Compute Role @@ -27,20 +27,23 @@ parameters: via parameter_defaults in the resource registry. type: json HostCpusList: + default: "0" description: List of cores to be used for host process type: string constraints: - - allowed_pattern: "'[0-9,-]+'" + - allowed_pattern: "[0-9,-]+" NeutronDpdkCoreList: + default: "" description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - - allowed_pattern: "'[0-9,-]+'" + - allowed_pattern: "[0-9,-]*" NeutronDpdkMemoryChannels: + default: "" description: Number of memory channels to be used for DPDK type: string constraints: - - allowed_pattern: "[0-9]+" + - allowed_pattern: "[0-9]*" NeutronDpdkSocketMemory: default: "" description: Memory allocated for each socket @@ -75,6 +78,32 @@ resources: OpenVswitchUpgrade: type: ./openvswitch-upgrade.yaml + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType + neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir + vswitch::dpdk::driver_type: NeutronDpdkDriverType + vswitch::dpdk::host_core_list: HostCpusList + vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList + vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels + vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + NeutronDatapathType: {get_param: NeutronDatapathType} + NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} + NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} + HostCpusList: {get_param: HostCpusList} + NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} + NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} + NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + outputs: role_data: description: Role data for the Neutron OVS DPDK Agent service. @@ -87,13 +116,7 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true - neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} - neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} - vswitch::dpdk::host_core_list: {get_param: HostCpusList} - vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList} - vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} - vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} - vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} + - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml index 211e96a3..a1516955 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configure hieradata for Fujitsu C-Fabric plugin configuration diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml index 6974d5ff..c4bf0758 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: Configure hieradata for Fujitsu fossw plugin configuration diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index 88246f9c..6424b76a 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index e9fb5ede..4cda87b6 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron ML2/OVN plugin configured with Puppet diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index a89e740a..130f889b 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron ML2 Plugin configured with Puppet diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml index c0b94cec..c4088e6c 100644 --- a/puppet/services/neutron-plugin-nsx.yaml +++ b/puppet/services/neutron-plugin-nsx.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron NSX diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml index 490b129c..953ffeb6 100644 --- a/puppet/services/neutron-plugin-nuage.yaml +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron Nuage plugin diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 31eea58a..c124d1e6 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron SR-IOV nic agent configured with Puppet diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml index edf52b3b..cb72f67b 100644 --- a/puppet/services/neutron-vpp-agent.yaml +++ b/puppet/services/neutron-vpp-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron ML2/VPP agent configured with Puppet diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 345d2bd1..835edf0a 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova API service configured with Puppet diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ea21af8a..ea584932 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -68,6 +68,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NovaDebug: + default: '' + description: Set to True to enable debugging Nova services. + type: string EnableConfigPurge: type: boolean default: false @@ -136,6 +140,7 @@ parameters: conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} + service_debug_unset: {equals : [{get_param: NovaDebug}, '']} outputs: role_data: @@ -193,7 +198,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - nova::debug: {get_param: Debug} + nova::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NovaDebug } nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 35e9be54..e39e997a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Compute service configured with Puppet @@ -72,7 +72,7 @@ parameters: description: > Reserved RAM for host processes. type: number - default: 2048 + default: 4096 constraints: - range: { min: 512 } MonitoringSubscriptionNovaCompute: diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 22ac9f06..30eb1277 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Conductor service configured with Puppet diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 8f4ba155..fa1168aa 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Consoleauth service configured with Puppet diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml index bba12aac..4f664329 100644 --- a/puppet/services/nova-ironic.yaml +++ b/puppet/services/nova-ironic.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Compute service configured with Puppet and using Ironic diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index f500e350..4e762b57 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Libvirt service configured with Puppet diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 3a74796c..335b2c28 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova API service configured with Puppet diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 68ffc728..86aa079e 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Placement API service configured with Puppet diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 41122cc3..5da6d43e 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Scheduler service configured with Puppet diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 690e1523..2db44d6f 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Nova Vncproxy service configured with Puppet diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 8b83f317..0809b3e4 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Octavia base service. Shared for all Octavia services @@ -30,6 +30,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + OctaviaDebug: + default: '' + description: Set to True to enable debugging Octavia services. + type: string EnableConfigPurge: type: boolean default: false @@ -55,13 +59,20 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} + outputs: role_data: description: Base role data for Octavia services value: service_name: octavia_base config_settings: - octavia::debug: {get_param: Debug} + octavia::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: OctaviaDebug } octavia::purge_config: {get_param: EnableConfigPurge} octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL} octavia::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml index c21f14c2..853567d3 100644 --- a/puppet/services/octavia-health-manager.yaml +++ b/puppet/services/octavia-health-manager.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Octavia Health Manager service. diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml index 2d991675..6c556fa7 100644 --- a/puppet/services/octavia-housekeeping.yaml +++ b/puppet/services/octavia-housekeeping.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Octavia Housekeeping service. diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml index 87688fb5..4feae415 100644 --- a/puppet/services/octavia-worker.yaml +++ b/puppet/services/octavia-worker.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Octavia Worker service. diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 54e49b51..af85f4a3 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenDaylight SDN Controller. diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 105442bb..0d859be1 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenDaylight OVS Configuration. diff --git a/puppet/services/openvswitch-upgrade.yaml b/puppet/services/openvswitch-upgrade.yaml index fea1ba96..f6e78462 100644 --- a/puppet/services/openvswitch-upgrade.yaml +++ b/puppet/services/openvswitch-upgrade.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openvswitch package special handling for upgrade. diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 58b3d1f0..20c38d8a 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OVN databases configured with puppet diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 9998fcc1..1c89011c 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Pacemaker service configured with Puppet diff --git a/puppet/services/pacemaker/ceph-rbdmirror.yaml b/puppet/services/pacemaker/ceph-rbdmirror.yaml index 956b570e..7ecb64d1 100644 --- a/puppet/services/pacemaker/ceph-rbdmirror.yaml +++ b/puppet/services/pacemaker/ceph-rbdmirror.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Ceph RBD mirror service. diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml index 81bbc234..d888d4a4 100644 --- a/puppet/services/pacemaker/cinder-backup.yaml +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder Backup service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 1b0770f3..39914db5 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Cinder Volume service with Pacemaker configured with Puppet @@ -54,3 +54,18 @@ outputs: cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service (pacemaker) + tags: step1 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index e19d3a30..d8e942d0 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > MySQL with Pacemaker service deployment using puppet diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index c845d28c..5bc28ed4 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 7e5d25b5..0fb83939 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > HAproxy service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml index b21a45e6..12f6529c 100644 --- a/puppet/services/pacemaker/manila-share.yaml +++ b/puppet/services/pacemaker/manila-share.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > The manila-share service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 208a8f10..79257201 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > RabbitMQ service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index dc1752e2..74aaf599 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Pacemaker remote service configured with Puppet diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 6f11e0c0..a41e34f7 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Panko API service configured with Puppet. diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 84817bcf..a94d4ea5 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -34,11 +34,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + PankoDebug: + default: '' + description: Set to True to enable debugging Panko services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: PankoDebug}, '']} + outputs: role_data: description: Role data for the Panko role. @@ -55,7 +62,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - panko::debug: {get_param: Debug} + panko::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: PankoDebug } panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' panko::keystone::authtoken::user_domain_name: 'Default' diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index cf7715a4..0659a945 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Qpid dispatch router service configured with Puppet diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index c89dd709..1a42fdad 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > RabbitMQ service configured with Puppet diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index c84d4cea..3df4ce7c 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Sahara API service configured with Puppet diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 1ee6d175..c294e744 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -52,11 +52,18 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + SaharaDebug: + default: '' + description: Set to True to enable debugging Sahara services. + type: string SaharaPlugins: default: ["ambari","cdh","mapr","vanilla","spark","storm"] description: Sahara enabled plugin list type: comma_delimited_list +conditions: + service_debug_unset: {equals : [{get_param: SaharaDebug}, '']} + outputs: role_data: description: Role data for the Sahara base service. @@ -77,7 +84,11 @@ outputs: sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} - sahara::debug: {get_param: Debug} + sahara::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: SaharaDebug } # Remove admin_password when https://review.openstack.org/442619 is merged. sahara::admin_password: {get_param: SaharaPassword} sahara::use_neutron: true diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 3e0070a2..b6c108ea 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Sahara Engine service configured with Puppet diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml index 019ac969..84a370f0 100644 --- a/puppet/services/securetty.yaml +++ b/puppet/services/securetty.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configure securetty values diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index b374dfbe..0e7b6d2b 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Utility stack to convert an array of services into a set of combined diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index 325656eb..ffa5d317 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > SNMP client configured with Puppet, to facilitate Ceilometer Hardware @@ -40,6 +40,10 @@ parameters: description: An array of bind host addresses on which SNMP daemon will listen. type: comma_delimited_list default: ['udp:161','udp6:[::1]:161'] + SnmpdOptions: + description: A string containing the commandline options passed to snmpd + type: string + default: '-LS0-5d' outputs: role_data: @@ -50,6 +54,7 @@ outputs: tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} snmp::agentaddress: {get_param: SnmpdBindHost} + snmp::snmpd_options: {get_param: SnmpdOptions} tripleo.snmp.firewall_rules: '127 snmp': dport: 161 diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml index 7e908c4a..30058f03 100644 --- a/puppet/services/sshd.yaml +++ b/puppet/services/sshd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Configure sshd_config diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml index d8804c47..3066aecd 100644 --- a/puppet/services/swift-base.yaml +++ b/puppet/services/swift-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Swift Proxy service configured with Puppet diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 9bb9dd8f..9a304edb 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Swift Proxy service configured with Puppet @@ -61,6 +61,10 @@ parameters: description: Set to False to disable the swift proxy ceilometer pipeline. default: True type: boolean + SwiftCeilometerIgnoreProjects: + default: ['services'] + description: Comma-seperated list of project names to ignore. + type: comma_delimited_list RabbitClientPort: default: 5672 description: Set rabbit subscriber port, change this if using SSL @@ -116,6 +120,10 @@ outputs: swift::proxy::workers: {get_param: SwiftWorkers} swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index dc4e6457..3808dbcc 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Swift Ringbuilder diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 2388fd96..f1a9b930 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Swift Storage service configured with Puppet diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index e121feb3..5ced8c3c 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + TackerDebug: + default: '' + description: Set to True to enable debugging Tacker service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: TackerDebug}, '']} + outputs: role_data: description: Role data for the Tacker role. @@ -80,7 +87,11 @@ outputs: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tacker::debug: {get_param: Debug} + tacker::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: TackerDebug } tacker::rpc_backend: rabbit tacker::rabbit_userid: {get_param: RabbitUserName} tacker::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 56940812..92c3f9ef 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > NTP service deployment using puppet, this YAML file diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml index 2904222d..aece02cf 100644 --- a/puppet/services/time/timezone.yaml +++ b/puppet/services/time/timezone.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Composable Timezone service diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 94f1e973..9fb590ef 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > TripleO Firewall settings diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 7084b7f4..2b9b8834 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > TripleO Package installation settings diff --git a/puppet/services/vpp.yaml b/puppet/services/vpp.yaml index 62864bad..e3e28a2f 100644 --- a/puppet/services/vpp.yaml +++ b/puppet/services/vpp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Vpp service configured with Puppet diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index ea7ce980..416d86df 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > Openstack Zaqar service. Shared for all Heat services. @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ZaqarDebug: + default: '' + description: Set to True to enable debugging Zaqar service. + type: string ZaqarPassword: description: The password for Zaqar type: string @@ -54,6 +58,7 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} + service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} resources: @@ -78,7 +83,11 @@ outputs: zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - zaqar::debug: {get_param: Debug} + zaqar::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} zaqar::wsgi::apache::ssl: false diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index 2cfd43f4..4f967175 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: 'Upgrade for via ansible by applying a step related tag' parameters: |