aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/blockstorage-role.yaml19
-rw-r--r--puppet/cephstorage-role.yaml19
-rw-r--r--puppet/compute-role.yaml21
-rw-r--r--puppet/controller-role.yaml20
-rw-r--r--puppet/objectstorage-role.yaml19
-rw-r--r--puppet/role.role.j2.yaml19
-rw-r--r--puppet/services/disabled/ceilometer-expirer-disabled.yaml22
-rw-r--r--puppet/services/gnocchi-base.yaml2
-rw-r--r--puppet/services/kernel.yaml2
-rw-r--r--puppet/services/mistral-api.yaml44
-rw-r--r--puppet/services/nova-compute.yaml2
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml15
-rw-r--r--puppet/services/swift-proxy.yaml8
13 files changed, 198 insertions, 14 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 3fc663fb..d66cbd90 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -132,6 +132,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
BlockStorage:
@@ -362,6 +376,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -385,6 +400,7 @@ resources:
BlockStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: BlockStorageUpgradeInitDeployment
server: {get_resource: BlockStorage}
@@ -393,6 +409,7 @@ resources:
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: BlockStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: BlockStorageDeployment
server: {get_resource: BlockStorage}
@@ -459,6 +476,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@@ -555,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the block storage server
value:
{get_resource: BlockStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 295e64f5..d4dfa719 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -138,6 +138,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
CephStorage:
@@ -368,6 +382,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -391,6 +406,7 @@ resources:
CephStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: CephStorageUpgradeInitDeployment
server: {get_resource: CephStorage}
@@ -399,6 +415,7 @@ resources:
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: CephStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: CephStorageDeployment
config: {get_resource: CephStorageConfig}
@@ -471,6 +488,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: CephStorage}
@@ -566,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the ceph storage server
value:
{get_resource: CephStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 05318f3f..ff1f6d2a 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -150,6 +150,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
@@ -382,6 +396,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -408,6 +423,7 @@ resources:
NovaComputeUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: NovaComputeUpgradeInitDeployment
server: {get_resource: NovaCompute}
@@ -459,6 +475,7 @@ resources:
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NovaComputeUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: NovaComputeDeployment
config: {get_resource: NovaComputeConfig}
@@ -494,6 +511,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@@ -609,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
- {get_resource: NovaCompute} \ No newline at end of file
+ {get_resource: NovaCompute}
+ condition: server_not_blacklisted
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 163ba57b..9bf110d5 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -164,6 +164,13 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
parameter_groups:
- label: deprecated
@@ -171,6 +178,14 @@ parameter_groups:
parameters:
- controllerExtraConfig
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
+
+
resources:
Controller:
@@ -400,6 +415,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: PreNetworkConfig
properties:
name: NetworkDeployment
@@ -441,6 +457,7 @@ resources:
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
ControllerUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: ControllerUpgradeInitDeployment
@@ -449,6 +466,7 @@ resources:
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
@@ -532,6 +550,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
@@ -649,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
+ condition: server_not_blacklisted
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 7ee12b19..2f7056c4 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -132,6 +132,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
@@ -362,6 +376,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -385,6 +400,7 @@ resources:
SwiftStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: SwiftStorageUpgradeInitDeployment
server: {get_resource: SwiftStorage}
@@ -430,6 +446,7 @@ resources:
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
depends_on: SwiftStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: SwiftStorageHieraDeploy
server: {get_resource: SwiftStorage}
@@ -458,6 +475,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: SwiftStorage}
@@ -553,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index dbb517f0..7acf2dfb 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -154,6 +154,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
{{role}}:
@@ -384,6 +398,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -410,6 +425,7 @@ resources:
{{role}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: {{role}}UpgradeInitDeployment
server: {get_resource: {{role}}}
@@ -418,6 +434,7 @@ resources:
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
depends_on: {{role}}UpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: {{role}}Deployment
config: {get_resource: {{role}}Config}
@@ -492,6 +509,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@@ -588,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for {{role}} server
value:
{get_resource: {{role}}}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
index e6d8ee6e..9b7b47ef 100644
--- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml
+++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
@@ -27,12 +27,24 @@ parameters:
via parameter_defaults in the resource registry.
type: json
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
outputs:
role_data:
- description: Role data for the disabled Ceilometer Expirer role.
+ description: Role data for the disabling Ceilometer Expirer role.
value:
service_name: ceilometer_expirer_disabled
- upgrade_tasks:
- - name: Stop and disable ceilometer_expirer service on upgrade
- tags: step1
- service: name=openstack-ceilometer-expirer state=stopped enabled=no
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::expirer::enable_cron: false
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::expirer
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index d62c349e..012bd727 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -76,7 +76,7 @@ outputs:
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- gnocchi::db::sync::extra_opts: '--skip-storage'
+ gnocchi::db::sync::extra_opts: ''
gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 3
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 3f9b0b7e..c142b475 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -77,6 +77,8 @@ outputs:
value: 0
net.ipv4.conf.all.send_redirects:
value: 0
+ net.ipv4.conf.all.arp_accept:
+ value: 1
net.ipv4.conf.default.accept_redirects:
value: 0
net.ipv4.conf.default.secure_redirects:
diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml
index 00406736..b865ec1f 100644
--- a/puppet/services/mistral-api.yaml
+++ b/puppet/services/mistral-api.yaml
@@ -36,8 +36,21 @@ parameters:
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
MistralBase:
type: ./mistral-base.yaml
properties:
@@ -57,12 +70,25 @@ outputs:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
+ mistral::api::service_name: 'httpd'
+ mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::wsgi::apache::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ - if:
+ - mistral_workers_zero
+ - {}
+ - mistral::wsgi::apache::workers: {get_param: MistralWorkers}
service_config_settings:
get_attr: [MistralBase, role_data, service_config_settings]
step_config: |
@@ -79,10 +105,16 @@ outputs:
grep '\bactive\b'
when: mistral_api_enabled.rc == 0
tags: step0,validation
- - name: Stop mistral_api service
+ - name: check for mistral_api running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi"
+ register: mistral_api_apache
+ ignore_errors: true
+ - name: Stop mistral_api service (running under httpd)
tags: step1
- service: name=openstack-mistral-api state=stopped
- - name: Install openstack-mistral-api package if it was disabled
- tags: step3
- yum: name=openstack-mistral-api state=latest
- when: mistral_api_enabled.rc != 0
+ service: name=httpd state=stopped
+ when: mistral_api_apache.rc == 0
+ - name: Stop and disable mistral_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: mistral_api_enabled.rc == 0
+ service: name=openstack-mistral-api state=stopped enabled=no
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 16ccb9e0..e39e997a 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -72,7 +72,7 @@ parameters:
description: >
Reserved RAM for host processes.
type: number
- default: 2048
+ default: 4096
constraints:
- range: { min: 512 }
MonitoringSubscriptionNovaCompute:
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index 659368a4..39914db5 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -54,3 +54,18 @@ outputs:
cinder::host: hostgroup
step_config:
include ::tripleo::profile::pacemaker::cinder::volume
+ upgrade_tasks:
+ - name: Stop cinder_volume service (pacemaker)
+ tags: step1
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: disable
+ wait_for_resource: true
+ - name: Sync cinder DB
+ tags: step5
+ command: cinder-manage db sync
+ - name: Start cinder_volume service (pacemaker)
+ tags: step5
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index f3b7ee4a..9a304edb 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -61,6 +61,10 @@ parameters:
description: Set to False to disable the swift proxy ceilometer pipeline.
default: True
type: boolean
+ SwiftCeilometerIgnoreProjects:
+ default: ['services']
+ description: Comma-seperated list of project names to ignore.
+ type: comma_delimited_list
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
@@ -116,6 +120,10 @@ outputs:
swift::proxy::workers: {get_param: SwiftWorkers}
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+ swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ swift::proxy::ceilometer::password: {get_param: SwiftPassword}
+ swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
swift::proxy::ceilometer::nonblocking_notify: true
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}