summaryrefslogtreecommitdiffstats
path: root/puppet/role.role.j2.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-11-10Refactor cellv2 host discovery logic to avoid racesOliver Walsh1-0/+10
The compute service list is polled until all expected hosts are reported or a timeout occurs (600s). Adds a cellv2_discovery flag to puppet services. Used to generate a list of hosts that should have cellv2 host mappings. Adds a canonical fqdn and that should match the fqdn reported by a host. Adds the ability to upload a config script for docker config instead of using complex bash on-liners. Closes-bug: 1720821 Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0 (cherry picked from commit 61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
2017-11-02Add NetIpMap to hieradata for *ExtraConfig overridesSteven Hardy1-0/+2
To enable per-node override of bind IPs via the per-role ExtraConfig paramaters, we need to enable hiera interpolation that references the keys defined in NetIpMap, so we add them to the hieradata. To minimise the risk of any conflicts in keynames it's added near the bottom of the hierarchy, but I'm not aware of any conflicting names in our templates/modules. This will allow per-node hieradata override of bind IPs e.g: parameter_defaults: ComputeRack1ExtraConfig: nova::vncproxy::host: "%{hiera('rack1_internal_api')}" ComputeRack2ExtraConfig: nova::vncproxy::host: "%{hiera('rack2_internal_api')}" Closes-Bug: #1726884 Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad (cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
2017-09-02NetworkDeploymentActions shall be made role specificKarthik S1-1/+14
In case of an OSP upgrade, some of the roles may require the reconfiguration of network via os-net-config, especially with roles having DPDK nics. In order to facilitate this configuration per role, the THT parameter 'NetworkDeploymentActions' is made role specific. Change-Id: I17a1812cf9e1c60fb893bf36dc99ab3ec5fc7250 (cherry picked from commit 88711c3b800257f6b333157eb3dfc8f4e7003a46)
2017-08-31Move deprecated SchedulerHints logic to overcloud.j2.yamlSteven Hardy1-13/+2
The changes in puppet/role.role.j2.yaml should have been made to overcloud.j2.yaml, because we don't want the hard-coded reference to the deprecated name in the parent template. Note we need to pass this value from the parent template so the %index% substitution works, which is required for predictable placement via *SchedulerHints Partial-Bug: #1711656 Change-Id: Ided1802daac48d737f53caa7093df814ba101dd0 (cherry picked from commit c6207379db07544240b699ba000537b58d9fb68f)
2017-08-11Convert compute-role.yaml to role.role.j2.yamlSteven Hardy1-3/+27
Add some special-casing for backwards compatibility, such that the Compute role can be rendered via j2 for support of composable networks. Change-Id: Ieee446583f77bb9423609d444c576788cf930121 Partially-Implements: blueprint composable-networks
2017-08-11Convert controller-role.yaml to role.role.j2.yamlSteven Hardy1-75/+136
Add deprecated role-specific parameters to role definition, in order to special-case some parameters for backwards compatibility, such that the Controller role can be rendered via j2 for support of composable networks. Co-Authored By: Dan Sneddon <dsneddon@redhat.com> Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b Partially-Implements: blueprint composable-networks
2017-08-11Move HAProxy's public TLS logic from controller to service templateJuan Antonio Osorio Robles1-3/+0
This de-couples public TLS from controllers to now run wherever HAProxy is deployed. Partially-Implements: blueprint composable-networks Change-Id: I9e84a25a363899acf103015527787bdd8248949f
2017-08-02Make RoleParameters and key_name descriptions consistentBen Nemec1-1/+1
The key_name default is ignored because the parameter is used in some mutually exclusive environments where the default doesn't need to be the same. Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7 Partial-Bug: 1700664
2017-07-25Add NodeTLSData to generic role.role.j2.yamlSteven Hardy1-2/+29
This is currently included in the controller-role template, so we need to add it to the generic role.role.j2.yaml in order to convert the controller-role template to be rendered via j2 Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd Partially-Implements: blueprint composable-networks
2017-07-13Support deprecated controllerExtraConfig naming in role templateSteven Hardy1-1/+27
To enable backwards compatibility with rendering the controler-role template add this deprecated parameter for all roles - we should remove this in a future release after the tripleoclient warnings re deprecated parameters are available. Change-Id: Icce93a4109191609848ca216c946a32663753b93
2017-07-13Merge "Revert "Revert "Blacklist support for ExtraConfig"""Jenkins1-0/+17
2017-07-10Revert "Revert "Blacklist support for ExtraConfig""James Slagle1-0/+17
There is a Heat patch posted (via Depends-On) that resolves the issue that caused this to be reverted. This reverts the revert and we need to make sure all the upgrades jobs pass before we merge this patch. This reverts commit 69936229f4def703cd44ab164d8d1989c9fa37cb. Closes-Bug: #1699463 implements blueprint disable-deployments Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
2017-07-10Add DeployedServerEnvironmentOutputJames Slagle1-0/+39
Add a new output, DeployedServerEnvionmentOutput, that can be used as the contents of an environment file to input into a services only stack when using split-stack. The parameter simplifies the manual steps needed to deploy split-stack. By default, the resource that generates the output is mapped to OS::Heat::None. implements blueprint split-stack-default Change-Id: I6004cd3f56778f078a69a20e93a0eba0c574b3db
2017-07-05Modify generic role template to support custom networksSteven Hardy1-121/+34
Render all per-network resources and interfaces via j2 to enable future support for custom networks via network_data.yaml Note this doesn't enable custom networks for the built-in roles as we skip j2 rendering for them, this will be resolved by converting them to use the generic role template instead of the hard-coded ones listed in the j2_excludes.yaml. Depends-On: I18fa3829ff38ac200550d8e36bbe334c0005da22 Change-Id: I49565f9389f3ec9aef4861e23a3bed64a85501e6 Partially-Implements: blueprint composable-networks
2017-07-04Convert role templates to consume roles_data mapSteven Hardy1-94/+94
Currently we only consume the name with a special-case for the disable constraints boolean, but it will be more flexible if we consume the whole roles_data mapping for each role, so that e.g composable networks and other per-role customizations can be expressed in these templates Partially-Implements: blueprint composable-networks Depends-On: Id1249b78b3dd87e91d572ffa31b7a541f3cde2c7 Change-Id: I355534ec456479944f66106e957404a660d8f2d2
2017-06-27Re-enable default for RoleParametersBen Nemec1-0/+1
I471037de35e7f349d900462ec3ffb16fe2d6ebd9 accidentally removed the default from the RoleParameters parameter. This change just puts it back. Change-Id: I29b472897e07229715fc2fea3b55e90473eb0069
2017-06-27Merge "Enable DPDK on boot using PreNetworkConfig"Jenkins1-0/+1
2017-06-26Merge "Add DeploymentSwiftDataMap parameter"Jenkins1-0/+30
2017-06-26Merge "Add os-collect-config data as an output"Jenkins1-0/+3
2017-06-24Merge "Replace hardcoded 'br-ex' with NeutronPhysicalBridge parameter."Jenkins1-2/+6
2017-06-23Replace hardcoded 'br-ex' with NeutronPhysicalBridge parameter.Dan Sneddon1-2/+6
This change uses the NeutronPhysicalBridge parameter on all roles, rather than hard-coding the "br-ex" name. Previously, there were different parameters for controller and compute roles, but since we use a unified bridge name with OVS, this is unnecessary. Change-Id: I6d9189404fae67bcc33ddc2ba3ce1b0385dd989d Closes-bug: 1669130
2017-06-23Merge "Fix roles dict object' has no attribute 'lower' error"Jenkins1-1/+1
2017-06-23Enable DPDK on boot using PreNetworkConfigSaravanan KR1-0/+1
DPDK has to be enabled on openvswitch on the boot before configuring the network as when the network uses DPDK ports OvS should be ready to handle DPDK. Enabled DPDK via PreNetworkConfig by checking if ServiceNames contains DPDK service. Implements: blueprint ovs-2-6-dpdk Closes-Bug: #1654975 Depends-On: I83a540336c01a696780621fb2b39486a6abf0917 Change-Id: I7af4534d91e67c94ba559b78b9ac6a001e639db3
2017-06-22Merge "Revert "Blacklist support for ExtraConfig""Jenkins1-17/+0
2017-06-22Revert "Blacklist support for ExtraConfig"Alex Schultz1-17/+0
This reverts commit d6c0979eb3de79b8c3a79ea5798498f0241eb32d. This seems to be causing issues in Heat in upgrades. Change-Id: I379fb2133358ba9c3c989c98a2dd399ad064f706 Related-Bug: #1699463
2017-06-20Fix roles dict object' has no attribute 'lower' errorHarald Jensas1-1/+1
Change-Id: I4d6a8b53bf07892ba4ae2579f192dc21297ad110 Closes-Bug: #1699026
2017-06-19Merge "Blacklist support for ExtraConfig"Jenkins1-0/+17
2017-06-16Blacklist support for ExtraConfigJames Slagle1-0/+17
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for blacklisting servers from triggered Heat deployments. This commit adds that functionality to the remaining Deployments in tripleo-heat-templates for the ExtraConfig interfaces. Since we can not (should not) change the interface to ExtraConfig, Heat conditions are used on the actual <role>ExtraConfigPre and NodeExtraConfig resources instead of using the actions approach on Deployments. Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
2017-06-15Add DeploymentSwiftDataMap parameterJames Slagle1-0/+30
The DeploymentSwiftDataMap parameter is used to set the deployment_swift_data property on the Server resoures. The parameter is a map of role names and node indexes to Swift container and object names to be used for storing deployment data. The parameter allows for using predefined Swift objects for storing deployment data instead of container/object names with generated uuid's from Heat. implements blueprint split-stack-default Depends-On: Ia07e9374a4b95bd0e74fc47fb9df4bf6ad096715 Change-Id: I471037de35e7f349d900462ec3ffb16fe2d6ebd9
2017-06-15Add os-collect-config data as an outputJames Slagle1-0/+3
Adds a new output, ServerOsCollectConfigData, which is the os-collect-config configuration associated with each server resource. This can be used to [pre]configure the os-collect-config agents on deployed-server's. Having the data available as a stack output is more user friendly than having to query several nested levels of stack resources, and then inspect resource metadata. implements blueprint split-stack-default Change-Id: Iaf062f1a72e2a9e4d97f84c67f72408a6b5cebfc Depends-On: I8acfd67cd8138d587cc362184c84a08134bf3157
2017-06-15Update CloudDomain descriptionBen Nemec1-2/+2
First, this parameter must match what is configured on the undercloud, so strengthen that language. There is also now an undercloud.conf parameter that can be used to set the requisite options on the undercloud services, so just point users at that rather than trying to explain how to configure the services manually (which is error-prone and doesn't survive undercloud updates). Change-Id: I002cce176e3430473a29e79efde3464bddb24cc7
2017-06-15Merge "Modify PreNetworkConfig config inline with role-specific parameters"Jenkins1-0/+5
2017-06-13Add fqdn_externalAlex Schultz1-0/+1
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Modify PreNetworkConfig config inline with role-specific parametersSaravanan KR1-0/+5
Existing host_config_and_reboot.role.j2.yaml is done in ocata to configure kernel args. This can be enhanced with use of role-specific parameters, which is done in the current patch. The earlier method is deprecated and will be removed in Q releae. Implements: blueprint ovs-2-6-dpdk Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-08Merge "Use Deployment actions for blacklist"Jenkins1-4/+20
2017-06-07Use Deployment actions for blacklistJames Slagle1-4/+20
Instead of using the Heat condition directly on the Deployment resources, use it to set the action list to an empty list when the server is blacklisted. This has a couple advantages over the previous approach in that the actual resources are not deleted and recreated when servers are added and removed from the blacklist. Recreating the resources can be problematic, as it would then force the Deployments to re-run when a server is removed from the blacklist. That is likely not always desirable, especially in the case of NetworkDeloyment. Additionally, you will still see the resources for a blacklisted server in the stack, just with an empty set of actions. This has the benefit of preserving the history of the previous time the Deployment was triggered. implements blueprint disable-deployments Change-Id: I3d0263a6319ae4871b1ae11383ae838bd2540d36
2017-06-06Convert puppet and docker steps to ansibleSteven Hardy1-0/+1
Replace the multiple SoftwareDeployment resources with a common playbook that runs on all roles, consuming the configuration data written via the HostPrepAnsible tasks. This hopefully simplifies things, and will enable re-running the deploy steps for minor updates (we'll need some way to detect a container should be replaced, but that will be done via a follow-up patch). Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-05-31Server blacklist supportJames Slagle1-0/+19
Adds the ability to blacklist servers from all SoftwareDeployment resources. The servers are specified in a new list parameter, DeploymentServerBlacklist by the Heat assigned name (overcloud-compute-0, etc). implements blueprint disable-deployments Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
2017-05-19Update the template_version alias for all the templates to pike.Carlos Camacho1-1/+1
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-18Merge "Enable splay for os-collect-config"Jenkins1-0/+10
2017-05-01Enable splay for os-collect-configAlex Schultz1-0/+10
At scale, having the os-collect-config instances all check in at the same time can cause performance problems. This change enables splay and sets it to a default maximum random sleep of 30 seconds prior to the os-collect-config polling. Change-Id: Iab8b51f4e5fb4727b8aa7e081f5cbfcbf11f7fcb Depends-On: I88f623c9e8db9ed4a186918206a63faec8f7f673 Closes-Bug: #1677314
2017-04-20Merge "Pluggable server type per Role"Jenkins1-1/+1
2017-04-18Merge "SSH known_hosts config"Jenkins1-0/+37
2017-04-13SSH known_hosts configOliver Walsh1-0/+37
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-13Pluggable server type per RoleJames Slagle1-1/+1
The server resource type, OS::TripleO::Server can now be mapped per role instead of globally. This allows users to mix baremetal (OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server resources in the same deployment. blueprint pluggable-server-type-per-role Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
2017-04-01Add missing name properties on deloyment resourcesJames Slagle1-0/+1
Adds some missing name properties on deployment resources where they were lacking. It's convention in TripleO that all the deployment resources have the name property set. Change-Id: I6464b099e725f8469163c887676d56d769e2f9b1
2017-03-01Make UpdateDeployment depend on NetworkDeploymentSteven Hardy1-0/+1
Prior to https://review.openstack.org/#/c/271450/ os-net-config was applied via os-refresh-config directly, which meant that even though UpdateDeployment and NetworkDeployment can be created concurrently, we'd always do the os-net-config step first. However now that we apply both steps via scripts (which are both handled via the same heat-config hook) we should add an explicit dependency to ensure the network is always fully configured before attempting to run any update. This should avoid the risk of e.g running an update on initial deployment before the network connectivity to access yum repos is in place. Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7 Related-Bug: #1666227
2017-02-16Add Newton to Ocata UpgradeInitCommonCommandmarios1-1/+9
This adds the UpgradeInitCommonCommand for newton..ocata common UpgradeInit commands. This comes before the ansible upgrade steps so we need to do things like remove the old newton hieradata and install the ansible-pacemaker module and ansible heat-agent plugin This defaults to '' and is set in the major-upgrade-composable-steps and unset in the major-upgrade-converge environment files. Change-Id: I0c7a32194c0069b63a501a913c17907b47c9cc16
2017-01-04puppet/role.role.j2.yaml has invalid get_resource referenceDan Prince1-1/+1
Found this today when rebasing the undercloud installer. The puppet/role.role.j2.yaml Yaml has an invalid get_resource reference that causes a cryptic heat stack failures. Change-Id: Icfb7d73a1c4d02213b23a427605f2b0d5eaa984f
2017-01-04Merge "Add pre-network hook and example showing config-then-reboot"Jenkins1-0/+6