summaryrefslogtreecommitdiffstats
path: root/overcloud.j2.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-21Merge "Add environment to preselect only VIP IP addresses"Jenkins1-1/+3
2017-04-18Merge "SSH known_hosts config"Jenkins1-0/+17
2017-04-18Merge "Add RoleNetIpMap output to overcloud.j2.yaml"Jenkins1-0/+6
2017-04-13SSH known_hosts configOliver Walsh1-0/+17
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-12Add tags to rolesAlex Schultz1-1/+9
Prior to Ocata, the Controller role was hardcoded for various lookups. When we switched to having the primary role name being dynamically pulled from the roles_data.yaml using the first role as the primary role as part of I36df7fa86c2ff40026d59f02248af529a4a81861, it introduced a regression for folks who had previously been using a custom roles file without the Controller being listed first. Instead of relying on the position of the role in the roles data, this change adds the concepts of tags to the role data that can be used when looking for specific functionality within the deployment process. If no roles are specified with this the tags indicating a 'primary' 'controller', it will fall back to using the first role listed in the roles data as the primary role. Change-Id: Id3377e7d7dcc88ba9a61ca9ef1fb669949714f65 Closes-Bug: #1677374
2017-04-11Add RoleNetIpMap output to overcloud.j2.yamlSteven Hardy1-0/+6
To enable easier detection of the IPs associated with nodes (such as to enable the tripleo-validations ansible inventory to work with custom roles more easily) expose the data we already have about the nodes/roles and the list of IPs for each network. Change-Id: I5667a142f47fbff120c703bedadd8b6e163c9480
2017-04-07Add environment to preselect only VIP IP addressesDan Sneddon1-1/+3
This change adds two files which demonstrate manipulation of the VIP IP addresses without using an external load balancer. This allows the configuration of DNS, or allows for continuity when replacing an existing environment. The fixed IPs for the virtual IPs are set using the new parameters, and this change also adds a RedisVirtualFixedIPs parameter for setting the Redis VIP. Partial-Bug: https://bugs.launchpad.net/tripleo/+bug/1604946 Change-Id: I4e926f1c6b30d4009d24a307bc21e07e1731b387
2017-04-03Merge "Remove useless trailing '\n' in /etc/hosts file."Jenkins1-1/+1
2017-03-30Merge "Add NodeCreateBatchSize parameter"Jenkins1-0/+8
2017-03-27Remove 'Controller' role references from overcloud.j2.yamlDan Prince1-6/+6
This patch again removes hard coded role references to the overcloud.yaml template that was added in fd15a091f7ab6927833275df17b96ecacc2b1827. This breaks the composable undercloud work (undercloud-containers ci job as well). Change-Id: Ie30b2573dc4d2b45ebc0afc0e0d73bfdf41e4d4b Closes-bug: #1676528
2017-03-22Remove useless trailing '\n' in /etc/hosts file.Gael Chamoulaud1-1/+1
In HA deployment mode, we've got some trailing '\n' generated at the beginning of each controller role nodes line in the undercloud /etc/hosts [1]. [1] - http://paste.openstack.org/show/603721/ Closes-Bug: #1674697 Change-Id: Ic38bc2a5df79dadf72025f207e91a38cc0ab0a92 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2017-03-17Add NodeCreateBatchSize parameterSteven Hardy1-0/+8
This uses the heat resource group batched create feature to ensure we don't create more than 30 nodes at a time, which has been reported as the maximum supported by the default ironic ipxe/TFTP configuration. Change-Id: If3651e4c465d8d7bd4c8f2b48d45b1272ff2d272
2017-03-17Pick dynamically the first node for stack validationLuca Lorenzetto1-6/+18
When replacing the controller node with resource id 0, AllNodesValidation will fail because there is an hardcoded reference to resource.0. With this commit the id for validation is extracted dynamically with yaql query, picking the first available. Thanks to Steven Hardy for pointing to the right direction. Change-Id: I8f2bfacbc005d948bd31ebd51c3d3df3182d5a3c Closes-Bug: #1673439
2017-02-27Merge "Don't recalculate EndpointMap to get outputs"Jenkins1-2/+8
2017-02-15docker: new hybrid deployment architecture and configurationDan Prince1-5/+17
This patch implements a new docker deployment architecture that should us to install docker services in a stepwise manner alongside of baremetal puppet services. This works by using Yaql to select docker specific services (docker/services/*.yaml) vs the puppet specific ones and then applying the selected Json to relevant Heat software deployments for docker and baremetal puppet in a stepwise fashion. Additionally the new architecture leverages new composable services interfaces from Newton to allow configuration of per-service container configuration sets (directories that are bind mounted into kolla containers) by using the Kolla containers themselves. It does this by spinning up a throw away "configuration only" version of the container being configured itself, then running the puppet apply in that container and copying the generated config files into /var/lib/config-data. This avoids having to install all of the OpenStack dependency packages in the heat-agent-container itself (our previous approach) and should allow us to configure a much wider variety of container config files that would otherwise be impossible with the previous shared approach. The new approach (combined) should allow us to configure containers in both the undercloud and overcloud and incrementally add CI coverage to services as we containerize them. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
2017-02-10Delivers upgrade scripts where upgrade steps are disabledmarios1-0/+1
This delivers a /root/tripleo_upgrade_node.sh to those nodes that have the disable_upgrade_deployment flag set to true. They will later be upgraded manually by the operator who will invoke the script delivered here using upgrade-non-controller.sh We can also deliver any service specific upgrade configuration, such as configuring nova-compute to use the placement API as this is required in order for placement to be configured and installed during the subsequent upgrade steps for controller services. This removes the compute and swift specific upgrade scripts as they are now merged into the common tripleo_upgrade_node.sh - removing any hard coded reference to a particular role name (compute/objectstorage) and only relying on the disable_upgrade_deployment is roles_data.yaml Change-Id: I4531a4038b78087ef4a1a62c35f1328822427817 Co-Authored-By: Mathieu Bultel <mbultel@redhat.com>
2017-02-03Don't recalculate EndpointMap to get outputsZane Bitter1-2/+8
As of Ocata, whenever Heat needs to get the value of an output from a nested Stack it will still load the Stack in memory and re-resolve the output value. This means that the EndpointMap's endpoint_map output, which is huge, gets loaded and recalculated whenever showing the EndpointMap or KeystoneUrl outputs of the main (overcloud) stack. To avoid this, store the value locally in an OS::Heat::Value resource. This means that the EndpointMap will only be resolved once, during the stack create/update, and the outputs can refer to that value. Change-Id: Ia79eceeea309f5508713a310849f5d366a035430 Depends-On: If0f80cab94c28514d1569b1025362ab9d9d31512
2017-02-03Disable puppet on upgrade for roles not upgradingSteven Hardy1-17/+3
Where the role has disabled upgrades, we need to skip both the ansible and puppet steps. To do this we refactor the post.j2.yaml so that it can be included in the upgrade template with an adjusted list of roles. Note this requires https://review.openstack.org/#/c/425220/ - this change will be required for local testing of this patch (run mistral-db-mange populate after updating tripleo-common and restart the mistral services, or update your repos and re-run openstack undercloud install). Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
2017-01-16Fix for AllNodesExtraConfig and fix environment files to create swap ↵Carlos Camacho1-1/+2
files/partitions This submission: - Fix an error in the AllNodesExtraConfig resource. (Can't merge servers multiple times). - Add environment files to deploy swap file/partition without manual edit over the templates. - If a swap partition is mounted without having it available the deployment will fail, the fix checks that if the partition is not created then the deployment continues. - Removing empty extra lines in swap templates. - Adjust description and remove unnecessary comments in swap templates. Closes-Bug: 1652184 Change-Id: I828bbbbd4c178956aac74af49f80fcd4f62fa16b
2017-01-06Template and role support for the undercloudDan Prince1-9/+10
Add a new roles data YAML file and environment to help create the undercloud via t-h-t. Partially-implements: blueprint heat-undercloud Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-22Merge "Add hook to generate metadata from service profiles"Jenkins1-0/+1
2016-12-22Add hook to generate metadata from service profilesJuan Antonio Osorio Robles1-0/+1
This enables the deployer to dynamically add nova metadata to the servers based on the output of service profiles that implement the metadata_settings key in the role_data output for the profiles. One can set an implementation via the OS::TripleO::ServerMetadataHook resource, which currently is set as OS::Heat::None. So, because of the default implementation, if left untouched it actually does nothing. Currently, besides the list, which is metadata_settings, this hook also takes the name of the node that it's setting the metadata for. This is useful for nova vendordata plugins that can parse said metadata. Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
2016-12-21Add a per service bootstrap node variableMichele Baldessari1-0/+8
In order to call commands that need to be run on a single node, we create a new per-service variable that will contain the first node of each role containing the service. Change-Id: I03e8685f939e8ae1fcd8b16883b559615042505d Partial-Bug: #1615983
2016-12-20Merge "Run upgrade steps before post-deploy config"Jenkins1-8/+7
2016-12-19Run upgrade steps before post-deploy configSteven Hardy1-8/+7
For some upgrade scenarios, e.g all-in-one deployments, it may be possible to run the upgrade steps, then apply puppet in one stack update, so reverse the order here. For normal deployments the upgrade steps are mapped to OS::Heat::None so this will have no effect. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
2016-12-11Add a type for the ControlVirtualIP resourceDan Prince1-1/+1
This patch adds a new type called: OS::TripleO::Network::Ports::ControlPlaneVipPort This defaults to a normal OS::Neutron::Port object but can be mocked out for some implementations like when installing the undercloud where neutron doesn't exist. Change-Id: Iebf2428432a98a9d789b206ce973599adbc0af8f
2016-12-01Merge "Initial support for composable upgrades with Heat+Ansible"Jenkins1-0/+21
2016-12-01Initial support for composable upgrades with Heat+AnsibleSteven Hardy1-0/+21
This shows how we could wire in the upgrade steps using Ansible as was previously proposed e.g in https://review.openstack.org/#/c/321416/ but it's more closely integrated with the new composable services architecture. It's also very similar to the approach taken by SpinalStack where ansible snippets per-service were combined then run in a series of steps using Ansible tags. This patch just enables upgrade of keystone - we'll add support for other patches in subsequent patches. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
2016-11-30Configure /etc/hosts via os-collect-config scriptDan Prince1-3/+3
This patch moves the t-i-e element code for hosts configuration into a t-h-t shell script that gets driven by a os-collect-config script hook. This helps accomplish several goals: - moves us away from t-i-e - gives us better signal handling in the error case (where the previous element relied on 99-refresh-completed - Allows the t-h-t undercloud installer to more easily consume this since it doesn't rely on the old os-apply-config metadata (which that installer doesn't support). Change-Id: I73c3d4818ef531a3559fab272521f44519e2f486
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince1-27/+50
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-22Containerized Services for Composable RolesIan Main1-1/+1
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-16Correct AllNodesDeploySteps depends_onSteven Hardy1-1/+1
This is wrong atm, it should loop to create a list for the depends_on not multiple depends_on statements. Note this was first corrected in https://review.openstack.org/#/c/330659/ but we need it as a standalone patch that can be backported. Change-Id: I4d1d6346f2147e573fc0900038f1ad1d782e75ee Closes-Bug: #1642069
2016-11-10Merge "Removes deprecated overcloud VIP outputs"Jenkins1-54/+0
2016-11-10Select bootstrap node by list index not nameSteven Hardy1-2/+13
Modify the syntax used to access the ResourceGroup attributes so we always select the first node from the group, e.g even if the node named "0" in the ResourceGroup nested stack has been removed due to the removal policy. Change-Id: I8b1c9538976a1518b220187a0034ad41a738d5a6 Closes-Bug: #1640449
2016-11-07Removes deprecated overcloud VIP outputsTim Rozet1-54/+0
These VIPs were previously used to create endpoints, but are no longer used. The one exception is KeystoneAdminVip, which is used by the python-client. Closes-Bug: 1639956 Change-Id: Iafdf37b6ee91806d683592a99e025a8de4c0ff20 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-11-07Move per role Services defaults into environment fileSteven Hardy1-1/+0
For parameter merge strategies to work we need to merge multiple environment files, which doesn't consider the defaults defined in the heat template. Moving where we define these defaults will enable the merge strategies applied when appending services to roles in environment files to work. Change-Id: I1ef1ad685c8a15308d051665c576a98b277f2496 Closes-Bug: #1635409
2016-11-01Merge "Add Barbican to the overcloud"Jenkins1-0/+3
2016-10-21Composable Mistral servicesBrad P. Crochet1-0/+3
Adds new puppet specific services for Mistral API and Mistral Engine. This submission enables the mistral service by default in the overcloud, a following submission will disable it and make it optional by enabling it on demand based in an environment file. Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f Depends-On: I942d419be951651e305d01460f394870c30a9878 Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af Implements: blueprint composable-services-within-roles Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
2016-10-19Add Barbican to the overcloudAde Lee1-0/+3
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
2016-10-14Ensure all HostsDeployments finish before puppetDan Prince1-1/+4
This makes sure that the Host settings for all deployments are finished before starting the AllNodesDeployments which execute puppet. Change-Id: Ibe604472255ce905ca2c1dca2a9b07a6f8f40e47 Related-bug: #1633565
2016-10-13Split out hosts config deploymentDan Prince1-7/+23
This patch moves the hosts configuration into its own deployment. It will continue to use os-apply-config as something that is required early on in the bootstrapping (it needs to be configured before puppet runs for example). The motivation here is so we can refactor all-nodes-config.yaml to use a new hiera hook that that avoids os-apply-config entirely. Change-Id: Ib3e4380f205358b27d22a1102b663cf300b1ed86 Partial-bug: #1596373
2016-10-07Merge "Add cloud names to hosts output"Jenkins1-1/+30
2016-10-07Add cloud names to hosts outputJuan Antonio Osorio Robles1-1/+30
Closes-Bug: #1631277 Change-Id: I126b3ed2afdf03ffabb7e57f8792b9f7ecc06a09
2016-10-07Serialize AllNodesDeployment and UpdateWorkflowSteven Hardy1-0/+4
Otherwise there may be a race between updating the hiera and running the UpdateWorkflow Change-Id: I22cd893e0db3df6d39504fbd61d7d9024cebb1c5 Related-Bug: 1631297
2016-10-06Merge "restore missing fluentd client functionality"Jenkins1-2/+18
2016-10-05restore missing fluentd client functionalityLars Kellogg-Stedman1-2/+18
in the great rebase following the JINJA ALL THE THINGS changes we lost critical functionality in the fluentd client service. This review restores the missing features. Change-Id: I7c23f16f81e75f3da6a24587b2eb8385b3e920a4 Closes-bug: 1630692
2016-10-05Select per-network hostnames for service_node_namesSteven Hardy1-0/+17
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ic6fec1057439ed9122d44ef294be890d3ff8a8ee Change-Id: I754c4a41d8a294a4c7c18bd282ae014efd4b9b16 Closes-Bug: #1628521
2016-09-30Make keystone api network hiera composableSteven Hardy1-2/+0
These hard-coded references to the Controller role mean that things won't work if the keystone service is moved to any other role, so we need to generate the lists dynamically based on the enabled services for each role. Change-Id: I5f1250a8a1a38cb3909feeb7d4c1000fd0fabd14 Closes-Bug: #1629096
2016-09-26Fix predictable placement indexingBen Nemec1-0/+14
As noted in the bug, predictable placement is broken right now because the %index% in the scheduler hint isn't being interpolated. This is because the parameter was moved from overcloud.yaml to the service-specific files, which doesn't provide the index value. Because the Compute role's parameter is named NovaCompute... we also have to include some backwards compatibility logic to handle the mismatch. Change-Id: Ibee2949fe4c6c707203d7250e2ce169c769b1dcd Closes-Bug: 1627858