Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Enable redis TLS proxy in HA deployments" into stable/pike
[apex-tripleo-heat-templates.git] / common / deploy-steps.j2
1 # certain initialization steps (run in a container) will occur
2 # on the role marked as primary controller or the first role listed
3 {%- if enabled_roles is not defined -%}
4   # On upgrade certain roles can be disabled for operator driven upgrades
5   # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
6   {%- set enabled_roles = roles -%}
7 {%- endif -%}
8 {%- set primary_role = [enabled_roles[0]] -%}
9 {%- for role in enabled_roles -%}
10   {%- if 'primary' in role.tags and 'controller' in role.tags -%}
11     {%- set _ = primary_role.pop() -%}
12     {%- set _ = primary_role.append(role) -%}
13   {%- endif -%}
14 {%- endfor -%}
15 {%- set primary_role_name = primary_role[0].name -%}
16 # primary role is: {{primary_role_name}}
17 {% set deploy_steps_max = 6 -%}
18 {% set update_steps_max = 6 -%}
19 {% set upgrade_steps_max = 6 -%}
20
21 heat_template_version: pike
22
23 description: >
24   Post-deploy configuration steps via puppet for all roles,
25   as defined in ../roles_data.yaml
26
27 parameters:
28   servers:
29     type: json
30     description: Mapping of Role name e.g Controller to a list of servers
31   stack_name:
32     type: string
33     description: Name of the topmost stack
34   role_data:
35     type: json
36     description: Mapping of Role name e.g Controller to the per-role data
37   DeployIdentifier:
38     default: ''
39     type: string
40     description: >
41       Setting this to a unique value will re-run any deployment tasks which
42       perform configuration on a Heat stack-update.
43   EndpointMap:
44     default: {}
45     description: Mapping of service endpoint -> protocol. Typically set
46                  via parameter_defaults in the resource registry.
47     type: json
48   DockerPuppetDebug:
49     type: string
50     default: ''
51     description: Set to True to enable debug logging with docker-puppet.py
52   DockerPuppetProcessCount:
53     type: number
54     default: 3
55     description: Number of concurrent processes to use when running docker-puppet to generate config files.
56   ctlplane_service_ips:
57     type: json
58
59 conditions:
60 {% for step in range(1, deploy_steps_max) %}
61   WorkflowTasks_Step{{step}}_Enabled:
62     or:
63     {%- for role in enabled_roles %}
64       - not:
65           equals:
66             - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
67             - ''
68       - False
69     {%- endfor %}
70 {% endfor %}
71
72 resources:
73
74   RoleConfig:
75     type: OS::Heat::SoftwareConfig
76     properties:
77       group: ansible
78       options:
79         modulepath: /usr/share/ansible-modules
80       inputs:
81         - name: step
82         - name: role_name
83         - name: update_identifier
84         - name: bootstrap_server_id
85         - name: docker_puppet_debug
86         - name: docker_puppet_process_count
87       config:
88         str_replace:
89           template: |
90             - hosts: localhost
91               connection: local
92               tasks:
93               _TASKS
94           params:
95             _TASKS: {get_file: deploy-steps-tasks.yaml}
96
97 {%- for step in range(1, deploy_steps_max) %}
98 # BEGIN service_workflow_tasks handling
99   WorkflowTasks_Step{{step}}:
100     type: OS::Mistral::Workflow
101     condition: WorkflowTasks_Step{{step}}_Enabled
102     depends_on:
103     {%- if step == 1 %}
104     {%- for dep in enabled_roles %}
105       - {{dep.name}}PreConfig
106       - {{dep.name}}ArtifactsDeploy
107     {%- endfor %}
108     {%- else %}
109     {%- for dep in enabled_roles %}
110       - {{dep.name}}Deployment_Step{{step -1}}
111     {%- endfor %}
112     {%- endif %}
113     properties:
114       name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
115       type: direct
116       tasks:
117         yaql:
118           expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
119           data:
120           {%- for role in enabled_roles %}
121             - get_param: [role_data, {{role.name}}, service_workflow_tasks]
122           {%- endfor %}
123
124   WorkflowTasks_Step{{step}}_Execution:
125     type: OS::Mistral::ExternalResource
126     condition: WorkflowTasks_Step{{step}}_Enabled
127     depends_on: WorkflowTasks_Step{{step}}
128     properties:
129       actions:
130         CREATE:
131           workflow: { get_resource: WorkflowTasks_Step{{step}} }
132           params:
133             env:
134               service_ips: { get_param: ctlplane_service_ips }
135               role_merged_configs:
136                 {%- for r in roles %}
137                 {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
138                 {%- endfor %}
139             evaluate_env: false
140         UPDATE:
141           workflow: { get_resource: WorkflowTasks_Step{{step}} }
142           params:
143             env:
144               service_ips: { get_param: ctlplane_service_ips }
145               role_merged_configs:
146                 {%- for r in roles %}
147                 {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
148                 {%- endfor %}
149             evaluate_env: false
150       always_update: true
151 # END service_workflow_tasks handling
152 {% endfor %}
153
154 # Artifacts config and HostPrepConfig is done on all roles, not only
155 # enabled_roles, because on upgrade we need to write the json files
156 # for the operator driven upgrade scripts (the ansible steps consume them)
157 {% for role in roles %}
158   # Prepare host tasks for {{role.name}}
159   {{role.name}}ArtifactsConfig:
160     type: ../puppet/deploy-artifacts.yaml
161
162   {{role.name}}ArtifactsDeploy:
163     type: OS::Heat::StructuredDeploymentGroup
164     properties:
165       servers:  {get_param: [servers, {{role.name}}]}
166       config: {get_resource: {{role.name}}ArtifactsConfig}
167
168   {{role.name}}HostPrepConfig:
169     type: OS::Heat::SoftwareConfig
170     properties:
171       group: ansible
172       options:
173         modulepath: /usr/share/ansible-modules
174       config:
175         str_replace:
176           template: _PLAYBOOK
177           params:
178             _PLAYBOOK:
179               - hosts: localhost
180                 connection: local
181                 vars:
182                   puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
183                   docker_puppet_script: {get_file: ../docker/docker-puppet.py}
184                   docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
185                   docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
186                   kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
187                   bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
188                   puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]}
189                 tasks:
190                   # Join host_prep_tasks with the other per-host configuration
191                   list_concat:
192                     - {get_param: [role_data, {{role.name}}, host_prep_tasks]}
193                     -
194 {%- raw %}
195                       # Write the manifest for baremetal puppet configuration
196                       - name: Create /var/lib/tripleo-config directory
197                         file: path=/var/lib/tripleo-config state=directory
198                       - name: Write the puppet step_config manifest
199                         copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
200                       # this creates a JSON config file for our docker-puppet.py script
201                       - name: Create /var/lib/docker-puppet
202                         file: path=/var/lib/docker-puppet state=directory
203                       - name: Write docker-puppet-tasks json files
204                         copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
205                       # FIXME: can we move docker-puppet somewhere so it's installed via a package?
206                       - name: Write docker-puppet.py
207                         copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
208                       # Here we are dumping all the docker container startup configuration data
209                       # so that we can have access to how they are started outside of heat
210                       # and docker-cmd.  This lets us create command line tools to test containers.
211                       # FIXME do we need the docker-container-startup-configs.json or is the new per-step
212                       # data consumed by paunch enough?
213                       - name: Write docker-container-startup-configs
214                         copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
215                       - name: Write per-step docker-container-startup-configs
216                         copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
217                         with_dict: "{{docker_startup_configs}}"
218                       - name: Create /var/lib/kolla/config_files directory
219                         file: path=/var/lib/kolla/config_files state=directory
220                       - name: Write kolla config json files
221                         copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
222                         with_dict: "{{kolla_config}}"
223                       ########################################################
224                       # Bootstrap tasks, only performed on bootstrap_server_id
225                       ########################################################
226                       - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
227                         file:
228                           path: "{{item}}"
229                           state: absent
230                         with_fileglob:
231                           - /var/lib/docker-puppet/docker-puppet-tasks*.json
232                         when: deploy_server_id == bootstrap_server_id
233                       - name: Write docker-puppet-tasks json files
234                         copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
235                         with_dict: "{{docker_puppet_tasks}}"
236                         when: deploy_server_id == bootstrap_server_id
237 {%- endraw %}
238
239   {{role.name}}HostPrepDeployment:
240     type: OS::Heat::SoftwareDeploymentGroup
241     properties:
242       servers: {get_param: [servers, {{role.name}}]}
243       config: {get_resource: {{role.name}}HostPrepConfig}
244 {% endfor %}
245
246   # BEGIN CONFIG STEPS, only on enabled_roles
247 {%- for role in enabled_roles %}
248   {{role.name}}PreConfig:
249     type: OS::TripleO::Tasks::{{role.name}}PreConfig
250     depends_on: {{role.name}}HostPrepDeployment
251     properties:
252       servers: {get_param: [servers, {{role.name}}]}
253       input_values:
254         update_identifier: {get_param: DeployIdentifier}
255
256   # Deployment steps for {{role.name}}
257   # A single config is re-applied with an incrementing step number
258   {% for step in range(1, deploy_steps_max) %}
259   {{role.name}}Deployment_Step{{step}}:
260     type: OS::TripleO::DeploymentSteps
261     depends_on:
262       - WorkflowTasks_Step{{step}}_Execution
263     # TODO(gfidente): the following if/else condition
264     # replicates what is already defined for the
265     # WorkflowTasks_StepX resource and can be remove
266     # if https://bugs.launchpad.net/heat/+bug/1700569
267     # is fixed.
268     {%- if step == 1 %}
269     {%- for dep in enabled_roles %}
270       - {{dep.name}}PreConfig
271       - {{dep.name}}ArtifactsDeploy
272     {%- endfor %}
273     {%- else %}
274     {%- for dep in enabled_roles %}
275       - {{dep.name}}Deployment_Step{{step -1}}
276     {%- endfor %}
277     {%- endif %}
278     properties:
279       name: {{role.name}}Deployment_Step{{step}}
280       servers: {get_param: [servers, {{role.name}}]}
281       config: {get_resource: RoleConfig}
282       input_values:
283         step: {{step}}
284         role_name: {{role.name}}
285         update_identifier: {get_param: DeployIdentifier}
286         bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
287         docker_puppet_debug: {get_param: DockerPuppetDebug}
288         docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
289   {% endfor %}
290   # END CONFIG STEPS
291
292   # Note, this should be the last step to execute configuration changes.
293   # Ensure that all {{role.name}}ExtraConfigPost steps are executed
294   # after all the previous deployment steps.
295   {{role.name}}ExtraConfigPost:
296     depends_on:
297   {%- for dep in enabled_roles %}
298       - {{dep.name}}Deployment_Step5
299   {%- endfor %}
300     type: OS::TripleO::NodeExtraConfigPost
301     properties:
302         servers: {get_param: [servers, {{role.name}}]}
303
304   # The {{role.name}}PostConfig steps are in charge of
305   # quiescing all services, i.e. in the Controller case,
306   # we should run a full service reload.
307   {{role.name}}PostConfig:
308     type: OS::TripleO::Tasks::{{role.name}}PostConfig
309     depends_on:
310   {%- for dep in enabled_roles %}
311       - {{dep.name}}ExtraConfigPost
312   {%- endfor %}
313     properties:
314       servers:  {get_param: servers}
315       input_values:
316         update_identifier: {get_param: DeployIdentifier}
317
318
319 {% endfor %}
320
321 outputs:
322   RoleConfig:
323     description: Mapping of config data for all roles
324     value:
325       deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
326       deploy_steps_playbook: |
327         - hosts: overcloud
328           tasks:
329 {%- for role in roles %}
330             - include: {{role.name}}/host_prep_tasks.yaml
331               when: role_name == '{{role.name}}'
332 {%- endfor %}
333             - include: deploy_steps_tasks.yaml
334               with_sequence: start=0 end={{deploy_steps_max-1}}
335               loop_control:
336                 loop_var: step
337       update_steps_tasks: |
338 {%- for role in roles %}
339             - include: {{role.name}}/update_tasks.yaml
340               when: role_name == '{{role.name}}'
341 {%- endfor %}
342       update_steps_playbook: |
343         - hosts: overcloud
344           serial: 1
345           tasks:
346             - include: update_steps_tasks.yaml
347               with_sequence: start=0 end={{update_steps_max-1}}
348               loop_control:
349                 loop_var: step
350             - include: deploy_steps_tasks.yaml
351               with_sequence: start=0 end={{deploy_steps_max-1}}
352               loop_control:
353                 loop_var: step
354       upgrade_steps_tasks: |
355 {%- for role in roles %}
356             - include: {{role.name}}/upgrade_tasks.yaml
357               when: role_name == '{{role.name}}'
358 {%- endfor %}
359       upgrade_steps_playbook: |
360         - hosts: overcloud
361           tasks:
362             - include: upgrade_steps_tasks.yaml
363               with_sequence: start=0 end={{upgrade_steps_max-1}}
364               loop_control:
365                 loop_var: step
366             - include: deploy_steps_tasks.yaml
367               with_sequence: start=0 end={{deploy_steps_max-1}}
368               loop_control:
369                 loop_var: step
370