aboutsummaryrefslogtreecommitdiffstats
path: root/overcloud-without-mergepy.yaml
AgeCommit message (Collapse)AuthorFilesLines
2015-12-03Rename overcloud-without-mergepy to overcloud.Dan Prince1-1498/+1
Mergepy is gone. We can now rename our primary overcloud template to be more sensible. Change-Id: I14f5ff78b083b34590d30357df94c42ff6a0c2c0
2015-12-03Merge "Introduce domain configuration through parameter"Jenkins1-0/+11
2015-12-02Merge "Added libvirt_vif_driver, ovs_bridge and security_group_api parameters"Jenkins1-0/+15
2015-12-02Introduce domain configuration through parameterJuan Antonio Osorio Robles1-0/+11
Introduce configuration of the nodes' domains through a parameter. Change-Id: Ie012f9f2a402b0333bebecb5b59565c26a654297
2015-11-26Merge "Add net_vip_map_external to be used for an external balancer"Jenkins1-11/+11
2015-11-25Merge "Inject TLS certificate and keys for the Overcloud"Jenkins1-17/+1
2015-11-24Add net_vip_map_external to be used for an external balancerDan Prince1-11/+11
Changes VipMap into a new NetVipMap resource which defaults to being the same as the 'old' VipMap. An environment file can be used to map NetVipMap instead to the net_vip_map_external.yaml which allows for passing in explicit Virtual IP addresses. It also ensures that references to the Virtual IPs are gathered from the VipMap resource and allows for an empty ControlPlaneIP parameter in the neutron port templates where it can be. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ifad32e18f12b9997e3f89e4afe3ebc4c30e14a86
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles1-17/+1
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
2015-11-19Implement Advanced Firewalling supportEmilien Macchi1-0/+10
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-18Merge "Implement Neutron enable_isolated_metadata parameters"Jenkins1-0/+5
2015-11-17Added libvirt_vif_driver, ovs_bridge and security_group_api parametersLokesh Jain1-0/+15
Made libvirt_vif_driver, ovs_bridge and security_group_api parameters in nova as configurable parameters through heat templates Change-Id: I3f355c31a64912baa1a159d59f0fa9089f77b8f4
2015-11-17neutron: enable nova-event-callback by defaultEmilien Macchi1-0/+1
* Add NovaApiVirtualIP string parameter. * Compute nova_url and nova_admin_auth_url parameters. * Configure in Hiera neutron::server::notifications::* parameters. * non-ha: include ::neutron::server::notifications * ha: include ::neutron::server::notifications and create orchestration * Set vif_plugging_is_fatal to True so we actually fail if Neutron is not able to create the VIF during Nova server creation workflow. Depends-On: I21dc10396e92906eab4651c318aa2ee62a8e03c7 Change-Id: I02e41f87404e0030d488476680af2f6d45af94ff
2015-11-17Implement Neutron enable_isolated_metadata parametersCyril Lopez1-0/+5
* Use the parameter in Puppet configuration (Hiera) to configure neutron BZ-1273303 Change-Id: Ic5a7a1f13fd2bc800cadc3a78b1daadbc0394787 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2015-11-17Merge "Add support for enabling L2 population in Neutron"Jenkins1-0/+7
2015-11-16Add support for enabling L2 population in NeutronBrent Eagles1-0/+7
This change adds support for enabling/disabling L2 population in Neutron agents. It currently defaults to false. Change-Id: I3dd19feb4acb1046bc560b35e5a7a111364ea0d7
2015-11-16Merge "Make CloudName available for Endpoints"Jenkins1-0/+1
2015-11-13Merge "Refacter Endpoints into EndpointMap"Jenkins1-20/+20
2015-11-11Add DeployIdentifier overcloud parameterDan Prince1-0/+11
We've heard from end users that it is confusing that puppet isn't re-executed on a heat stack-update. This patch adds a new DeployIdentifier parameter which we can set via client tooling (tripleoclient) to a unique value so that on each heat stack-update we always execute all of our configuration deployments. Change-Id: Ic352ddd30807dc378e5e7b6c396bc53f5d6d5622 Related-bug: #1505430
2015-11-11Merge "Allow a user to specify a comma separated list of ntp servers"Jenkins1-1/+2
2015-11-11Make CloudName available for EndpointsMark Chappell1-0/+1
CloudName is the DNS name for the public VIP this means we will likely want it available for use in the endpoint hostnames, rather than people needing to copy and paste the same hostname Change-Id: Ic6d708b083244442195eee890de91bbc7e133ec2
2015-11-11Refacter Endpoints into EndpointMapMark Chappell1-20/+20
Because many of the service endpoints URLs use the same patterns for generating the URLs it makes sense to use the same templates to reduce the copy and paste. In the process also adds support for explicitly specifying hostnames for use in the endpoints. Note: DNS must be pre-configured. The Heat templates do not directly configure DNS. Change-Id: Ie3270909beca3d63f2d7e4bcb04c559380ddc54d Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2015-10-19Align some defaults with with ControllerCount defaultSteven Hardy1-2/+2
NeutronDhcpAgentsPerNetwork is normally correlated with the number of controllers, so given that the template defaults the ControllerCount to 1, 1 seems like a more consistent value for NeutronDhcpAgentsPerNetwork, and it's consistent with what we test in CI. Also NeutronL3HA defaults to False, which is consistent with the default ControllerCount of 1, but NeutronAllowL3AgentFailover defaults to True, which I assume makes no sense if there's only 1 controller and no HA Change-Id: I4612060979d1e4381800f30e359f58aeef61b861
2015-10-19Allow ctlplane network or ID, and default to "ctlplane"Steven Hardy1-3/+3
Currently you always have to pass the ctlplane ID because we're still using the deprecated network_id property for the neutron port resource. Since Juno, heat has supported a "network" property, which is used elsewhere, e.g the nested port stacks, so switch to using it in the overcloud-without-mergepy template, and flip the default to a more useful "ctlplane" vs an empty string. This means the stack create should just work on commonly documented deployments without requiring any parameter. Change-Id: Ifcea36d26b795c5e8b80accd8112e23b254127be
2015-10-19Update overcloud template description and Count constraintsSteven Hardy1-2/+6
Currently there's a vague list of services in the description, so instead describe the roles supported for deployment, and encode the minimum allowed of one Controller/Compute with zero Storage nodes in the parameter constraints. Change-Id: Ib4917843f3e4770f0260db72719ed6af0ee8dc13
2015-10-16Merge "Puppet / Compute: allow to run Ephemeral only storage with RBD"Jenkins1-4/+5
2015-10-16Merge "Allow a deployer to specify HAProxy syslog server address"Jenkins1-0/+5
2015-10-15Allow a user to specify a comma separated list of ntp serversYanis Guenane1-1/+2
This commits aims to allow a user to specify several ntp servers and not just one. Example: openstack overcloud deploy --templates --ntp-server 0.centos.pool.org,1.centos.pool.org Change-Id: I4925ef1cf1e565d789981e609c88a07b6e9b28de
2015-10-14Merge "Set shared secrets, keys and passwords as hidden"Jenkins1-0/+4
2015-10-13Merge "Parameterize RabbitMQ FD limit"Jenkins1-0/+6
2015-10-13Add more components virtual ip mapping into controller.Yanis Guenane1-0/+4
Currently only Glance and Heat have their virtual IP passed to the contrller directly. This commit adds the same feature for : * Ceilometer * Cinder * Nova * Swift Change-Id: I295d15d7a0aa33175a5530e3b155b0c61983b6ae
2015-10-13Parameterize RabbitMQ FD limitGiulio Fidente1-0/+6
Together with [1] this change permits to parameterize the file descriptor limit for RabbitMQ for both the Systemd startup script and the Pacemaker resource agent. 1. https://github.com/puppetlabs/puppetlabs-rabbitmq/commit/20325325b977c508b151ef8036107dcfefdf990b Closes-Bug: 1474586 Change-Id: I62d31e483641ccb5cf489df81146ecb31d0c423f
2015-10-13Allow a deployer to specify HAProxy syslog server addressYanis Guenane1-0/+5
This commit aims to allow a deployer to specify where to send haproxy's logs. It is backward compatible with what is already in place and send the logs to the UNIX socket /dev/log The value specified here will be written in the haproxy.cfg file with the following behavior HAProxySyslogAddress: 127.0.0.1 -> log 127.0.0.1 local0 HAProxySyslogAddress: ::1 -> log ::1 local0 HAProxySyslogAddress: /dev/log -> log /dev/log local0 (default) Change-Id: I46c489a1f424e2219d129f332e64c64019aef850 Depends-On: If7f7c8154e544e5d8a49f79f642e1ad01644a66d
2015-10-12Puppet / Compute: allow to run Ephemeral only storage with RBDEmilien Macchi1-4/+5
This patch allows the case where we're not running Ceph to host Persistent storage (volumes) but just to host Ephemeral storage (VMs). Before we were only allowing Ephemeral storage on Ceph when also Persistent storage was using Ceph. Change-Id: I03b775326e4424de413452f4453d4d88de0083bc
2015-10-12Set shared secrets, keys and passwords as hiddenJuan Antonio Osorio Robles1-0/+4
Change-Id: Ieb27729c6b33ffc849d07200ec0d42508214956e Closes-Bug: #1399793
2015-10-12Allow one to specify horizon ALLOWED_HOSTSYanis Guenane1-0/+5
If horizon is running in production (DEBUG is False), it will answer only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the local_settings.py configuration file. The puppet-horizon module offer the feature to customize that, tripleo-heat-teamplates was missing the link between the top-level parameter and the puppet parameter, hence this commit. More info : * https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts * https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24 Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
2015-10-08Ensure Glance API reaches Registry using the service VIPGiulio Fidente1-0/+1
Previously the Registry service was reached using the local IP. Change-Id: I8f2b7275cd39d8a5358d8ce69f4f7e5bc7758b62
2015-09-25Adding core_plugin, type_drivers and service_plugins parametersShiva Prasad Rao1-0/+23
Make core_plugin, type_drivers and service_plugins parameter in neutron configurable through heat. Also changing the type_drivers order to "vxlan,vlan,flat,gre" Change-Id: Iba895ed5897bdaf7bb772ffc063c424abb6e1638
2015-09-17Add "AllNodes" ExtraConfig interfaceSteven Hardy1-6/+26
Adds hook to enable additional "AllNodes" config to be performed prior to applying puppet - this is useful when you need to build configuration data which requires knowledge of all nodes in a cluster, or of the entire deployment. As an example, there is a sample config template which collects the hostname and mac addresses for all nodes in the deployment then writes the data to all Controller nodes. Something similar to this may be required to enable creation of the nexus_config in https://review.openstack.org/#/c/198754/ There's also another, simpler, example which shows how you could share the output of an OS::Heat::RandomString between nodes. Change-Id: I8342a238f50142d8c7426f2b96f4ef1635775509
2015-09-17Merge "network validation to ping test each interface"Jenkins1-0/+48
2015-09-15Merge "switch to vxlan by default"Jenkins1-2/+2
2015-09-05Set default KeystoneAdminApiNetwork to ctlplaneDan Prince1-1/+1
Moves the default KeystoneAdminApiNetwork setting to the ctlplane so that the undercloud will always have easy access to be able to configure endpoints. Change-Id: I1f6aba62b98820b678cce1ca16e72a0c3d045720
2015-09-05Keystone network isolation fixesDan Prince1-1/+6
This patch adds explicit nested stack parameters to help manage use of the Keystone Admin API vs. the Keystone Public API. We also add a new output parameter specifically for the Keystone admin API VIP. This can be useful when configuring keystone endpoints with network isolation. Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
2015-09-05Merge "Support for using external Ceph clusters"Jenkins1-0/+11
2015-09-05Allow 'ctlplane' to be used within Net IP MapsDan Prince1-0/+2
When using network isolation you might want to selective move one of the services back to the default ctlplane network by simply using the ServiceNetMap parameter. This patch adds ctlplane to the output parameters for both the net_ip_map and net_ip_list_map nested stacks so that this is possible. As part of this patch we also split out the NetIpSubnetMap into its own unique nested stack so that the Heat input parameters for this stack are more clearly named. Change-Id: Iaa2dcaebeac896404e87ec0c635688b2a59a9e0f
2015-08-21switch to vxlan by defaultMike Burns1-2/+2
VXLAN has better performance (20-25% better) NICs with VXLAN offload are more common Change-Id: If57c79a1309ae178b3e82d54bb101dde584c86cc Related: rhbz#1244864
2015-08-18Enable Keystone notificationsGiulio Fidente1-0/+12
This change enables Keystone notifications and adds two parameters to control the notification driver and format. Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
2015-08-13Support for using external Ceph clustersDan Prince1-0/+11
This patch adds support for using an externally managed Ceph cluster with the TripleO Heat templates. For an externally managed Ceph cluster we initially only deploy the Ceph client tools, install the 'openstack' user keyring, and generate the ceph.conf. This matches what we do for managed Ceph installations and is a good first start. No other Ceph related services are installed or managed. To enable use of a Ceph external cluster simply add the custom Heat environment file environments/puppet-ceph-external.yaml to your heat stack create/update command and make sure to set the required CephClientKey, CephExternalMonHost, and CephClusterFSID variables. Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
2015-07-24network validation to ping test each interfaceDan Prince1-0/+48
This patches wires in a new "all nodes" validation resource that can be used to add validations that occur early on during the deployment process. This occurs after the nodes have been brought online and the initial networks have been configured but before any "post" (puppet, etc.) sort of configuration has been executed. A initial validation script has been added to ping test network IPs on each network. When using network isolation this will ensure network connectivity (vlans, etc) are working on each node and if not the heat stack will fail early, allowing time to fix the network connections and retry the stack creation via an update. Change-Id: I63cf95b27e8ad2aed48718cf84df5f324780e597 Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
2015-07-24Merge "NFS backend for Cinder"Jenkins1-0/+20
2015-07-23Merge "Wire in hieradata overrides via ExtraConfig for CephStorage"Jenkins1-0/+8
n class="o">="requirements_pkg_${section}[*]" pkg_list+=" ${!section_var}" done # shellcheck disable=SC2086 ${pkg_cmd} ${pkg_list} fi if ! virsh list >/dev/null 2>&1; then notify "[ERROR] This script requires hypervisor access\n" 1>&2 exit 1 fi # Clone git submodules and apply our patches make -C "${REPO_ROOT_PATH}/mcp/patches" deepclean patches-import # Convert Pharos-compatible POD Descriptor File (PDF) to reclass model input PHAROS_GEN_CONFIG_SCRIPT="./pharos/config/utils/generate_config.py" PHAROS_INSTALLER_ADAPTER="./pharos/config/installers/fuel/pod_config.yml.j2" BASE_CONFIG_PDF="${BASE_CONFIG_URI}/labs/${TARGET_LAB}/${TARGET_POD}.yaml" BASE_CONFIG_IDF="${BASE_CONFIG_URI}/labs/${TARGET_LAB}/idf-${TARGET_POD}.yaml" LOCAL_PDF="${STORAGE_DIR}/$(basename "${BASE_CONFIG_PDF}")" LOCAL_IDF="${STORAGE_DIR}/$(basename "${BASE_CONFIG_IDF}")" LOCAL_PDF_RECLASS="${STORAGE_DIR}/pod_config.yml" if ! curl --create-dirs -o "${LOCAL_PDF}" "${BASE_CONFIG_PDF}"; then if [ "${DEPLOY_TYPE}" = 'baremetal' ]; then notify "[ERROR] Could not retrieve PDF (Pod Descriptor File)!\n" 1>&2 exit 1 else notify "[WARN] Could not retrieve PDF (Pod Descriptor File)!\n" 3 fi elif ! curl -o "${LOCAL_IDF}" "${BASE_CONFIG_IDF}"; then notify "[WARN] POD has no IDF (Installer Descriptor File)!\n" 3 elif ! "${PHAROS_GEN_CONFIG_SCRIPT}" -y "${LOCAL_PDF}" \ -j "${PHAROS_INSTALLER_ADAPTER}" > "${LOCAL_PDF_RECLASS}"; then notify "[ERROR] Could not convert PDF to reclass model input!\n" 1>&2 exit 1 fi # Check scenario file existence SCENARIO_DIR="../config/scenario" if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then notify "[WARN] ${DEPLOY_SCENARIO}.yaml not found!\n" 3 notify "[WARN] Setting simplest scenario (os-nosdn-nofeature-noha)\n" 3 DEPLOY_SCENARIO='os-nosdn-nofeature-noha' if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then notify "[ERROR] Scenario definition file is missing!\n" 1>&2 exit 1 fi fi # Check defaults file existence if [ ! -f "${SCENARIO_DIR}/defaults-$(uname -i).yaml" ]; then notify "[ERROR] Scenario defaults file is missing!\n" 1>&2 exit 1 fi # Get required infra deployment data set +x eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")" eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml")" eval "$(parse_yaml "${LOCAL_PDF_RECLASS}")" [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x export CLUSTER_DOMAIN=${cluster_domain} # Serialize vnode data as '<name0>,<ram0>,<vcpu0>|<name1>,<ram1>,<vcpu1>[...]' for node in "${virtual_nodes[@]}"; do virtual_custom_ram="virtual_${node}_ram" virtual_custom_vcpus="virtual_${node}_vcpus" virtual_nodes_data+="${node}," virtual_nodes_data+="${!virtual_custom_ram:-$virtual_default_ram}," virtual_nodes_data+="${!virtual_custom_vcpus:-$virtual_default_vcpus}|" done virtual_nodes_data=${virtual_nodes_data%|} # Serialize repos, packages to (pre-)install/remove for: # - foundation node VM base image (virtual: all VMs, baremetal: cfg01|mas01) # - virtualized control plane VM base image (only when VCP is used) base_image_flavors=common if [[ "${cluster_states[*]}" =~ virtual_control ]]; then base_image_flavors+=" control" fi for sc in ${base_image_flavors}; do for va in apt_keys apt_repos pkg_install pkg_remove; do key=virtual_${sc}_${va} eval "${key}=\${${key}[@]// /|}" eval "${key}=\${${key}// /,}" virtual_repos_pkgs+="${!key}^" done done virtual_repos_pkgs=${virtual_repos_pkgs%^} # Expand reclass and virsh network templates for tp in "${RECLASS_CLUSTER_DIR}/all-mcp-arch-common/opnfv/"*.template \ net_*.template; do eval "cat <<-EOF $(<"${tp}") EOF" 2> /dev/null > "${tp%.template}" done # Convert Pharos-compatible PDF to reclass network definitions if [ "${DEPLOY_TYPE}" = 'baremetal' ]; then find "${RECLASS_CLUSTER_DIR}" -name '*.j2' | while read -r tp do if ! "${PHAROS_GEN_CONFIG_SCRIPT}" -y "${LOCAL_PDF}" \ -j "${tp}" > "${tp%.j2}"; then notify "[ERROR] Could not convert PDF to reclass network defs!\n" exit 1 fi done fi # Map PDF networks 'admin', 'mgmt', 'private' and 'public' to bridge names BR_NAMES=('admin' 'mgmt' 'private' 'public') BR_NETS=( \ "${paramaters__param_opnfv_infra_maas_pxe_address}" \ "${parameters__param_opnfv_infra_config_address}" \ "${parameters__param_opnfv_openstack_compute_node01_tenant_address}" \ "${parameters__param_opnfv_openstack_compute_node01_external_address}" \ ) for ((i = 0; i < ${#BR_NETS[@]}; i++)); do br_jump=$(eval echo "\$parameters__param_opnfv_jump_bridge_${BR_NAMES[i]}") if [ -n "${br_jump}" ] && [ "${br_jump}" != 'None' ] && \ [ -d "/sys/class/net/${br_jump}/bridge" ]; then notify "[OK] Bridge found for '${BR_NAMES[i]}': ${br_jump}\n" 2 OPNFV_BRIDGES[${i}]="${br_jump}" elif [ -n "${BR_NETS[i]}" ]; then bridge=$(ip addr | awk "/${BR_NETS[i]%.*}./ {print \$NF; exit}") if [ -n "${bridge}" ] && [ -d "/sys/class/net/${bridge}/bridge" ]; then notify "[OK] Bridge found for net ${BR_NETS[i]%.*}.0: ${bridge}\n" 2 OPNFV_BRIDGES[${i}]="${bridge}" fi fi done notify "[NOTE] Using bridges: ${OPNFV_BRIDGES[*]}\n" 2 # Infra setup if [ ${DRY_RUN} -eq 1 ]; then notify "[NOTE] Dry run, skipping all deployment tasks\n" 2 1>&2 exit 0 elif [ ${USE_EXISTING_INFRA} -gt 0 ]; then notify "[NOTE] Use existing infra\n" 2 1>&2 check_connection else generate_ssh_key prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}" update_mcpcontrol_network start_vms "${virtual_nodes[@]}" check_connection fi if [ ${USE_EXISTING_INFRA} -lt 2 ]; then wait_for 5 "./salt.sh ${LOCAL_PDF_RECLASS}" fi # Openstack cluster setup set +x if [ ${INFRA_CREATION_ONLY} -eq 1 ] || [ ${NO_DEPLOY_ENVIRONMENT} -eq 1 ]; then notify "[NOTE] Skip openstack cluster setup\n" 2 else for state in "${cluster_states[@]}"; do notify "[STATE] Applying state: ${state}\n" 2 # shellcheck disable=SC2086,2029 wait_for 5 "ssh ${SSH_OPTS} ${SSH_SALT} sudo \ CI_DEBUG=$CI_DEBUG ERASE_ENV=$ERASE_ENV \ /root/fuel/mcp/config/states/${state}" done fi ./log.sh "${DEPLOY_LOG}" popd > /dev/null # # END of main ##############################################################################