aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/major_upgrade_steps.j2.yaml135
-rw-r--r--puppet/post.j2.yaml6
-rw-r--r--puppet/services/aodh-api.yaml3
-rw-r--r--puppet/services/gnocchi-api.yaml3
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml7
-rw-r--r--puppet/services/pacemaker.yaml18
6 files changed, 131 insertions, 41 deletions
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index b879fafa..3362a01f 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -1,6 +1,7 @@
{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% set batch_upgrade_steps_max = 3 -%}
{% set upgrade_steps_max = 6 -%}
+{% set deliver_script = {'deliver': False} -%}
heat_template_version: ocata
description: 'Upgrade steps for all roles'
@@ -17,6 +18,19 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
conditions:
# Conditions to disable any steps where the task list is empty
@@ -35,6 +49,45 @@ conditions:
resources:
+{% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {{role.name}}DeliverUpgradeScriptConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "set -eu\n\n"
+ - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
+ - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
+ - " crudini --set /etc/nova/nova.conf placement username placement\n\n"
+ - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
+ - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
+ - " crudini --set /etc/nova/nova.conf placement project_name service\n\n"
+ - " systemctl restart openstack-nova-compute\n\n"
+ - "fi\n\n"
+ - str_replace:
+ template: |
+ crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
+ crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME'
+ crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'
+ ROLE='ROLE_NAME'
+ params:
+ SERVICE_PASSWORD: { get_param: NovaPassword }
+ REGION_NAME: { get_param: KeystoneRegion }
+ AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ROLE_NAME: {{role.name}}
+ - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
+ - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
+
+ {{role.name}}DeliverUpgradeScriptDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
+{% endfor %}
+
# Upgrade Steps for all roles, batched updates
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
@@ -46,11 +99,22 @@ resources:
{{role.name}}UpgradeBatchConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
{%- if step > 0 %}
+ condition: {{role.name}}UpgradeBatchConfigEnabled
+ {% if role.name in enabled_roles %}
depends_on:
- {%- for dep in enabled_roles %}
- - {{dep.name}}UpgradeBatch_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
+ - {{role.name}}UpgradeBatch_Step{{step -1}}
+ {%- endif %}
+ {% else %}
+ {% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {% if deliver_script.update({'deliver': True}) %} {% endif %}
+ {% endfor %}
+ {% if deliver_script.deliver %}
+ depends_on:
+ {% endif %}
+ {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
+ - {{dep.name}}DeliverUpgradeScriptDeployment
+ {% endfor %}
+ {% endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
step: {{step}}
@@ -61,12 +125,13 @@ resources:
{{role.name}}UpgradeBatch_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
condition: {{role.name}}UpgradeBatchConfigEnabled
- {%- if step > 0 %}
+ {%- if step > 0 %}
depends_on:
- {%- for dep in enabled_roles %}
- - {{dep.name}}UpgradeBatch_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
+ - {{role.name}}UpgradeBatch_Step{{step -1}}
+ {% else %}
+ depends_on:
+ - {{role.name}}UpgradeBatchConfig_Step{{step}}
+ {%- endif %}
update_policy:
batch_create:
max_batch_size: {{role.upgrade_batch_size|default(1)}}
@@ -82,6 +147,32 @@ resources:
{%- endfor %}
{%- endfor %}
+# Dump the puppet manifests to be apply later when disable_upgrade_deployment
+# is to true
+{% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {{role.name}}DeliverPuppetConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - str_replace:
+ template: |
+ #!/bin/bash
+ cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT
+ PUPPET_CLASSES
+ ENDOFCAT
+ params:
+ PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]}
+
+ {{role.name}}DeliverPuppetDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}DeliverPuppetConfig}
+{% endfor %}
+
# Upgrade Steps for all roles
{%- for step in range(0, upgrade_steps_max) %}
# Config resources for step {{step}}
@@ -92,15 +183,12 @@ resources:
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
- depends_on:
{%- if step > 0 %}
- {%- for dep in enabled_roles %}
- - {{dep.name}}Upgrade_Step{{step -1}}
- {%- endfor %}
- {%- else %}
- {%- for dep in enabled_roles %}
- - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
- {%- endfor %}
+ condition: {{role.name}}UpgradeConfigEnabled
+ {% if role.name in enabled_roles %}
+ depends_on:
+ - {{role.name}}Upgrade_Step{{step -1}}
+ {% endif %}
{%- endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
@@ -111,17 +199,11 @@ resources:
{%- for role in enabled_roles %}
{{role.name}}Upgrade_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
+ {%- if step > 0 %}
condition: {{role.name}}UpgradeConfigEnabled
depends_on:
- {%- if step > 0 %}
- {%- for dep in enabled_roles %}
- - {{dep.name}}Upgrade_Step{{step -1}}
- {%- endfor %}
- {%- else %}
- {%- for dep in enabled_roles %}
- - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
- {%- endfor %}
- {%- endif %}
+ - {{role.name}}Upgrade_Step{{step -1}}
+ {%- endif %}
properties:
name: {{role.name}}Upgrade_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
@@ -154,4 +236,3 @@ outputs:
{% for role in roles %}
{{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}
-
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
index 39155c36..21202775 100644
--- a/puppet/post.j2.yaml
+++ b/puppet/post.j2.yaml
@@ -12,7 +12,11 @@ parameters:
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
-
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
DeployIdentifier:
default: ''
type: string
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 62c4b093..4bd9fc47 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -89,6 +89,3 @@ outputs:
- name: Stop aodh_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
- - name: Run aodh dbsync
- tags: step5
- command: aodh-dbsync
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 2a1ed2a3..23fcb2f6 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -131,6 +131,3 @@ outputs:
- name: Stop gnocchi_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
- - name: Run gnocchi upgrade
- tags: step5
- command: gnocchi-upgrade
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 71a0076f..3abd04f3 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -60,12 +60,6 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
- NeutronSupportedPCIVendorDevs:
- description: |
- List of supported pci vendor devices in the format VendorID:ProductID.
- By default Intel & Mellanox SR-IOV capable NICs are supported.
- type: comma_delimited_list
- default: ['15b3:1004','8086:10ca']
resources:
NeutronBase:
@@ -91,7 +85,6 @@ outputs:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
- neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index c47229f1..ca21cfbe 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -87,6 +87,10 @@ parameters:
\[(?<pid>[^ ]*)\]
(?<host>[^ ]*)
(?<message>.*)$/
+ PacemakerResources:
+ type: comma_delimited_list
+ description: List of resources managed by pacemaker
+ default: ['rabbitmq','haproxy']
outputs:
role_data:
@@ -127,3 +131,17 @@ outputs:
tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
step_config: |
include ::tripleo::profile::base::pacemaker
+ upgrade_tasks:
+ - name: Check pacemaker cluster running before upgrade
+ tags: step0,validation
+ pacemaker_cluster: state=online check_and_fail=true
+ - name: Stop pacemaker cluster
+ tags: step1
+ pacemaker_cluster: state=offline
+ - name: Start pacemaker cluster
+ tags: step4
+ pacemaker_cluster: state=online
+ - name: Check pacemaker resource
+ tags: step4
+ pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200
+ with_items: {get_param: PacemakerResources}