default: ''
description: A string containing a space separated list of IP addresses used to ping test each available network interface.
type: string
+ ValidateFqdn:
+ default: false
+ description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
+ type: boolean
resources:
AllNodesValidationsImpl:
inputs:
- name: ping_test_ips
default: {get_param: PingTestIps}
+ - name: validate_fqdn
+ default: {get_param: ValidateFqdn}
config: {get_file: ./validation-scripts/all-nodes.sh}
outputs:
description: >
Enable various Neutron plugins and backends
environments:
+ - file: environments/neutron-bgpvpn.yaml
+ title: Neutron BGPVPN Service Plugin
+ description: Enables Neutron BGPVPN Service Plugin
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-bigswitch.yaml
title: BigSwitch Extensions
description: >
description: Enables Neutron Nuage backend on the controller
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/neutron-opencontrail.yaml
- title: OpenContrail Extensions
- description: Enables OpenContrail extensions
- requires:
- - overcloud-resource-registry-puppet.yaml
- file: environments/neutron-opendaylight.yaml
title: OpenDaylight
description: Enables OpenDaylight
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/neutron-opendaylight-l3.yaml
- title: OpenDaylight with L3 DVR
- description: Enables OpenDaylight with L3 DVR
- requires:
- - overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ovs-dpdk.yaml
title: DPDK with OVS
description: Deploy DPDK with OVS
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Manage Firewall
- description:
- environments:
- - file: environments/manage-firewall.yaml
- title: Manage Firewall
- description:
- requires:
- - overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Keystone CADF auditing
+ description: Enable CADF notifications in Keystone for auditing
+ environments:
+ - file: environments/cadf.yaml
+ title: Keystone CADF auditing
config_image = service[3] or ''
volumes = service[4] if len(service) > 4 else []
+ if not manifest or not config_image:
+ continue
+
print('---------')
print('config_volume %s' % config_volume)
print('puppet_tags %s' % puppet_tags)
--- /dev/null
+# certain initialization steps (run in a container) will occur
+# on the first role listed in the roles file
+{% set primary_role_name = roles[0].name -%}
+
+heat_template_version: ocata
+
+description: >
+ Post-deploy configuration steps via puppet for all roles,
+ as defined in ../roles_data.yaml
+
+parameters:
+ servers:
+ type: json
+ description: Mapping of Role name e.g Controller to a list of servers
+ role_data:
+ type: json
+ description: Mapping of Role name e.g Controller to the per-role data
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ # These utility tasks use docker-puppet.py to execute tasks via puppet
+ # We only execute these on the first node in the primary role
+ {{primary_role_name}}DockerPuppetTasks:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ yaql:
+ expression:
+ dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
+ data:
+ docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
+
+# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
+{% for step in range(1, 6) %}
+
+ {{primary_role_name}}DockerPuppetJsonConfig{{step}}:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: json-file
+ config:
+ /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json:
+ {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']}
+
+ {{primary_role_name}}DockerPuppetJsonDeployment{{step}}:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ server: {get_param: [servers, {{primary_role_name}}, '0']}
+ config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}}
+
+ {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: docker-puppet.py}
+ inputs:
+ - name: CONFIG
+ - name: NET_HOST
+ - name: NO_ARCHIVE
+ - name: STEP
+
+ {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
+ type: OS::Heat::SoftwareDeployment
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step{{step}}
+ - {{dep.name}}ContainersDeployment_Step{{step}}
+ {% endfor %}
+ - {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
+ properties:
+ name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
+ server: {get_param: [servers, {{primary_role_name}}, '0']}
+ config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
+ input_values:
+ CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+ NET_HOST: 'true'
+ NO_ARCHIVE: 'true'
+ STEP: {{step}}
+
+{% endfor %}
+# END primary_role_name docker-puppet-tasks
+
+{% for role in roles %}
+ # Post deployment steps for all roles
+ # A single config is re-applied with an incrementing step number
+ # {{role.name}} Role steps
+ {{role.name}}ArtifactsConfig:
+ type: ../puppet/deploy-artifacts.yaml
+
+ {{role.name}}ArtifactsDeploy:
+ type: OS::Heat::StructuredDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}ArtifactsConfig}
+
+ {{role.name}}PreConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PreConfig
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}CreateConfigDir:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: create-config-dir.sh}
+
+ {{role.name}}CreateConfigDirDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}CreateConfigDir}
+
+ # this creates a JSON config file for our docker-puppet.py script
+ {{role.name}}GenPuppetConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: json-file
+ config:
+ /var/lib/docker-puppet/docker-puppet.json:
+ {get_param: [role_data, {{role.name}}, puppet_config]}
+
+ {{role.name}}GenPuppetDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}GenPuppetConfig}
+
+ {{role.name}}GenerateConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: docker-puppet.py}
+
+ {{role.name}}GenerateConfigDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment]
+ properties:
+ name: {{role.name}}GenerateConfigDeployment
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}GenerateConfig}
+
+ {{role.name}}PuppetStepConfig:
+ type: OS::Heat::Value
+ properties:
+ type: string
+ value:
+ yaql:
+ expression:
+ # select 'step_config' only from services that do not have a docker_config
+ $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n")
+ data:
+ service_names: {get_param: [role_data, {{role.name}}, service_names]}
+ step_config: {get_param: [role_data, {{role.name}}, step_config]}
+ docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
+
+ {{role.name}}DockerConfig:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ yaql:
+ expression:
+ # select 'docker_config' only from services that have it
+ $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ service_names: {get_param: [role_data, {{role.name}}, service_names]}
+ docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
+
+ # Here we are dumping all the docker container startup configuration data
+ # so that we can have access to how they are started outside of heat
+ # and docker-cmd. This lets us create command line tools to start and
+ # test these containers.
+ {{role.name}}DockerConfigJsonStartupData:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: json-file
+ config:
+ /var/lib/docker-container-startup-configs.json:
+ {get_attr: [{{role.name}}DockerConfig, value]}
+
+ {{role.name}}DockerConfigJsonStartupDataDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ config: {get_resource: {{role.name}}DockerConfigJsonStartupData}
+ servers: {get_param: [servers, {{role.name}}]}
+
+ {{role.name}}KollaJsonConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: json-file
+ config:
+ {get_param: [role_data, {{role.name}}, kolla_config]}
+
+ {{role.name}}KollaJsonDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ name: {{role.name}}KollaJsonDeployment
+ config: {get_resource: {{role.name}}KollaJsonConfig}
+ servers: {get_param: [servers, {{role.name}}]}
+
+ # BEGIN BAREMETAL CONFIG STEPS
+
+ {% if role.name == 'Controller' %}
+ ControllerPrePuppet:
+ type: OS::TripleO::Tasks::ControllerPrePuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
+ {{role.name}}Config:
+ type: OS::TripleO::{{role.name}}Config
+ properties:
+ StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
+
+ {% for step in range(1, 6) %}
+
+ {{role.name}}Deployment_Step{{step}}:
+ type: OS::Heat::StructuredDeploymentGroup
+ {% if step == 1 %}
+ depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
+ {% else %}
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step{{step -1}}
+ - {{dep.name}}ContainersDeployment_Step{{step -1}}
+ {% endfor %}
+ - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
+ {% endif %}
+ properties:
+ name: {{role.name}}Deployment_Step{{step}}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: {{step}}
+ update_identifier: {get_param: DeployIdentifier}
+
+ {% endfor %}
+ # END BAREMETAL CONFIG STEPS
+
+ # BEGIN CONTAINER CONFIG STEPS
+ {% for step in range(1, 6) %}
+
+ {{role.name}}ContainersConfig_Step{{step}}:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: docker-cmd
+ config:
+ {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
+
+ {{role.name}}ContainersDeployment_Step{{step}}:
+ type: OS::Heat::StructuredDeploymentGroup
+ {% if step == 1 %}
+ depends_on:
+ - {{role.name}}PreConfig
+ - {{role.name}}KollaJsonDeployment
+ - {{role.name}}GenPuppetDeployment
+ - {{role.name}}GenerateConfigDeployment
+ {% else %}
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}ContainersDeployment_Step{{step -1}}
+ - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
+ - {{dep.name}}Deployment_Step{{step -1}}
+ {% endfor %}
+ - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
+ {% endif %}
+ properties:
+ name: {{role.name}}ContainersDeployment_Step{{step}}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
+
+ {% endfor %}
+ # END CONTAINER CONFIG STEPS
+
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step5
+ - {{primary_role_name}}DockerPuppetTasksDeployment5
+ {% endfor %}
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ {{role.name}}ExtraConfigPost:
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}PostConfig
+ {% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPostPuppet:
+ depends_on:
+ - ControllerExtraConfigPost
+ type: OS::TripleO::Tasks::ControllerPostPuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
+{% endfor %}
#!/bin/bash
set -eux
-# TODO This would be better in puppet
+# This file contains setup steps that can't be or have not yet been moved to
+# puppet
-# TODO remove this when built image includes docker
-if [ ! -f "/usr/bin/docker" ]; then
- yum -y install docker
-fi
-
-# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
-# a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = "True" ]; then
- /usr/bin/systemctl stop docker.service
- # if namespace is used with local registry, trim all namespacing
- trim_var=$docker_registry
- registry_host="${trim_var%%/*}"
- /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
-fi
-
-# enable and start docker
-/usr/bin/systemctl enable docker.service
-/usr/bin/systemctl start docker.service
-
-# Disable libvirtd
+# Disable libvirtd since it conflicts with nova_libvirt container
/usr/bin/systemctl disable libvirtd.service
/usr/bin/systemctl stop libvirtd.service
--- /dev/null
+# Note the include here is the same as post.j2.yaml but the data used at
+# # the time of rendering is different if any roles disable upgrades
+{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% include 'docker-steps.j2' %}
-# certain initialization steps (run in a container) will occur
-# on the first role listed in the roles file
-{% set primary_role_name = roles[0].name -%}
-
-heat_template_version: ocata
-
-description: >
- Post-deploy configuration steps via puppet for all roles,
- as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
-
-resources:
-
- # These utility tasks use docker-puppet.py to execute tasks via puppet
- # We only execute these on the first node in the primary role
- {{primary_role_name}}DockerPuppetTasks:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
- data:
- docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
-
-# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
-{% for step in range(1, 6) %}
-
- {{primary_role_name}}DockerPuppetJsonConfig{{step}}:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json:
- {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']}
-
- {{primary_role_name}}DockerPuppetJsonDeployment{{step}}:
- type: OS::Heat::SoftwareDeployment
- properties:
- server: {get_param: [servers, {{primary_role_name}}, '0']}
- config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}}
-
- {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: docker-puppet.py}
- inputs:
- - name: CONFIG
- - name: NET_HOST
- - name: NO_ARCHIVE
- - name: STEP
-
- {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
- type: OS::Heat::SoftwareDeployment
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step{{step}}
- - {{dep.name}}ContainersDeployment_Step{{step}}
- {% endfor %}
- - {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
- properties:
- name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
- server: {get_param: [servers, {{primary_role_name}}, '0']}
- config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
- input_values:
- CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
- NET_HOST: 'true'
- NO_ARCHIVE: 'true'
- STEP: {{step}}
-
-{% endfor %}
-# END primary_role_name docker-puppet-tasks
-
-{% for role in roles %}
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
- # {{role.name}} Role steps
- {{role.name}}ArtifactsConfig:
- type: ../puppet/deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}CreateConfigDir:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: create-config-dir.sh}
-
- {{role.name}}CreateConfigDirDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}CreateConfigDir}
-
- # this creates a JSON config file for our docker-puppet.py script
- {{role.name}}GenPuppetConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-puppet/docker-puppet.json:
- yaql:
- # select only services that have a non-null config_image with
- # a step_config as well
- expression:
- $.data.config_volume.zip($.data.puppet_tags, $.data.step_config, $.data.config_image).where($[3] != null and $[1] != null)
- data:
- config_volume: {get_param: [role_data, {{role.name}}, config_volume]}
- step_config: {get_param: [role_data, {{role.name}}, step_config]}
- puppet_tags: {get_param: [role_data, {{role.name}}, puppet_tags]}
- config_image: {get_param: [role_data, {{role.name}}, config_image]}
-
- {{role.name}}GenPuppetDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}GenPuppetConfig}
-
- {{role.name}}GenerateConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: docker-puppet.py}
-
- {{role.name}}GenerateConfigDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment]
- properties:
- name: {{role.name}}GenerateConfigDeployment
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}GenerateConfig}
-
- {{role.name}}PuppetStepConfig:
- type: OS::Heat::Value
- properties:
- type: string
- value:
- yaql:
- expression:
- # select 'step_config' only from services that do not have a docker_image
- $.data.service_names.zip($.data.step_config, $.data.docker_image).where($[2] = null).where($[1] != null).select($[1]).join("\n")
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- step_config: {get_param: [role_data, {{role.name}}, step_config]}
- docker_image: {get_param: [role_data, {{role.name}}, docker_image]}
-
- {{role.name}}DockerConfig:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- # select 'docker_config' only from services that have a docker_image
- $.data.service_names.zip($.data.docker_config, $.data.docker_image).where($[2] != null).select($[1]).reduce($1.mergeWith($2), {})
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
- docker_image: {get_param: [role_data, {{role.name}}, docker_image]}
-
- # Here we are dumping all the docker container startup configuration data
- # so that we can have access to how they are started outside of heat
- # and docker-cmd. This lets us create command line tools to start and
- # test these containers.
- {{role.name}}DockerConfigJsonStartupData:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-container-startup-configs.json:
- {get_attr: [{{role.name}}DockerConfig, value]}
-
- {{role.name}}DockerConfigJsonStartupDataDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: {{role.name}}DockerConfigJsonStartupData}
- servers: {get_param: [servers, {{role.name}}]}
-
- {{role.name}}KollaJsonConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- {get_param: [role_data, {{role.name}}, kolla_config]}
-
- {{role.name}}KollaJsonDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- name: {{role.name}}KollaJsonDeployment
- config: {get_resource: {{role.name}}KollaJsonConfig}
- servers: {get_param: [servers, {{role.name}}]}
-
- # BEGIN BAREMETAL CONFIG STEPS
-
- {% if role.name == 'Controller' %}
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
-
- {% for step in range(1, 6) %}
-
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step == 1 %}
- depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
- {% else %}
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- - {{dep.name}}ContainersDeployment_Step{{step -1}}
- {% endfor %}
- - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
- {% endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-
- {% endfor %}
- # END BAREMETAL CONFIG STEPS
-
- # BEGIN CONTAINER CONFIG STEPS
- {% for step in range(1, 6) %}
-
- {{role.name}}ContainersConfig_Step{{step}}:
- type: OS::Heat::StructuredConfig
- properties:
- group: docker-cmd
- config:
- {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
-
- {{role.name}}ContainersDeployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step == 1 %}
- depends_on:
- - {{role.name}}PreConfig
- - {{role.name}}KollaJsonDeployment
- - {{role.name}}GenPuppetDeployment
- - {{role.name}}GenerateConfigDeployment
- {% else %}
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}ContainersDeployment_Step{{step -1}}
- - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
- - {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
- {% endif %}
- properties:
- name: {{role.name}}ContainersDeployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
-
- {% endfor %}
- # END CONTAINER CONFIG STEPS
-
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step5
- - {{primary_role_name}}DockerPuppetTasksDeployment5
- {% endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}PostConfig
- {% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- {% if role.name == 'Controller' %}
- ControllerPostPuppet:
- depends_on:
- - ControllerExtraConfigPost
- type: OS::TripleO::Tasks::ControllerPostPuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
-{% endfor %}
+{% include 'docker-steps.j2' %}
the container itself at the /var/lib/kolla/config_files/config.json
location and drives how kolla's external config mechanisms work.
- * docker_image: The full name of the docker image that will be used.
-
* docker_config: Data that is passed to the docker-cmd hook to configure
a container, or step of containers at each step. See the available steps
below and the related docker-cmd hook documentation in the heat-agents
project.
- * puppet_tags: Puppet resource tag names that are used to generate config
- files with puppet. Only the named config resources are used to generate
- a config file. Any service that specifies tags will have the default
- tags of 'file,concat,file_line' appended to the setting.
- Example: keystone_config
-
- * config_volume: The name of the volume (directory) where config files
- will be generated for this service. Use this as the location to
- bind mount into the running Kolla container for configuration.
-
- * config_image: The name of the docker image that will be used for
- generating configuration files. This is often the same value as
- 'docker_image' above but some containers share a common set of
- config files which are generated in a common base container.
+ * puppet_config: This section is a nested set of key value pairs
+ that drive the creation of config files using puppet.
+ Required parameters include:
+
+ * puppet_tags: Puppet resource tag names that are used to generate config
+ files with puppet. Only the named config resources are used to generate
+ a config file. Any service that specifies tags will have the default
+ tags of 'file,concat,file_line' appended to the setting.
+ Example: keystone_config
+
+ * config_volume: The name of the volume (directory) where config files
+ will be generated for this service. Use this as the location to
+ bind mount into the running Kolla container for configuration.
+
+ * config_image: The name of the docker image that will be used for
+ generating configuration files. This is often the same container
+ that the runtime service uses. Some services share a common set of
+ config files which are generated in a common base container.
+
+ * step_config: This setting controls the manifest that is used to
+ create docker config files via puppet. The puppet tags below are
+ used along with this manifest to generate a config directory for
+ this container.
* docker_puppet_tasks: This section provides data to drive the
docker-puppet.py tool directly. The task is executed only once
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized aodh service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerAodhApiImage:
+ description: image
+ default: 'centos-binary-aodh-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ AodhApiPuppetBase:
+ type: ../../puppet/services/aodh-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the aodh API role.
+ value:
+ service_name: {get_attr: [AodhApiPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [AodhApiPuppetBase, role_data, config_settings]
+ - apache::default_vhost: false
+ step_config: &step_config
+ get_attr: [AodhApiPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: aodh
+ puppet_tags: aodh_api_paste_ini,aodh_config
+ step_config: *step_config
+ config_image: &aodh_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/aodh-api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - dest: /etc/aodh/aodh.conf
+ owner: aodh
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ - dest: /etc/httpd/conf.d/10-aodh_wsgi.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-aodh_wsgi.conf
+ - dest: /etc/httpd/conf/httpd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
+ - dest: /etc/httpd/conf/ports.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
+ - dest: /var/www/cgi-bin/aodh/app
+ owner: aodh
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/var/www/cgi-bin/aodh/app
+ docker_config:
+ step_3:
+ aodh-init-log:
+ start_order: 0
+ image: *aodh_image
+ user: root
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/aodh && chown aodh:aodh /var/log/aodh']
+ volumes:
+ - logs:/var/log
+ aodh_db_sync:
+ start_order: 1
+ image: *aodh_image
+ net: host
+ privileged: false
+ detach: false
+ volumes:
+ - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ command: /usr/bin/aodh-dbsync
+ step_4:
+ aodh-api:
+ image: *aodh_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Aodh Evaluator service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerAodhEvaluatorImage:
+ description: image
+ default: 'centos-binary-aodh-evaluator:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ AodhEvaluatorBase:
+ type: ../../puppet/services/aodh-evaluator.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh API role.
+ value:
+ service_name: {get_attr: [AodhEvaluatorBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [AodhEvaluatorBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [AodhEvaluatorBase, role_data, step_config]
+ service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: aodh
+ puppet_tags: aodh_config
+ step_config: *step_config
+ config_image: &aodh_evaluator_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/aodh-evaluator.json:
+ command: /usr/bin/aodh-evaluator
+ config_files:
+ - dest: /etc/aodh/aodh.conf
+ owner: aodh
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ docker_config:
+ step_4:
+ aodh_evaluator:
+ image: *aodh_evaluator_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Aodh Listener service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerAodhListenerImage:
+ description: image
+ default: 'centos-binary-aodh-listener:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ AodhListenerBase:
+ type: ../../puppet/services/aodh-listener.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh API role.
+ value:
+ service_name: {get_attr: [AodhListenerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [AodhListenerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [AodhListenerBase, role_data, step_config]
+ service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: aodh
+ puppet_tags: aodh_config
+ step_config: *step_config
+ config_image: &aodh_listener_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/aodh-listener.json:
+ command: /usr/bin/aodh-listener
+ config_files:
+ - dest: /etc/aodh/aodh.conf
+ owner: aodh
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ docker_config:
+ step_4:
+ aodh_listener:
+ image: *aodh_listener_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Aodh Notifier service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerAodhNotifierImage:
+ description: image
+ default: 'centos-binary-aodh-notifier:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ AodhNotifierBase:
+ type: ../../puppet/services/aodh-notifier.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh API role.
+ value:
+ service_name: {get_attr: [AodhNotifierBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [AodhNotifierBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [AodhNotifierBase, role_data, step_config]
+ service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: aodh
+ puppet_tags: aodh_config
+ step_config: *step_config
+ config_image: &aodh_notifier_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/aodh-notifier.json:
+ command: /usr/bin/aodh-notifier
+ config_files:
+ - dest: /etc/aodh/aodh.conf
+ owner: aodh
+ perm: '0640'
+ source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf
+ docker_config:
+ step_4:
+ aodh_notifier:
+ image: *aodh_notifier_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
map_merge:
- get_attr: [MongodbPuppetBase, role_data, config_settings]
- mongodb::server::fork: false
- step_config:
+ step_config: &step_config
list_join:
- "\n"
- - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }"
- {get_attr: [MongodbPuppetBase, role_data, step_config]}
- upgrade_tasks: {get_attr: [MongodbPuppetBase, role_data, upgrade_tasks]}
# BEGIN DOCKER SETTINGS #
- docker_image: &mongodb_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
- puppet_tags: file # set this even though file is the default
- config_volume: mongodb
- config_image: *mongodb_image
+ puppet_config:
+ config_volume: mongodb
+ puppet_tags: file # set this even though file is the default
+ step_config: *step_config
+ config_image: &mongodb_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
kolla_config:
/var/lib/kolla/config_files/mongodb.json:
command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
volumes:
- "mongodb:/var/lib/mongodb/"
- "logs:/var/log/kolla:ro"
+ upgrade_tasks:
+ - name: Stop and disable mongodb service
+ tags: step2
+ service: name=mongod state=stopped enabled=no
pid-file: /var/lib/mysql/mariadb.pid
mysqld_safe:
pid-file: /var/lib/mysql/mariadb.pid
- step_config:
+ step_config: &step_config
list_join:
- "\n"
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
- {get_attr: [MysqlPuppetBase, role_data, step_config]}
- upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]}
# BEGIN DOCKER SETTINGS #
- docker_image: &mysql_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
- puppet_tags: file # set this even though file is the default
- config_volume: mysql
- config_image: *mysql_image
+ puppet_config:
+ config_volume: mysql
+ puppet_tags: file # set this even though file is the default
+ step_config: *step_config
+ config_image: &mysql_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/bin/mysqld_safe
volumes:
- "mariadb:/var/lib/mysql/:ro"
- "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf
+ upgrade_tasks:
+ - name: Stop and disable mysql service
+ tags: step2
+ service: name=mariadb state=stopped enabled=no
map_merge:
- get_attr: [GlanceApiPuppetBase, role_data, config_settings]
- glance::api::sync_db: false
- step_config: {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [GlanceApiPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
- docker_image: &glance_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
- puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
- config_volume: glance_api
- config_image: *glance_image
+ puppet_config:
+ config_volume: glance_api
+ puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
+ step_config: *step_config
+ config_image: &glance_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
kolla_config:
/var/lib/kolla/config_files/glance-api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
volumes: *glance_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable glance_api service
+ tags: step2
+ service: name=openstack-glance-api state=stopped enabled=no
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
- step_config: {get_attr: [HeatBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [HeatBase, role_data, step_config]
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &heat_api_cfn_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
- puppet_tags: heat_config,file,concat,file_line
- config_volume: heat
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ puppet_config:
+ config_volume: heat
+ puppet_tags: heat_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
docker_config:
step_4:
heat_api_cfn:
- image: *heat_api_cfn_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
net: host
privileged: false
restart: always
- /dev:/dev
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable heat_api_cfn service
+ tags: step2
+ service: name=openstack-heat-api-cfn state=stopped enabled=no
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
- step_config: {get_attr: [HeatBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [HeatBase, role_data, step_config]
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &heat_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ]
- puppet_tags: heat_config,file,concat,file_line
- config_volume: heat
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ puppet_config:
+ config_volume: heat
+ puppet_tags: heat_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
kolla_config:
/var/lib/kolla/config_files/heat_api.json:
command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
docker_config:
step_4:
heat_api:
- image: *heat_api_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ]
net: host
privileged: false
restart: always
- /dev:/dev
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable heat_api service
+ tags: step2
+ service: name=openstack-heat-api state=stopped enabled=no
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
- step_config: {get_attr: [HeatBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [HeatBase, role_data, step_config]
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &heat_engine_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
- puppet_tags: heat_config,file,concat,file_line
- config_volume: heat
- config_image: *heat_engine_image
+ puppet_config:
+ config_volume: heat
+ puppet_tags: heat_config,file,concat,file_line
+ step_config: *step_config
+ config_image: &heat_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
kolla_config:
/var/lib/kolla/config_files/heat_engine.json:
command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable heat_engine service
+ tags: step2
+ service: name=openstack-heat-engine state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [IronicApiBase, role_data, config_settings]
- step_config: {get_attr: [IronicApiBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [IronicApiBase, role_data, step_config]
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &ironic_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
- puppet_tags: ironic_config
- config_volume: ironic
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ puppet_config:
+ config_volume: ironic
+ puppet_tags: ironic_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/ironic_api.json:
command: /usr/bin/ironic-api
docker_config:
step_3:
ironic_db_sync:
- image: *ironic_image
+ image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
net: host
privileged: false
detach: false
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ironic_api service
+ tags: step2
+ service: name=openstack-ironic-api state=stopped enabled=no
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
- step_config: {get_attr: [IronicConductorBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [IronicConductorBase, role_data, step_config]
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &ironic_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ]
- puppet_tags: ironic_config
- config_volume: ironic
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ puppet_config:
+ config_volume: ironic
+ puppet_tags: ironic_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
docker_config:
step_4:
ironic-init-dirs:
- image: *ironic_image
+ image: &ironic_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ]
user: root
command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot']
volumes:
- ironic:/var/lib/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ironic_conductor service
+ tags: step2
+ service: name=openstack-ironic-conductor state=stopped enabled=no
value:
service_name: ironic_pxe
config_settings: {}
- step_config: ''
+ step_config: &step_config ''
service_config_settings: {}
# BEGIN DOCKER SETTINGS
- docker_image: &ironic_pxe_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ]
- puppet_tags: ironic_config
- config_volume: ironic
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ puppet_config:
+ config_volume: ironic
+ puppet_tags: ironic_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/ironic_pxe_http.json:
command: /usr/sbin/httpd -DFOREGROUND
step_4:
ironic_pxe_tftp:
start_order: 90
- image: *ironic_pxe_image
+ image: &ironic_pxe_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ]
net: host
privileged: false
restart: always
map_merge:
- get_attr: [KeystoneBase, role_data, config_settings]
- apache::default_vhost: false
- step_config:
+ step_config: &step_config
list_join:
- "\n"
- - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
- {get_attr: [KeystoneBase, role_data, step_config]}
service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &keystone_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
- puppet_tags: keystone_config
- config_volume: keystone
- config_image: *keystone_image
+ puppet_config:
+ config_volume: keystone
+ puppet_tags: keystone_config
+ step_config: *step_config
+ config_image: &keystone_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
kolla_config:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
start_order: 0
image: *keystone_image
user: root
- command: ['/bin/bash', '-c', 'mkdir /var/log/httpd && mkdir /var/log/keystone && chown keystone:keystone /var/log/keystone']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/keystone && chown keystone:keystone /var/log/keystone']
volumes:
- logs:/var/log
keystone_db_sync:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+ upgrade_tasks:
+ - name: Stop and disable keystone service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped enabled=no
value:
service_name: {get_attr: [MemcachedBase, role_data, service_name]}
config_settings: {get_attr: [MemcachedBase, role_data, config_settings]}
- step_config: {get_attr: [MemcachedBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [MemcachedBase, role_data, step_config]
service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &memcached_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ]
- puppet_tags: 'file'
- config_volume: 'memcached'
- config_image: *memcached_image
+ puppet_config:
+ config_volume: 'memcached'
+ puppet_tags: 'file'
+ step_config: *step_config
+ config_image: &memcached_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ]
kolla_config: {}
docker_config:
step_1:
command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable memcached service
+ tags: step2
+ service: name=memcached state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [MistralApiBase, role_data, config_settings]
- step_config: {get_attr: [MistralApiBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [MistralApiBase, role_data, step_config]
service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &mistral_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
- puppet_tags: mistral_config
- config_volume: mistral
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ puppet_config:
+ config_volume: mistral
+ puppet_tags: mistral_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/mistral_api.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
step_3:
mistral_db_sync:
start_order: 1
- image: *mistral_image
+ image: &mistral_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
net: host
privileged: false
detach: false
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable mistral_api service
+ tags: step2
+ service: name=openstack-mistral-api state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- step_config: {get_attr: [MistralBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [MistralBase, role_data, step_config]
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &mistral_engine_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ]
- puppet_tags: mistral_config
- config_volume: mistral
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ puppet_config:
+ config_volume: mistral
+ puppet_tags: mistral_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/mistral_engine.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
docker_config:
step_4:
mistral_engine:
- image: *mistral_engine_image
+ image: &mistral_engine_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ]
net: host
privileged: false
restart: always
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable mistral_engine service
+ tags: step2
+ service: name=openstack-mistral-engine state=stopped enabled=no
+
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- step_config: {get_attr: [MistralBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [MistralBase, role_data, step_config]
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &mistral_executor_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ]
- puppet_tags: mistral_config
- config_volume: mistral
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ puppet_config:
+ config_volume: mistral
+ puppet_tags: mistral_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
docker_config:
step_4:
mistral_executor:
- image: *mistral_executor_image
+ image: &mistral_executor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ]
net: host
privileged: false
restart: always
- /var/lib/config-data/nova/etc/nova:/etc/nova:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable mistral_executor service
+ tags: step2
+ service: name=openstack-mistral-executor state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NeutronBase, role_data, step_config]
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &neutron_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
- puppet_tags: neutron_config,neutron_api_config
- config_volume: neutron
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ puppet_config:
+ config_volume: neutron
+ puppet_tags: neutron_config,neutron_api_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/neutron_api.json:
command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
docker_config:
step_3:
neutron_db_sync:
- image: *neutron_api_image
+ image: &neutron_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
net: host
privileged: false
detach: false
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable neutron_api service
+ tags: step2
+ service: name=neutron-server state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NeutronBase, role_data, step_config]
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &neutron_dhcp_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
- puppet_tags: neutron_config,neutron_dhcp_agent_config
- config_volume: neutron
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ puppet_config:
+ config_volume: neutron
+ puppet_tags: neutron_config,neutron_dhcp_agent_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/neutron_dhcp.json:
command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
docker_config:
step_4:
neutron_dhcp:
- image: *neutron_dhcp_image
+ image: &neutron_dhcp_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
net: host
pid: host
privileged: true
- /run/:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable neutron_dhcp service
+ tags: step2
+ service: name=neutron-dhcp-agent state=stopped enabled=no
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack containerized Neutron L3 agent
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronL3AgentImage:
+ description: image
+ default: 'centos-binary-neutron-l3-agent:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-openvswitch-agent:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronL3Base:
+ type: ../../puppet/services/neutron-l3.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for Neutron L3 agent
+ value:
+ service_name: {get_attr: [NeutronL3Base, role_data, service_name]}
+ config_settings: {get_attr: [NeutronL3Base, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NeutronL3Base, role_data, step_config]
+ puppet_config:
+ puppet_tags: neutron_config,neutron_l3_agent_config
+ config_volume: neutron
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron-l3-agent.json:
+ command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf
+ - dest: /etc/neutron/l3_agent.ini
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/neutron/l3_agent.ini
+ docker_config:
+ step_4:
+ neutronl3agent:
+ image: &neutron_l3_agent_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ]
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
value:
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]}
- step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]}
- docker_image: &neutron_ovs_agent_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
- puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
- config_volume: neutron
- config_image: *neutron_ovs_agent_image
+ step_config: &step_config
+ get_attr: [NeutronOvsAgentBase, role_data, step_config]
+ puppet_config:
+ config_volume: neutron
+ puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
+ step_config: *step_config
+ config_image: &neutron_ovs_agent_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
kolla_config:
/var/lib/kolla/config_files/neutron-openvswitch-agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
- /run:/run
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable neutron_ovs_agent service
+ tags: step2
+ service: name=neutron-openvswitch-agent state=stopped enabled=no
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- step_config: {get_attr: [NeutronBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NeutronBase, role_data, step_config]
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &docker_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
- puppet_tags: ''
- config_volume: 'neutron'
- config_image: *docker_image
+ puppet_config:
+ config_volume: 'neutron'
+ puppet_tags: ''
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config: {}
docker_config: {}
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
- step_config: {get_attr: [NovaApiBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NovaApiBase, role_data, step_config]
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &nova_api_image
- list_join:
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
- '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
- puppet_tags: nova_config
- config_volume: nova
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/bin/nova-api
step_3:
nova_api_db_sync:
start_order: 1
- image: *nova_api_image
+ image: &nova_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
net: host
detach: false
volumes: &nova_api_volumes
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ nova_api_discover_hosts:
+ start_order: 3
+ image: *nova_api_image
+ net: host
+ detach: false
+ volumes: *nova_api_volumes
+ command:
+ - '/usr/bin/nova-manage'
+ - 'cell_v2'
+ - 'discover_hosts'
+ upgrade_tasks:
+ - name: Stop and disable nova_api service
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]}
- step_config: {get_attr: [NovaComputeBase, role_data, step_config]}
- puppet_tags: nova_config,nova_paste_api_ini
- docker_image: &nova_compute_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
- config_volume: nova_libvirt
- config_image: *nova_compute_image
+ step_config: &step_config
+ get_attr: [NovaComputeBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova_libvirt
+ puppet_tags: nova_config,nova_paste_api_ini
+ step_config: *step_config
+ config_image: &nova_compute_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
/var/lib/kolla/config_files/nova-compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
value:
service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]}
- step_config: {get_attr: [NovaConductorBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NovaConductorBase, role_data, step_config]
service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &nova_conductor_image
- list_join:
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
- '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ]
- puppet_tags: nova_config
- config_volume: nova
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_conductor.json:
command: /usr/bin/nova-conductor
docker_config:
step_4:
nova_conductor:
- image: *nova_conductor_image
+ image: &nova_conductor_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ]
net: host
privileged: false
restart: always
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable nova_conductor service
+ tags: step2
+ service: name=openstack-nova-conductor state=stopped enabled=no
value:
service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
- step_config: {get_attr: [NovaIronicBase, role_data, step_config]}
- puppet_tags: nova_config,nova_paste_api_ini
- docker_image: &nova_ironic_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
- config_volume: nova
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ step_config: &step_config
+ get_attr: [NovaIronicBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config,nova_paste_api_ini
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_ironic.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
docker_config:
step_5:
novacompute:
- image: *nova_ironic_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
net: host
privileged: true
user: root
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]}
- step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]}
- docker_image: &libvirt_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ]
- puppet_tags: nova_config
- config_volume: nova_libvirt
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
+ step_config: &step_config
+ get_attr: [NovaLibvirtBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova_libvirt
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
/var/lib/kolla/config_files/nova-libvirt.json:
command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
docker_config:
step_3:
nova_libvirt:
- image: *libvirt_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ]
net: host
pid: host
privileged: true
config_settings:
map_merge:
- get_attr: [NovaMetadataBase, role_data, config_settings]
- step_config: {get_attr: [NovaMetadataBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NovaMetadataBase, role_data, step_config]
service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: ''
- puppet_tags: ''
- config_volume: ''
- config_image: ''
+ puppet_config:
+ config_volume: ''
+ puppet_tags: ''
+ step_config: *step_config
+ config_image: ''
kolla_config: {}
docker_config: {}
map_merge:
- get_attr: [NovaPlacementBase, role_data, config_settings]
- apache::default_vhost: false
- step_config: {get_attr: [NovaPlacementBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NovaPlacementBase, role_data, step_config]
service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &nova_placement_image
- list_join:
+ puppet_config:
+ config_volume: nova_placement
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
- puppet_tags: nova_config
- config_volume: nova_placement
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_placement.json:
command: /usr/sbin/httpd -DFOREGROUND
owner: root
perm: '0644'
source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf
+ # puppet generates a stubbed out version of the stock one so we
+ # copy it in to overwrite the existing one
+ - dest: /etc/httpd/conf.d/00-nova-placement-api.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/00-nova-placement-api.conf
- dest: /etc/httpd/conf/httpd.conf
owner: root
perm: '0644'
step_3:
nova_placement:
start_order: 1
- image: *nova_placement_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
net: host
user: root
restart: always
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable nova_placement service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped enabled=no
value:
service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]}
- step_config: {get_attr: [NovaSchedulerBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [NovaSchedulerBase, role_data, step_config]
service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &nova_scheduler_image
- list_join:
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
- '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
- puppet_tags: nova_config
- config_volume: nova
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_scheduler.json:
command: /usr/bin/nova-scheduler
docker_config:
step_4:
nova_scheduler:
- image: *nova_scheduler_image
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
net: host
privileged: false
restart: always
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable nova_scheduler service
+ tags: step2
+ service: name=openstack-nova-scheduler state=stopped enabled=no
value:
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]}
- step_config: {get_attr: [RabbitmqBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &rabbitmq_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
- puppet_tags: file
- config_volume: rabbitmq
- config_image: *rabbitmq_image
+ puppet_config:
+ config_volume: rabbitmq
+ puppet_tags: file
+ step_config: *step_config
+ config_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/lib/rabbitmq/bin/rabbitmq-server
- rabbitmq:/var/lib/rabbitmq/
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server state=stopped enabled=no
{get_attr: [PuppetServices, role_data, global_config_settings]}
step_config:
{get_attr: [ServiceChain, role_data, step_config]}
- docker_image: {get_attr: [ServiceChain, role_data, docker_image]}
- puppet_tags: {get_attr: [ServiceChain, role_data, puppet_tags]}
- config_volume: {get_attr: [ServiceChain, role_data, config_volume]}
- config_image: {get_attr: [ServiceChain, role_data, config_image]}
+ puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]}
kolla_config:
map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
docker_config:
{get_attr: [ServiceChain, role_data, docker_config]}
docker_puppet_tasks:
{get_attr: [ServiceChain, role_data, docker_puppet_tasks]}
+ upgrade_tasks:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+ upgrade_batch_tasks:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
value:
service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
- step_config: {get_attr: [SwiftProxyBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [SwiftProxyBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &swift_proxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
- puppet_tags: swift_proxy_config
- config_volume: swift
- config_image: *swift_proxy_image
+ puppet_config:
+ config_volume: swift
+ puppet_tags: swift_proxy_config
+ step_config: *step_config
+ config_image: &swift_proxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
kolla_config:
/var/lib/kolla/config_files/swift_proxy.json:
command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
- /dev:/dev
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable swift_proxy service
+ tags: step2
+ service: name=openstack-swift-proxy state=stopped enabled=no
value:
service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
- step_config: {get_attr: [SwiftRingbuilderBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [SwiftRingbuilderBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
- puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
# BEGIN DOCKER SETTINGS
- docker_image: &docker_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
- config_volume: 'swift'
- config_image: *docker_image
+ puppet_config:
+ config_volume: 'swift'
+ puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
kolla_config: {}
docker_config: {}
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
- step_config: {get_attr: [SwiftStorageBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [SwiftStorageBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &swift_proxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
- puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config
- config_volume: swift
- config_image: *swift_proxy_image
+ puppet_config:
+ config_volume: swift
+ puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
kolla_config:
/var/lib/kolla/config_files/swift_account_auditor.json:
command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf
- swift-srv:/srv
- /dev:/dev
environment: *kolla_env
+ upgrade_tasks:
+ - name: Stop and disable swift storage services
+ tags: step2
+ service: name={{ item }} state=stopped enabled=no
+ with_items:
+ - openstack-swift-account-auditor
+ - openstack-swift-account-reaper
+ - openstack-swift-account-replicator
+ - openstack-swift-account
+ - openstack-swift-container-auditor
+ - openstack-swift-container-replicator
+ - openstack-swift-container-updater
+ - openstack-swift-container
+ - openstack-swift-object-auditor
+ - openstack-swift-object-replicator
+ - openstack-swift-object-updater
+ - openstack-swift-object
value:
service_name: {get_attr: [ZaqarBase, role_data, service_name]}
config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
- step_config: {get_attr: [ZaqarBase, role_data, step_config]}
+ step_config: &step_config
+ get_attr: [ZaqarBase, role_data, step_config]
service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- docker_image: &zaqar_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
- puppet_tags: zaqar_config
- config_volume: zaqar
- config_image: *zaqar_image
+ puppet_config:
+ config_volume: zaqar
+ puppet_tags: zaqar_config
+ step_config: *step_config
+ config_image: &zaqar_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable zaqar service
+ tags: step2
+ service: name=openstack-zaqar.service state=stopped enabled=no
+
--- /dev/null
+parameter_defaults:
+ KeystoneNotificationFormat: cadf
resource_registry:
- OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ # This can be used when you don't want to run puppet on the host,
+ # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
+ # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+ # The compute node still needs extra initialization steps
+ OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
#NOTE (dprince) add roles to be docker enabled as we support them
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
- # FIXME: these need to go into a environments/services-docker dir?
- OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
- OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
- OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
- OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+ OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
- OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml
- OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml
- OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml
- OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
+ OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
+ OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
+ OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
+
OS::TripleO::PostDeploySteps: ../docker/post.yaml
+ OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
+
OS::TripleO::Services: ../docker/services/services.yaml
parameter_defaults:
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
+ RabbitClientUseSSL: true
# Required for novajoin to enroll the overcloud nodes
ServerMetadata:
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
+ OS::TripleO::Services::RabbitMQTLS: ../puppet/services/rabbitmq-internal-tls-certmonger.yaml
+
# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
--- /dev/null
+resource_registry:
+ # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to
+ # enable docker specific logic, or is just overridding PostUpgradeSteps
+ # enough (as we want to share the ansible tasks steps etc)
+ OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+parameter_defaults:
+ UpgradeLevelNovaCompute: auto
+ UpgradeInitCommonCommand: |
+ #!/bin/bash
+ # Ocata to Pike, put any needed host-level workarounds here
--- /dev/null
+# Use this to reset any mappings only used for upgrades after the
+# update of all nodes is completed
+resource_registry:
+ OS::TripleO::PostDeploySteps: ../docker/post.yaml
+parameter_defaults:
+ UpgradeLevelNovaCompute: ''
+ UpgradeInitCommonCommand: ''
--- /dev/null
+# A Heat environment file that can be used to deploy Neutron BGPVPN service
+#
+# Currently there are four types of service provider for Neutron BGPVPN
+# The default option is a dummy driver that allows to enable the API.
+# In order to enable other backend, replace the content of BgpvpnServiceProvider
+#
+# - Bagpipe: BGPVPN:BaGPipe:networking_bgpvpn.neutron.services.service_drivers.bagpipe.bagpipe.BaGPipeBGPVPNDriver:default
+# - OpenContrail: BGPVPN:OpenContrail:networking_bgpvpn.neutron.services.service_drivers.opencontrail.opencontrail.OpenContrailBGPVPNDriver:default
+# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+# - Nuage: BGPVPN:Nuage:nuage_neutron.bgpvpn.services.service_drivers.driver.NuageBGPVPNDriver:default
+resource_registry:
+ OS::TripleO::Services::NeutronBgpvpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: 'networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+ BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::IronicApi: ../../docker/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
+ OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
+ OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml
+ OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
# https://bugzilla.redhat.com/show_bug.cgi?id=1341968
#
# The default is to determine automatically if upgrade is needed based
-# on mysql package versionning, but this can be overriden manually
+# on mysql package versioning, but this can be overridden manually
# to support specific upgrade scenario
# Calling this function will set the DO_MYSQL_UPGRADE variable which is used
# We need to ensure at least those two configuration settings, otherwise
# mariadb 10.1+ won't activate galera replication.
# wsrep_cluster_address must only be set though, its value does not
-# matter because it's overriden by the galera resource agent.
+# matter because it's overridden by the galera resource agent.
cat >> /etc/my.cnf.d/galera.cnf <<EOF
[mysqld]
wsrep_on = ON
crudini --set /etc/nova/nova.conf upgrade_levels compute auto
fi
-$(declare -f special_case_ovs_upgrade_if_needed)
-special_case_ovs_upgrade_if_needed
-
-yum -y install python-zaqarclient # needed for os-collect-config
if [[ -n \$SWIFT_STORAGE ]]; then
systemctl_swift stop
fi
+
yum -y update
+
if [[ -n \$SWIFT_STORAGE ]]; then
systemctl_swift start
fi
# Due to bug#1640177 we need to restart compute agent
if [[ -n \$NOVA_COMPUTE ]]; then
- echo "Restarting openstack ceilometer agent compute"
+ log_debug "Restarting openstack ceilometer agent compute"
systemctl restart openstack-ceilometer-compute
fi
# Apply puppet manifest to converge just right after the ${ROLE} upgrade
$(declare -f run_puppet)
for step in 1 2 3 4 5 6; do
+ log_debug "Running puppet step \$step for ${ROLE}"
if ! run_puppet /root/${ROLE}_puppet_config.pp ${ROLE} \${step}; then
- echo "Puppet failure at step \${step}"
+ log_debug "Puppet failure at step \${step}"
exit 1
fi
+ log_debug "Completed puppet step \$step"
done
+
+log_debug "TripleO upgrade run completed."
+
ENDOFCAT
# ensure the permissions are OK
exit 0
fi
-pacemaker_status=$(systemctl is-active pacemaker || :)
+pacemaker_status=""
+if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then
+ pacemaker_status=$(systemctl is-active pacemaker)
+fi
# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455
# and https://bugs.launchpad.net/tripleo/+bug/1634851
fi
fi
-# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205
-special_case_ovs_upgrade_if_needed
-
if [[ "$pacemaker_status" == "active" ]] ; then
echo "Pacemaker running, stopping cluster node and doing full package update"
node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*")
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
OS::TripleO::Services::MySQLTLS: OS::Heat::None
+ OS::TripleO::Services::NeutronBgpvpnApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
+ OS::TripleO::Services::RabbitMQTLS: OS::Heat::None
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
+ OS::TripleO::Services::Docker: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
--- /dev/null
+version: 1.0\r
+\r
+template: overcloud.yaml\r
+environments:\r
+- path: overcloud-resource-registry-puppet.yaml\r
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: CephStorage}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
NetworkMidoNetConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- midonet_data:
- mapped_data:
- enable_zookeeper_on_controller: {get_param: EnableZookeeperOnController}
- enable_cassandra_on_controller: {get_param: EnableCassandraOnController}
- midonet_tunnelzone_name: {get_param: TunnelZoneName}
- midonet_tunnelzone_type: {get_param: TunnelZoneType}
- midonet_libvirt_qemu_data: |
- user = "root"
- group = "root"
- cgroup_device_acl = [
- "/dev/null", "/dev/full", "/dev/zero",
- "/dev/random", "/dev/urandom",
- "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
- "/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
- "/dev/net/tun"
- ]
- tripleo::cluster::cassandra::storage_port: {get_param: CassandraStoragePort}
- tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort}
- tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort}
- tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift}
- tripleo::haproxy::midonet_api: true
- # Missed Neutron Puppet data
- neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver'
- neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver'
- neutron::plugins::midonet::midonet_api_port: 8081
- neutron::params::midonet_server_package: 'python-networking-midonet'
+ datafiles:
+ midonet_data:
+ mapped_data:
+ enable_zookeeper_on_controller: {get_param: EnableZookeeperOnController}
+ enable_cassandra_on_controller: {get_param: EnableCassandraOnController}
+ midonet_tunnelzone_name: {get_param: TunnelZoneName}
+ midonet_tunnelzone_type: {get_param: TunnelZoneType}
+ midonet_libvirt_qemu_data: |
+ user = "root"
+ group = "root"
+ cgroup_device_acl = [
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+ "/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
+ "/dev/net/tun"
+ ]
+ tripleo::cluster::cassandra::storage_port: {get_param: CassandraStoragePort}
+ tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort}
+ tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort}
+ tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift}
+ tripleo::haproxy::midonet_api: true
+ # Missed Neutron Puppet data
+ neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver'
+ neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver'
+ neutron::plugins::midonet::midonet_api_port: 8081
+ neutron::params::midonet_server_package: 'python-networking-midonet'
- # Make sure the l3 agent does not run
- l3_agent_service: false
- neutron::agents::l3::manage_service: false
- neutron::agents::l3::enabled: false
+ # Make sure the l3 agent does not run
+ l3_agent_service: false
+ neutron::agents::l3::manage_service: false
+ neutron::agents::l3::enabled: false
NetworkMidonetDeploymentControllers:
NetworkCiscoConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- neutron_cisco_data:
- mapped_data:
- neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip}
- neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username}
- neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password}
- neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list}
- neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs}
- neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig}
- neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork}
- neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix}
- neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin}
- neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix}
- neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig}
- neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime}
- neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount}
- neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate}
- neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk}
- neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig}
- neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks}
- neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges}
- neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges}
+ datafiles:
+ neutron_cisco_data:
+ mapped_data:
+ neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip}
+ neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username}
+ neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password}
+ neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list}
+ neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs}
+ neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig}
+ neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork}
+ neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix}
+ neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin}
+ neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix}
+ neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig}
+ neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime}
+ neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount}
+ neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate}
+ neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk}
+ neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig}
+ neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks}
+ neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges}
+ neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges}
NetworkCiscoDeployment:
type: OS::Heat::StructuredDeployments
NeutronBigswitchConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- neutron_bigswitch_data:
- mapped_data:
- neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
- neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
+ datafiles:
+ neutron_bigswitch_data:
+ mapped_data:
+ neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
+ neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
NeutronBigswitchDeployment:
type: OS::Heat::StructuredDeployment
NovaNuageConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- nova_nuage_data:
- mapped_data:
- nuage::vrs::active_controller: {get_input: ActiveController}
- nuage::vrs::standby_controller: {get_input: StandbyController}
- nuage::metadataagent::metadata_port: {get_input: MetadataPort}
- nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort}
- nuage::metadataagent::metadata_secret: {get_input: SharedSecret}
- nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion}
- nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername}
- nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs}
- nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType}
- nuage::metadataagent::nova_region_name: {get_input: NovaRegionName}
+ datafiles:
+ nova_nuage_data:
+ mapped_data:
+ nuage::vrs::active_controller: {get_input: ActiveController}
+ nuage::vrs::standby_controller: {get_input: StandbyController}
+ nuage::metadataagent::metadata_port: {get_input: MetadataPort}
+ nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort}
+ nuage::metadataagent::metadata_secret: {get_input: SharedSecret}
+ nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion}
+ nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername}
+ nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs}
+ nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType}
+ nuage::metadataagent::nova_region_name: {get_input: NovaRegionName}
NovaNuageDeployment:
type: OS::Heat::StructuredDeployment
CinderNetappConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- cinder_netapp_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend}
- cinder::backend::netapp::title: {get_input: NetappBackendName}
- cinder::backend::netapp::netapp_login: {get_input: NetappLogin}
- cinder::backend::netapp::netapp_password: {get_input: NetappPassword}
- cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname}
- cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort}
- cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier}
- cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily}
- cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol}
- cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType}
- cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler}
- cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList}
- cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver}
- cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName}
- cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares}
- cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig}
- cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions}
- cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath}
- cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps}
- cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword}
- cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools}
- cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType}
- cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath}
+ datafiles:
+ cinder_netapp_data:
+ mapped_data:
+ tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend}
+ cinder::backend::netapp::title: {get_input: NetappBackendName}
+ cinder::backend::netapp::netapp_login: {get_input: NetappLogin}
+ cinder::backend::netapp::netapp_password: {get_input: NetappPassword}
+ cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname}
+ cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort}
+ cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier}
+ cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily}
+ cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol}
+ cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType}
+ cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler}
+ cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList}
+ cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver}
+ cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName}
+ cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares}
+ cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig}
+ cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions}
+ cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath}
+ cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps}
+ cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword}
+ cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools}
+ cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType}
+ cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath}
CinderNetappDeployment:
type: OS::Heat::StructuredDeployment
NeutronBigswitchConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- neutron_bigswitch_data:
- mapped_data:
- neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers}
- neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth}
- neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure}
- neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval}
- neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id}
- neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl}
- neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory}
+ datafiles:
+ neutron_bigswitch_data:
+ mapped_data:
+ neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers}
+ neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth}
+ neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure}
+ neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval}
+ neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id}
+ neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl}
+ neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory}
NeutronBigswitchDeployment:
type: OS::Heat::StructuredDeployment
CiscoN1kvConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- cisco_n1kv_data:
- mapped_data:
- #enable_cisco_n1kv: {get_input: EnableCiscoN1kv}
- # VEM Parameters
- n1kv_vem_source: {get_input: n1kv_vem_source}
- n1kv_vem_version: {get_input: n1kv_vem_version}
- neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
- neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id}
- neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6}
- neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf}
- neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile}
- neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config}
- neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb}
- neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet}
- neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood}
- #VSM Parameter
- n1kv_vsm_source: {get_input: n1kv_vsm_source}
- n1kv_vsm_version: {get_input: n1kv_vsm_version}
- n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf}
- n1k_vsm::vsm_role: {get_input: n1kv_vsm_role}
- n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl}
- n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br}
- n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password}
- n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id}
- n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip}
- n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask}
- n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip}
- n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip}
- n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan}
- # Cisco N1KV driver Parameters
- neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
- neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username}
- neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password}
- neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration}
- neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size}
- neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout}
- neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval}
- neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries}
+ datafiles:
+ cisco_n1kv_data:
+ mapped_data:
+ #enable_cisco_n1kv: {get_input: EnableCiscoN1kv}
+ # VEM Parameters
+ n1kv_vem_source: {get_input: n1kv_vem_source}
+ n1kv_vem_version: {get_input: n1kv_vem_version}
+ neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
+ neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id}
+ neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6}
+ neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf}
+ neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile}
+ neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config}
+ neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb}
+ neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet}
+ neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood}
+ #VSM Parameter
+ n1kv_vsm_source: {get_input: n1kv_vsm_source}
+ n1kv_vsm_version: {get_input: n1kv_vsm_version}
+ n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf}
+ n1k_vsm::vsm_role: {get_input: n1kv_vsm_role}
+ n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl}
+ n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br}
+ n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password}
+ n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id}
+ n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip}
+ n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask}
+ n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip}
+ n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip}
+ n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan}
+ # Cisco N1KV driver Parameters
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password}
+ neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration}
+ neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size}
+ neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval}
+ neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries}
CiscoN1kvDeployment:
type: OS::Heat::StructuredDeployment
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: SwiftStorage}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: {{role}}}
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
aodh::rabbit_port: {get_param: RabbitClientPort}
aodh::keystone::authtoken::project_name: 'service'
+ aodh::keystone::authtoken::user_domain_name: 'Default'
+ aodh::keystone::authtoken::project_domain_name: 'Default'
aodh::keystone::authtoken::password: {get_param: AodhPassword}
- aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::auth::auth_region: 'regionOne'
step_config: |
include tripleo::profile::base::aodh::evaluator
upgrade_tasks:
+ - name: Check if aodh_evaluator is deployed
+ command: systemctl is-enabled openstack-aodh-evaluator
+ tags: common
+ ignore_errors: True
+ register: aodh_evaluator_enabled
- name: "PreUpgrade step0,validation: Check service openstack-aodh-evaluator is running"
shell: /usr/bin/systemctl show 'openstack-aodh-evaluator' --property ActiveState | grep '\bactive\b'
+ when: aodh_evaluator_enabled.rc == 0
tags: step0,validation
- name: Stop aodh_evaluator service
tags: step1
+ when: aodh_evaluator_enabled.rc == 0
service: name=openstack-aodh-evaluator state=stopped
step_config: |
include tripleo::profile::base::aodh::listener
upgrade_tasks:
+ - name: Check if aodh_listener is deployed
+ command: systemctl is-enabled openstack-aodh-listener
+ tags: common
+ ignore_errors: True
+ register: aodh_listener_enabled
- name: "PreUpgrade step0,validation: Check service openstack-aodh-listener is running"
shell: /usr/bin/systemctl show 'openstack-aodh-listener' --property ActiveState | grep '\bactive\b'
+ when: aodh_listener_enabled.rc == 0
tags: step0,validation
- name: Stop aodh_listener service
tags: step1
+ when: aodh_listener_enabled.rc == 0
service: name=openstack-aodh-listener state=stopped
step_config: |
include tripleo::profile::base::aodh::notifier
upgrade_tasks:
+ - name: Check if aodh_notifier is deployed
+ command: systemctl is-enabled openstack-aodh-notifier
+ tags: common
+ ignore_errors: True
+ register: aodh_notifier_enabled
- name: "PreUpgrade step0,validation: Check service openstack-aodh-notifier is running"
shell: /usr/bin/systemctl show 'openstack-aodh-notifier' --property ActiveState | grep '\bactive\b'
+ when: aodh_notifier_enabled.rc == 0
tags: step0,validation
- name: Stop aodh_notifier service
tags: step1
+ when: aodh_notifier_enabled.rc == 0
service: name=openstack-aodh-notifier state=stopped
for_each:
$NETWORK: {get_attr: [ApacheNetworks, value]}
upgrade_tasks:
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
- name: "PreUpgrade step0,validation: Check service httpd is running"
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+ when: httpd_enabled.rc == 0
tags: step0,validation
metadata_settings:
get_attr: [ApacheTLS, role_data, metadata_settings]
upgrade_tasks:
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
- name: "PreUpgrade step0,validation: Check service httpd is running"
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+ when: httpd_enabled.rc == 0
tags: step0,validation
upgrade_tasks:
- name: Check if auditd is deployed
command: systemctl is-enabled auditd
- tags: step0,validation
+ tags: common
ignore_errors: True
register: auditd_enabled
- name: "PreUpgrade step0,validation: Check if auditd is running"
tags: step0,validation
- name: Stop auditd service
tags: step2
+ when: auditd_enabled.rc == 0
service: name=auditd state=stopped
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
- barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
barbican::keystone::authtoken::project_name: 'service'
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
nova::compute::barbican_endpoint:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
- get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+ get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_api:
cinder::api::keymgr_api_class: >
castellan.key_manager.barbican_key_manager.BarbicanKeyManager
cinder::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
cinder::api::keymgr_encryption_auth_url:
- get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+ get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
+ - name: Check if barbican_api is deployed
+ command: systemctl is-enabled openstack-barbican-api
+ tags: common
+ ignore_errors: True
+ register: barbican_api_enabled
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ when: barbican_api_enabled.rc == 0
tags: step0,validation
+ - name: Install openstack-barbican-api package if it was disabled
+ tags: step3
+ yum: name=openstack-barbican-api state=latest
+ when: barbican_api_enabled.rc != 0
step_config: |
include ::tripleo::profile::base::ceilometer::agent::polling
upgrade_tasks:
+ - name: Check if ceilometer_agent_central is deployed
+ command: systemctl is-enabled openstack-ceilometer-central
+ tags: common
+ ignore_errors: True
+ register: ceilometer_agent_central_enabled
- name: "PreUpgrade step0,validation: Check service openstack-ceilometer-central is running"
shell: /usr/bin/systemctl show 'openstack-ceilometer-central' --property ActiveState | grep '\bactive\b'
+ when: ceilometer_agent_central_enabled.rc == 0
tags: step0,validation
- name: Stop ceilometer_agent_central service
tags: step1
+ when: ceilometer_agent_central_enabled.rc == 0
service: name=openstack-ceilometer-central state=stopped
step_config: |
include ::tripleo::profile::base::ceilometer::agent::polling
upgrade_tasks:
+ - name: Check if ceilometer_agent_compute is deployed
+ command: systemctl is-enabled openstack-ceilometer-compute
+ tags: common
+ ignore_errors: True
+ register: ceilometer_agent_compute_enabled
- name: "PreUpgrade step0,validation: Check service openstack-ceilometer-compute is running"
shell: /usr/bin/systemctl show 'openstack-ceilometer-compute' --property ActiveState | grep '\bactive\b'
+ when: ceilometer_agent_compute_enabled.rc == 0
tags: step0,validation
- name: Stop ceilometer_agent_compute service
tags: step1
+ when: ceilometer_agent_compute_enabled.rc == 0
service: name=openstack-ceilometer-compute state=stopped
step_config: |
include ::tripleo::profile::base::ceilometer::agent::notification
upgrade_tasks:
+ - name: Check if ceilometer_agent_notification is deployed
+ command: systemctl is-enabled openstack-ceilometer-notification
+ tags: common
+ ignore_errors: True
+ register: ceilometer_agent_notification_enabled
- name: "PreUpgrade step0,validation: Check service openstack-ceilometer-notification is running"
shell: /usr/bin/systemctl show 'openstack-ceilometer-notification' --property ActiveState | grep '\bactive\b'
+ when: ceilometer_agent_notification_enabled.rc == 0
tags: step0,validation
- name: Stop ceilometer_agent_notification service
tags: step1
+ when: ceilometer_agent_notification_enabled.rc == 0
service: name=openstack-ceilometer-notification state=stopped
# we include db_sync class in puppet-tripleo
ceilometer::db::sync_db: false
ceilometer::keystone::authtoken::project_name: 'service'
+ ceilometer::keystone::authtoken::user_domain_name: 'Default'
+ ceilometer::keystone::authtoken::project_domain_name: 'Default'
ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
- ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
+ ceilometer::agent::auth::auth_user_domain_name: 'Default'
+ ceilometer::agent::auth::auth_project_domain_name: 'Default'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
step_config: |
include ::tripleo::profile::base::ceilometer::collector
upgrade_tasks:
+ - name: Check if ceilometer_collector is deployed
+ command: systemctl is-enabled openstack-ceilometer-collector
+ tags: common
+ ignore_errors: True
+ register: ceilometer_collector_enabled
- name: "PreUpgrade step0,validation: Check service openstack-ceilometer-collector is running"
shell: /usr/bin/systemctl show 'openstack-ceilometer-collector' --property ActiveState | grep '\bactive\b'
+ when: ceilometer_collector_enabled.rc == 0
tags: step0,validation
- name: Stop ceilometer_collector service
tags: step1
+ when: ceilometer_collector_enabled.rc == 0
service: name=openstack-ceilometer-collector state=stopped
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
upgrade_tasks:
- name: Gather RGW instance ID
- tags: step0
+ tags: common
shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway
register: rgw_id
+ - name: Check if ceph_rgw is deployed
+ command: systemctl is-enabled ceph-radosgw@{{rgw_id.stdout}}
+ tags: common
+ ignore_errors: True
+ register: ceph_rgw_enabled
- name: Check status
shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b'
+ when: ceph_rgw_enabled.rc == 0
tags: step0,validation
- name: Stop RGW instance
tags: step1
+ when: ceph_rgw_enabled.rc == 0
service:
name: ceph-radosgw@{{rgw_id.stdout}}
state: stopped
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
+ - name: Check if cinder_api is deployed
+ command: systemctl is-enabled openstack-cinder-api
+ tags: common
+ ignore_errors: True
+ register: cinder_api_enabled
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ when: cinder_api_enabled.rc == 0
tags: step0,validation
- name: check for cinder running under apache (post upgrade)
tags: step1
- shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder"
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
register: cinder_apache
ignore_errors: true
- name: Stop cinder_api service (running under httpd)
tags: step1
service: name=httpd state=stopped
- when: "cinder_apache.rc == 0"
+ when: cinder_apache.rc == 0
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
tags: step1
+ when: cinder_api_enabled.rc == 0
service: name=openstack-cinder-api state=stopped enabled=no
cinder::backend::scaleio::sio_round_volume_capacity: {get_param: CinderScaleIORoundVolumeCapacity}
cinder::backend::scaleio::sio_unmap_volume_before_deletion: {get_param: CinderScaleIOUnmapVolumeBeforeDeletion}
cinder::backend::scaleio::sio_max_over_subscription_ratio: {get_param: CinderScaleIOMaxOverSubscriptionRatio}
- cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOThinProvision}
+ cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOSanThinProvision}
step_config: |
include ::tripleo::profile::base::cinder::volume
step_config: |
include ::tripleo::profile::base::cinder::scheduler
upgrade_tasks:
+ - name: Check if cinder_scheduler is deployed
+ command: systemctl is-enabled openstack-cinder-scheduler
+ tags: common
+ ignore_errors: True
+ register: cinder_scheduler_enabled
- name: "PreUpgrade step0,validation: Check service openstack-cinder-scheduler is running"
shell: /usr/bin/systemctl show 'openstack-cinder-scheduler' --property ActiveState | grep '\bactive\b'
+ when: cinder_scheduler_enabled.rc == 0
tags: step0,validation
- name: Stop cinder_scheduler service
tags: step1
+ when: cinder_scheduler_enabled.rc == 0
service: name=openstack-cinder-scheduler state=stopped
step_config: |
include ::tripleo::profile::base::cinder::volume
upgrade_tasks:
+ - name: Check if cinder_volume is deployed
+ command: systemctl is-enabled openstack-cinder-volume
+ tags: common
+ ignore_errors: True
+ register: cinder_volume_enabled
- name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running"
shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b'
+ when: cinder_volume_enabled.rc == 0
tags: step0,validation
- name: Stop cinder_volume service
tags: step1
+ when: cinder_volume_enabled.rc == 0
service: name=openstack-cinder-volume state=stopped
include ::tripleo::profile::base::congress
upgrade_tasks:
+ - name: Check if congress is deployed
+ command: systemctl is-enabled openstack-congress-server
+ tags: common
+ ignore_errors: True
+ register: congress_enabled
- name: "PreUpgrade step0,validation: Check service openstack-congress-server is running"
shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b'
+ when: congress_enabled.rc == 0
tags: step0,validation
- name: Stop congress service
tags: step1
+ when: congress_enabled.rc == 0
service: name=openstack-congress-server state=stopped
+ - name: Install openstack-congress package if it was disabled
+ tags: step3
+ yum: name=openstack-congress state=latest
+ when: congress_enabled.rc != 0
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ Configures docker on the host
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: tripleoupstream
+ type: string
+ DockerNamespaceIsRegistry:
+ type: boolean
+ default: false
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the docker service
+ value:
+ service_name: docker
+ config_settings:
+ tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace}
+ tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry}
+ step_config: |
+ include ::tripleo::profile::base::docker
+ upgrade_tasks:
+ - name: Install docker packages on upgrade if missing
+ tags: step3
+ yum: name=docker state=latest
+
ec2api::api::ec2api_listen:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
ec2api::metadata::metadata_listen:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
ec2api::db::database_connection:
upgrade_tasks:
- name: Check if ec2-api is deployed
command: systemctl is-enabled openstack-ec2-api
- tags: step0,validation
+ tags: common
ignore_errors: True
register: ec2_api_enabled
- name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running"
tags: step0,validation
- name: Stop openstack-ec2-api service
tags: step1
+ when: ec2_api_enabled.rc == 0
service: name=openstack-ec2-api state=stopped
+ - name: Install openstack-ec2-api package if it was disabled
+ tags: step3
+ yum: name=openstack-ec2-api state=latest
+ when: ec2_api_enabled.rc != 0
etcd::etcd_name:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
EnableInternalTLS:
type: boolean
default: false
+ CephClientUserName:
+ default: openstack
+ type: string
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceNfsEnabled:
+ default: false
+ description: >
+ When using GlanceBackend 'file', mount NFS share for image storage.
+ type: boolean
+ GlanceNfsShare:
+ default: ''
+ description: >
+ NFS share to mount for image storage (when GlanceNfsEnabled is true)
+ type: string
+ GlanceNfsOptions:
+ default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
+ description: >
+ NFS mount options for image storage (when GlanceNfsEnabled is true)
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
- GlanceBase:
- type: ./glance-base.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
-
outputs:
role_data:
description: Role data for the Glance API role.
- glance
config_settings:
map_merge:
- - get_attr: [GlanceBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
list_join:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance::backend::swift::swift_store_create_container_on_put: true
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+ glance_backend: {get_param: GlanceBackend}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ glance::notify::rabbitmq::notification_driver: messagingv2
+ tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
+ tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
+ tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
+ mysql:
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::db::mysql::user: glance
+ glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ glance::db::mysql::dbname: glance
+ glance::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::glance::api
- service_config_settings:
- get_attr: [GlanceBase, role_data, service_config_settings]
upgrade_tasks:
+ - name: Check if glance_api is deployed
+ command: systemctl is-enabled openstack-glance-api
+ tags: common
+ ignore_errors: True
+ register: glance_api_enabled
+ #(TODO) Remove all glance-registry bits in Pike.
+ - name: Check if glance_registry is deployed
+ command: systemctl is-enabled openstack-glance-registry
+ tags: common
+ ignore_errors: True
+ register: glance_registry_enabled
- name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
+ when: glance_api_enabled.rc == 0
- name: Stop glance_api service
tags: step1
+ when: glance_api_enabled.rc == 0
service: name=openstack-glance-api state=stopped
- name: Stop and disable glance registry (removed for Ocata)
tags: step1
+ when: glance_registry_enabled.rc == 0
service: name=openstack-glance-registry state=stopped enabled=no
+++ /dev/null
-heat_template_version: ocata
-
-description: >
- OpenStack Glance Common settings with Puppet
-
-parameters:
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- DefaultPasswords:
- default: {}
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- CephClientUserName:
- default: openstack
- type: string
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
- GlancePassword:
- description: The password for the glance service and db account, used by the glance services.
- type: string
- hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
- GlanceNfsEnabled:
- default: false
- description: >
- When using GlanceBackend 'file', mount NFS share for image storage.
- type: boolean
- GlanceNfsShare:
- default: ''
- description: >
- NFS share to mount for image storage (when GlanceNfsEnabled is true)
- type: string
- GlanceNfsOptions:
- default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
- description: >
- NFS mount options for image storage (when GlanceNfsEnabled is true)
- type: string
- GlanceRbdPoolName:
- default: images
- type: string
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
-
-outputs:
- role_data:
- description: Role data for the Glance common role.
- value:
- service_name: glance_base
- config_settings:
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_param: GlancePassword}
- glance::backend::swift::swift_store_create_container_on_put: true
- glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
- glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
- glance_backend: {get_param: GlanceBackend}
- glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
- glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
- glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::notify::rabbitmq::notification_driver: messagingv2
- tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
- tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
- tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
- service_config_settings:
- keystone:
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
- glance::keystone::auth::region: {get_param: KeystoneRegion}
- glance::keystone::auth::tenant: 'service'
- mysql:
- glance::db::mysql::password: {get_param: GlancePassword}
- glance::db::mysql::user: glance
- glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- glance::db::mysql::dbname: glance
- glance::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
gnocchi::api::enabled: true
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::api::service_name: 'httpd'
- gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
+ gnocchi::keystone::authtoken::user_domain_name: 'Default'
+ gnocchi::keystone::authtoken::project_domain_name: 'Default'
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
gnocchi::wsgi::apache::servername:
str_replace:
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
-
- gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
service_config_settings:
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
gnocchi::db::sync::extra_opts: '--skip-storage'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
- gnocchi::storage::swift::swift_auth_version: 2
+ gnocchi::storage::swift::swift_auth_version: 3
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
+ gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
gnocchi::storage::ceph::ceph_keyring:
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
upgrade_tasks:
+ - name: Check if gnocchi_metricd is deployed
+ command: systemctl is-enabled openstack-gnocchi-metricd
+ tags: common
+ ignore_errors: True
+ register: gnocchi_metricd_enabled
- name: "PreUpgrade step0,validation: Check service openstack-gnocchi-metricd is running"
shell: /usr/bin/systemctl show 'openstack-gnocchi-metricd' --property ActiveState | grep '\bactive\b'
+ when: gnocchi_metricd_enabled.rc == 0
tags: step0,validation
- name: Stop gnocchi_metricd service
tags: step1
+ when: gnocchi_metricd_enabled.rc == 0
service: name=openstack-gnocchi-metricd state=stopped
step_config: |
include ::tripleo::profile::base::gnocchi::statsd
upgrade_tasks:
+ - name: Check if gnocchi_statsd is deployed
+ command: systemctl is-enabled openstack-gnocchi-statsd
+ tags: common
+ ignore_errors: True
+ register: gnocchi_statsd_enabled
- name: "PreUpgrade step0,validation: Check service openstack-gnocchi-statsd is running"
shell: /usr/bin/systemctl show 'openstack-gnocchi-statsd' --property ActiveState | grep '\bactive\b'
+ when: gnocchi_statsd_enabled.rc == 0
tags: step0,validation
- name: Stop gnocchi_statsd service
tags: step1
+ when: gnocchi_statsd_enabled.rc == 0
service: name=openstack-gnocchi-statsd state=stopped
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
+ - name: Check if haproxy is deployed
+ command: systemctl is-enabled haproxy
+ tags: common
+ ignore_errors: True
+ register: haproxy_enabled
- name: "PreUpgrade step0,validation: Check service haproxy is running"
shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
+ when: haproxy_enabled.rc == 0
tags: step0,validation
- name: Stop haproxy service
tags: step2
+ when: haproxy_enabled.rc == 0
service: name=haproxy state=stopped
- name: Start haproxy service
tags: step4 # Needed at step 4 for mysql
+ when: haproxy_enabled.rc == 0
service: name=haproxy state=started
metadata_settings:
yaql:
default:
tag: openstack.heat.api.cfn
path: /var/log/heat/heat-api-cfn.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
HeatBase:
type: ./heat-base.yaml
properties:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- - heat::api_cfn::workers: {get_param: HeatWorkers}
- tripleo.heat_api_cfn.firewall_rules:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - tripleo.heat_api_cfn.firewall_rules:
'125 heat_cfn':
dport:
- 8000
- 13800
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
+ heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+ heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
+ heat::api_cfn::service_name: 'httpd'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+ heat::wsgi::apache_api_cfn::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+ -
+ if:
+ - heat_workers_zero
+ - {}
+ - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
service_config_settings:
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
upgrade_tasks:
+ - name: Check if heat_api_cfn is deployed
+ command: systemctl is-enabled openstack-heat-api-cfn
+ tags: common
+ ignore_errors: True
+ register: heat_api_cfn_enabled
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+ when: heat_api_cfn_enabled.rc == 0
tags: step0,validation
- - name: Stop heat_api_cfn service
+ - name: check for heat_api_cfn running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
+ register: heat_api_cfn_apache
+ ignore_errors: true
+ - name: Stop heat_api_cfn service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: heat_api_cfn_apache.rc == 0
+ - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
tags: step1
- service: name=openstack-heat-api-cfn state=stopped
+ when: heat_api_cfn_apache.rc == 0
+ service: name=openstack-heat-api-cfn state=stopped enabled=no
default:
tag: openstack.heat.api.cloudwatch
path: /var/log/heat/heat-api-cloudwatch.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
HeatBase:
type: ./heat-base.yaml
properties:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- - heat::api_cloudwatch::workers: {get_param: HeatWorkers}
- tripleo.heat_api_cloudwatch.firewall_rules:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - tripleo.heat_api_cloudwatch.firewall_rules:
'125 heat_cloudwatch':
dport:
- 8003
- 13003
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
+ heat::api_cloudwatch::bind_host:
+ get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+ heat::wsgi::apache_api_cloudwatch::ssl: {get_param: EnableInternalTLS}
+ heat::api_cloudwatch::service_name: 'httpd'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ heat::wsgi::apache_api_cloudwatch::bind_host:
+ get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+ heat::wsgi::apache_api_cloudwatch::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}
+ -
+ if:
+ - heat_workers_zero
+ - {}
+ - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:
+ - name: Check if heat_api_cloudwatch is deployed
+ command: systemctl is-enabled openstack-heat-api-cloudwatch
+ tags: common
+ ignore_errors: True
+ register: heat_api_cloudwatch_enabled
- name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running"
shell: /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
+ when: heat_api_cloudwatch_enabled.rc == 0
tags: step0,validation
- - name: Stop heat_api_cloudwatch service
+ - name: check for heat_api_cloudwatch running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cloudwatch_wsgi"
+ register: heat_api_cloudwatch_apache
+ ignore_errors: true
+ - name: Stop heat_api_cloudwatch service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: heat_api_cloudwatch_apache.rc == 0
+ - name: Stop and disable heat_api_cloudwatch service (pre-upgrade not under httpd)
tags: step1
- service: name=openstack-heat-api-cloudwatch state=stopped
+ when: heat_api_cloudwatch_enabled.rc == 0
+ service: name=openstack-heat-api-cloudwatch state=stopped enabled=no
default:
tag: openstack.heat.api
path: /var/log/heat/heat-api.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
HeatBase:
type: ./heat-base.yaml
properties:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- - heat::api::workers: {get_param: HeatWorkers}
- tripleo.heat_api.firewall_rules:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - tripleo.heat_api.firewall_rules:
'125 heat_api':
dport:
- 8004
- 13004
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
+ heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+ heat::api::service_name: 'httpd'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ heat::wsgi::apache_api::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
+ -
+ if:
+ - heat_workers_zero
+ - {}
+ - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api
service_config_settings:
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
upgrade_tasks:
+ - name: Check is heat_api is deployed
+ command: systemctl is-enabled openstack-heat-api
+ tags: common
+ ignore_errors: True
+ register: heat_api_enabled
- name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
+ when: heat_api_enabled.rc == 0
tags: step0,validation
- - name: Stop heat_api service
+ - name: check for heat_api running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
+ register: heat_api_apache
+ ignore_errors: true
+ - name: Stop heat_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: heat_api_apache.rc == 0
+ - name: Stop and disable heat_api service (pre-upgrade not under httpd)
tags: step1
- service: name=openstack-heat-api state=stopped
+ when: heat_api_enabled.rc == 0
+ service: name=openstack-heat-api state=stopped enabled=no
value: 'role:admin'
heat::rabbit_heartbeat_timeout_threshold: 60
heat::keystone::authtoken::project_name: 'service'
- heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ heat::keystone::authtoken::user_domain_name: 'Default'
+ heat::keystone::authtoken::project_domain_name: 'Default'
+ heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::domain::domain_name: 'heat_stack'
# This is needed because the keystone profile handles creating the domain
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
upgrade_tasks:
+ - name: Check if heat_engine is deployed
+ command: systemctl is-enabled openstack-heat-engine
+ tags: common
+ ignore_errors: True
+ register: heat_engine_enabled
- name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
+ when: heat_engine_enabled.rc == 0
tags: step0,validation
- name: Stop heat_engine service
tags: step1
+ when: heat_engine_enabled.rc == 0
service: name=openstack-heat-engine state=stopped
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
options: ['FollowSymLinks','MultiViews']
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
- horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
horizon::secret_key:
upgrade_tasks:
- name: Check if httpd is deployed
command: systemctl is-enabled httpd
- tags: step0,validation
+ tags: common
ignore_errors: True
register: httpd_enabled
- name: "PreUpgrade step0,validation: Check if httpd is running"
tags: step0,validation
- name: Stop Horizon (under httpd)
tags: step1
+ when: httpd_enabled.rc == 0
service: name=httpd state=stopped
- get_attr: [IronicBase, role_data, config_settings]
- ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
+ ironic::api::authtoken::user_domain_name: 'Default'
+ ironic::api::authtoken::project_domain_name: 'Default'
ironic::api::authtoken::username: 'ironic'
- ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
- keystone::cron::token_flush::destination: '/dev/null'
+ keystone::cron::token_flush::destination: '/var/log/keystone/keystone-tokenflush.log'
keystone::config::keystone_config:
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
step_config: |
include ::tripleo::profile::base::logging::fluentd
upgrade_tasks:
+ - name: Check if fluentd_client is deployed
+ command: systemctl is-enabled fluentd
+ tags: common
+ ignore_errors: True
+ register: fluentd_client_enabled
- name: Check status of fluentd service
shell: >
/usr/bin/systemctl show fluentd --property ActiveState |
grep '\bactive\b'
+ when: fluentd_client_enabled.rc == 0
tags: step0,validation
- name: Stop fluentd service
tags: step1
+ when: fluentd_client_enabled.rc == 0
service: name=fluentd state=stopped
+ - name: Install fluentd package if it was disabled
+ tags: step3
+ yum: name=fluentd state=latest
+ when: fluentd_client_enabled.rc != 0
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
- manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
+ manila::keystone::authtoken::user_domain_name: 'Default'
+ manila::keystone::authtoken::project_domain_name: 'Default'
tripleo.manila_api.firewall_rules:
'150 manila':
dport:
step_config: |
include ::tripleo::profile::base::metrics::collectd
upgrade_tasks:
+ - name: Check if collectd is deployed
+ command: systemctl is-enabled collectd
+ tags: common
+ ignore_errors: True
+ register: collectd_enabled
- name: Check status of collectd service
shell: >
/usr/bin/systemctl show collectd --property ActiveState |
grep '\bactive\b'
+ when: collectd_enabled.rc == 0
tags: step0,validation
- name: Stop collectd service
tags: step1
+ when: collectd_enabled.rc == 0
service: name=collectd state=stopped
+ - name: Install collectd package if it was disabled
+ tags: step3
+ yum: name=collectd state=latest
+ when: collectd_enabled.rc != 0
get_attr: [MistralBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::mistral::api
+ upgrade_tasks:
+ - name: Check if mistral api is deployed
+ command: systemctl is-enabled openstack-mistral-api
+ tags: common
+ ignore_errors: True
+ register: mistral_api_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-api is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-api' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_api_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop mistral_api service
+ tags: step1
+ service: name=openstack-mistral-api state=stopped
+ - name: Install openstack-mistral-api package if it was disabled
+ tags: step3
+ yum: name=openstack-mistral-api state=latest
+ when: mistral_api_enabled.rc != 0
get_attr: [MistralBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::mistral::engine
+ upgrade_tasks:
+ - name: Check if mistral engine is deployed
+ command: systemctl is-enabled openstack-mistral-engine
+ tags: common
+ ignore_errors: True
+ register: mistral_engine_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-engine is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-engine' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_engine_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop mistral_engine service
+ tags: step1
+ service: name=openstack-mistral-engine state=stopped
+ - name: Install openstack-mistral-engine package if it was disabled
+ tags: step3
+ yum: name=openstack-mistral-engine state=latest
+ when: mistral_engine_enabled.rc != 0
get_attr: [MistralBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::mistral::executor
+ upgrade_tasks:
+ - name: Check if mistral executor is deployed
+ command: systemctl is-enabled openstack-mistral-executor
+ tags: common
+ ignore_errors: True
+ register: mistral_executor_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_executor_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop mistral_executor service
+ tags: step1
+ service: name=openstack-mistral-executor state=stopped
+ - name: Install openstack-mistral-executor package if it was disabled
+ tags: step3
+ yum: name=openstack-mistral-executor state=latest
+ when: mistral_executor_enabled.rc != 0
default: false
description: >
RabbitMQ client subscriber parameter to specify an SSL connection
- to the RabbitMQ host.
+ to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without
+ specifying a private key or cert chain to use SSL transport,
+ but not cert auth.
+ type: string
+ MonitoringRabbitSSLPrivateKey:
+ default: ''
+ description: Private key to be used by Sensu to connect to RabbitMQ host.
+ type: string
+ MonitoringRabbitSSLCertChain:
+ default: ''
+ description: >
+ Private SSL cert chain to be used by Sensu to connect to RabbitMQ host.
type: string
MonitoringRabbitPassword:
description: The RabbitMQ password used for monitoring purposes.
sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword}
sensu::rabbitmq_port: {get_param: MonitoringRabbitPort}
sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
+ sensu::rabbitmq_ssl_private_key: {get_param: MonitoringRabbitSSLPrivateKey}
+ sensu::rabbitmq_ssl_cert_chain: {get_param: MonitoringRabbitSSLCertChain}
sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
sensu::redact: {get_param: SensuRedactVariables}
step_config: |
include ::tripleo::profile::base::monitoring::sensu
upgrade_tasks:
+ - name: Check if sensu_client is deployed
+ command: systemctl is-enabled sensu-client
+ tags: common
+ ignore_errors: True
+ register: sensu_client_enabled
- name: Check status of sensu-client service
shell: >
/usr/bin/systemctl show sensu-client --property ActiveState |
grep '\bactive\b'
+ when: sensu_client_enabled.rc == 0
tags: step0,validation
- name: Stop sensu-client service
tags: step1
+ when: sensu_client_enabled.rc == 0
service: name=sensu-client state=stopped
+ - name: Install sensu package if it was disabled
+ tags: step3
+ yum: name=sensu state=latest
+ when: sensu_client.rc != 0
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
- neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::rpc_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron::server::enable_proxy_headers_parsing: true
neutron::keystone::authtoken::password: {get_param: NeutronPassword}
- neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
+ neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
+ neutron::keystone::authtoken::user_domain_name: 'Default'
+ neutron::keystone::authtoken::project_domain_name: 'Default'
neutron::server::sync_db: true
tripleo.neutron_api.firewall_rules:
'114 neutron api':
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks:
+ - name: Check if neutron_server is deployed
+ command: systemctl is-enabled neutron-server
+ tags: common
+ ignore_errors: True
+ register: neutron_server_enabled
- name: "PreUpgrade step0,validation: Check service neutron-server is running"
shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+ when: neutron_server_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_api service
tags: step1
+ when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped
type: number
NeutronDhcpAgentsPerNetwork:
type: number
- default: 3
+ default: 0
description: The number of neutron dhcp agents to schedule per network
NeutronCorePlugin:
default: 'ml2'
via parameter_defaults in the resource registry.
type: json
+conditions:
+ dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
+
outputs:
role_data:
description: Role data for the Neutron base service.
value:
service_name: neutron_base
config_settings:
- neutron::rabbit_password: {get_param: RabbitPassword}
- neutron::rabbit_user: {get_param: RabbitUserName}
- neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- neutron::rabbit_port: {get_param: RabbitClientPort}
- neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
- neutron::core_plugin: {get_param: NeutronCorePlugin}
- neutron::service_plugins: {get_param: NeutronServicePlugins}
- neutron::debug: {get_param: Debug}
- neutron::purge_config: {get_param: EnableConfigPurge}
- neutron::allow_overlapping_ips: true
- neutron::rabbit_heartbeat_timeout_threshold: 60
- neutron::host: '%{::fqdn}'
- neutron::db::database_db_max_retries: -1
- neutron::db::database_max_retries: -1
- neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
+ map_merge:
+ - neutron::rabbit_password: {get_param: RabbitPassword}
+ neutron::rabbit_user: {get_param: RabbitUserName}
+ neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ neutron::rabbit_port: {get_param: RabbitClientPort}
+ neutron::core_plugin: {get_param: NeutronCorePlugin}
+ neutron::service_plugins: {get_param: NeutronServicePlugins}
+ neutron::debug: {get_param: Debug}
+ neutron::purge_config: {get_param: EnableConfigPurge}
+ neutron::allow_overlapping_ips: true
+ neutron::rabbit_heartbeat_timeout_threshold: 60
+ neutron::host: '%{::fqdn}'
+ neutron::db::database_db_max_retries: -1
+ neutron::db::database_max_retries: -1
+ neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
+ - if:
+ - dhcp_agents_zero
+ - {}
+ - tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ BGPVPN API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ BgpvpnServiceProvider:
+ default: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+ description: Backend to use as a service provider for BGPVPN
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the BGPVPN role.
+ value:
+ service_name: neutron_bgpvpn_api
+ config_settings:
+ neutron::services::bgpvpn::service_providers: {get_param: BgpvpnServiceProvider}
+ step_config: |
+ include ::tripleo::profile::base::neutron::bgpvpn
step_config: |
include tripleo::profile::base::neutron::dhcp
upgrade_tasks:
+ - name: Check if neutron_dhcp_agent is deployed
+ command: systemctl is-enabled neutron-dhcp-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_dhcp_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_dhcp_agent_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_dhcp service
tags: step1
+ when: neutron_dhcp_agent_enabled.rc == 0
service: name=neutron-dhcp-agent state=stopped
step_config: |
include tripleo::profile::base::neutron::l3
upgrade_tasks:
+ - name: Check if neutron_l3_agent is deployed
+ command: systemctl is-enabled neutron-l3-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_l3_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running"
shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_l3_agent_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_l3 service
tags: step1
+ when: neutron_l3_agent_enabled.rc == 0
service: name=neutron-l3-agent state=stopped
step_config: |
include tripleo::profile::base::neutron::metadata
upgrade_tasks:
+ - name: Check if neutron_metadata_agent is deployed
+ command: systemctl is-enabled neutron-metadata-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_metadata_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_metadata_agent_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_metadata service
tags: step1
+ when: neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
+ - name: Check if neutron_ovs_agent is deployed
+ command: systemctl is-enabled neutron-openvswitch-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_ovs_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_ovs_agent_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_ovs_agent service
tags: step1
+ when: neutron_ovs_agent_enabled.rc == 0
service: name=neutron-openvswitch-agent state=stopped
- 13774
- 8775
nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::user_domain_name: 'Default'
+ nova::keystone::authtoken::project_domain_name: 'Default'
nova::keystone::authtoken::password: {get_param: NovaPassword}
- nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::compute::vnc_enabled: false
nova::ironic::common::password: {get_param: IronicPassword}
nova::ironic::common::project_name: 'service'
- nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::ironic::common::username: 'ironic'
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
nova::network::neutron::dhcp_domain: ''
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
- opendaylight::nb_connection_protocol: {get_param: OpenDayLightConnectionProtocol}
+ opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api':
dport:
- 6653
step_config: |
include tripleo::profile::base::neutron::opendaylight
+ upgrade_tasks:
+ - name: Check if opendaylight is deployed
+ command: systemctl is-enabled opendaylight
+ tags: common
+ ignore_errors: True
+ register: opendaylight_enabled
+ - name: "PreUpgrade step0,validation: Check service opendaylight is running"
+ shell: /usr/bin/systemctl show 'opendaylight' --property ActiveState | grep '\bactive\b'
+ when: opendaylight_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop opendaylight service
+ tags: step1
+ when: opendaylight_enabled.rc == 0
+ service: name=opendaylight state=stopped
+ - name: Removes ODL snapshots, data, journal directories
+ file:
+ state: absent
+ path: /opt/opendaylight/{{item}}
+ tags: step2
+ with_items:
+ - snapshots
+ - data
+ - journal
proto: 'gre'
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
+ upgrade_tasks:
+ - name: Check if openvswitch is deployed
+ command: systemctl is-enabled openvswitch
+ tags: common
+ ignore_errors: True
+ register: openvswitch_enabled
+ - name: "PreUpgrade step0,validation: Check service openvswitch is running"
+ shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
+ when: openvswitch_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop openvswitch service
+ tags: step1
+ when: openvswitch_enabled.rc == 0
+ service: name=openvswitch state=stopped
PacemakerResources:
type: comma_delimited_list
description: List of resources managed by pacemaker
- default: ['rabbitmq','haproxy']
+ default: ['rabbitmq','haproxy','galera']
outputs:
role_data:
pacemaker_cluster: state=online
- name: Check pacemaker resource
tags: step4
- pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=500
+ pacemaker_is_active:
+ resource: "{{ item }}"
+ max_wait: 500
with_items: {get_param: PacemakerResources}
- rabbitmq::service_manage: false
step_config: |
include ::tripleo::profile::pacemaker::rabbitmq
+ upgrade_tasks:
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
+ - name: get rabbitmq policy
+ tags: common
+ shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\""
+ register: rabbit_ha_mode
+ when: is_bootstrap_node
+ ignore_errors: true
+ - name: set migrate_rabbit_ha_mode fact
+ tags: common
+ set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}}
+ when: is_bootstrap_node
+ - name: Fixup for rabbitmq ha-queues LP#1668600
+ tags: step0,pre-upgrade
+ shell: |
+ nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1))
+ nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2)))
+ if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then
+ echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues"
+ exit 1
+ fi
+ pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600
+ when: is_bootstrap_node and migrate_rabbit_ha_mode
+ metadata_settings:
+ get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- # The panko API isn't installed in newton images, so install
- # it on upgrade
- - name: Install openstack-panko-api packages on upgrade
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
+ - name: "PreUpgrade step0,validation: Check if httpd is running"
+ shell: >
+ /usr/bin/systemctl show 'httpd' --property ActiveState |
+ grep '\bactive\b'
+ when: httpd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop panko-api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: httpd_enabled.rc == 0
+ - name: Install openstack-panko-api package if it was not installed
tags: step3
yum: name=openstack-panko-api state=latest
panko::debug: {get_param: Debug}
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
+ panko::keystone::authtoken::user_domain_name: 'Default'
+ panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
- panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: 'regionOne'
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ RabbitMQ configurations for using TLS via certmonger.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ # The following parameters are not needed by the template but are
+ # required to pass the pep8 tests
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: RabbitMQ configurations for using TLS via certmonger.
+ value:
+ service_name: rabbitmq_internal_tls_certmonger
+ config_settings:
+ generate_service_certificates: true
+ tripleo::profile::base::rabbitmq::certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
+ service_key: '/etc/pki/tls/private/rabbitmq.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ principal:
+ str_replace:
+ template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ metadata_settings:
+ - service: rabbitmq
+ network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ type: node
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+resources:
+
+ RabbitMQTLS:
+ type: OS::TripleO::Services::RabbitMQTLS
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
service_name: rabbitmq
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
config_settings:
- rabbitmq::file_limit: {get_param: RabbitFDLimit}
- rabbitmq::default_user: {get_param: RabbitUserName}
- rabbitmq::default_pass: {get_param: RabbitPassword}
- rabbit_ipv6: {get_param: RabbitIPv6}
- tripleo.rabbitmq.firewall_rules:
- '109 rabbitmq':
- dport:
- - 4369
- - 5672
- - 25672
- rabbitmq::delete_guest_user: false
- rabbitmq::wipe_db_on_cookie_change: true
- rabbitmq::port: '5672'
- rabbitmq::package_provider: yum
- rabbitmq::package_source: undef
- rabbitmq::repos_ensure: false
- rabbitmq::tcp_keepalive: true
- rabbitmq_environment:
- NODE_PORT: ''
- NODE_IP_ADDRESS: ''
- RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
- 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
- rabbitmq_kernel_variables:
- inet_dist_listen_min: '25672'
- inet_dist_listen_max: '25672'
- rabbitmq_config_variables:
- cluster_partition_handling: 'pause_minority'
- queue_master_locator: '<<"min-masters">>'
- loopback_users: '[]'
- rabbitmq::erlang_cookie:
- yaql:
- expression: $.data.passwords.where($ != '').first()
- data:
- passwords:
- - {get_param: RabbitCookie}
- - {get_param: [DefaultPasswords, rabbit_cookie]}
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
- rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
+ map_merge:
+ - get_attr: [RabbitMQTLS, role_data, config_settings]
+ -
+ rabbitmq::file_limit: {get_param: RabbitFDLimit}
+ rabbitmq::default_user: {get_param: RabbitUserName}
+ rabbitmq::default_pass: {get_param: RabbitPassword}
+ rabbit_ipv6: {get_param: RabbitIPv6}
+ tripleo.rabbitmq.firewall_rules:
+ '109 rabbitmq':
+ dport:
+ - 4369
+ - 5672
+ - 25672
+ rabbitmq::delete_guest_user: false
+ rabbitmq::wipe_db_on_cookie_change: true
+ rabbitmq::port: '5672'
+ rabbitmq::package_provider: yum
+ rabbitmq::package_source: undef
+ rabbitmq::repos_ensure: false
+ rabbitmq::tcp_keepalive: true
+ rabbitmq_environment:
+ NODE_PORT: ''
+ NODE_IP_ADDRESS: ''
+ RABBITMQ_NODENAME: "rabbit@%{::hostname}"
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
+ rabbitmq_kernel_variables:
+ inet_dist_listen_min: '25672'
+ inet_dist_listen_max: '25672'
+ rabbitmq_config_variables:
+ cluster_partition_handling: 'pause_minority'
+ queue_master_locator: '<<"min-masters">>'
+ loopback_users: '[]'
+ rabbitmq::erlang_cookie:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
+ rabbitmq::ssl: {get_param: EnableInternalTLS}
+ rabbitmq::ssl_port: '5672'
+ rabbitmq::ssl_depth: 1
+ rabbitmq::ssl_only: {get_param: EnableInternalTLS}
+ rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ # TODO(jaosorior): Remove this once we set a proper default in
+ # puppet-tripleo
+ tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
step_config: |
include ::tripleo::profile::base::rabbitmq
upgrade_tasks:
- name: Start rabbitmq service
tags: step4
service: name=rabbitmq-server state=started
-
+ metadata_settings:
+ get_attr: [RabbitMQTLS, role_data, metadata_settings]
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
sahara::rabbit_port: {get_param: RabbitClientPort}
sahara::debug: {get_param: Debug}
+ # Remove admin_password when https://review.openstack.org/442619 is merged.
sahara::admin_password: {get_param: SaharaPassword}
- sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
sahara::use_neutron: true
sahara::plugins: {get_param: SaharaPlugins}
sahara::rpc_backend: rabbit
- sahara::admin_tenant_name: 'service'
sahara::db::database_db_max_retries: -1
sahara::db::database_max_retries: -1
+ sahara::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ sahara::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ sahara::keystone::authtoken::password: {get_param: SaharaPassword}
+ sahara::keystone::authtoken::project_name: 'service'
value:
service_name: sshd
config_settings:
- BannerText: {get_param: BannerText}
+ tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
step_config: |
include ::tripleo::profile::base::sshd
description: Timeout for requests going from swift-proxy to swift a/c/o services.
type: number
SwiftWorkers:
- default: 0
+ default: auto
description: Number of workers for Swift service.
- type: number
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
step_config: |
include ::tripleo::profile::base::tacker
upgrade_tasks:
+ - name: Check if tacker is deployed
+ command: systemctl is-enabled openstack-tacker-server
+ tags: common
+ ignore_errors: True
+ register: tacker_enabled
- name: "PreUpgrade step0,validation: Check service openstack-tacker-server is running"
shell: /usr/bin/systemctl show 'openstack-tacker-server' --property ActiveState | grep '\bactive\b'
+ when: tacker_enabled.rc == 0
tags: step0,validation
- name: Stop tacker service
tags: step1
+ when: tacker_enabled.rc == 0
service: name=openstack-tacker-server state=stopped
+ - name: Install openstack-tacker package if it was disabled
+ tags: step3
+ yum: name=openstack-tacker state=latest
+ when: tacker_enabled.rc != 0
step_config: |
include ::tripleo::profile::base::vpp
upgrade_tasks:
+ - name: Check if vpp is deployed
+ command: systemctl is-enabled vpp
+ tags: common
+ ignore_errors: True
+ register: vpp_enabled
+ - name: "PreUpgrade step0,validation: Check service vpp is running"
+ shell: /usr/bin/systemctl show 'vpp' --property ActiveState | grep '\bactive\b'
+ when: vpp_enabled.rc == 0
+ tags: step0,validation
- name: Stop vpp service
- tags: step2
+ tags: step1
+ when: vpp_enabled.rc == 0
service: name=vpp state=stopped
upgrade_tasks:
- name: Check if zaqar is deployed
command: systemctl is-enabled openstack-zaqar
- tags: step0,validation
+ tags: common
ignore_errors: True
register: zaqar_enabled
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
tags: step0,validation
- name: Stop zaqar service
tags: step1
+ when: zaqar_enabled.rc == 0
service: name=openstack-zaqar state=stopped
+ - name: Install openstack-zaqar package if it was disabled
+ tags: step3
+ yum: name=openstack-zaqar state=latest
+ when: zaqar_enabled.rc != 0
- Support for Octavia composable services for LBaaS with Neutron.
- Support for Collectd composable services for performance monitoring.
- Support for Tacker composable service for VNF management.
+ - Add the plan-environment.yaml file which will facilitate deployment plan
+ import and export.
upgrade:
- Update OpenDaylight deployment to use networking-odl v2 as a mechanism
driver.
--- /dev/null
+---
+features:
+ - Add support for BGPVPN Neutron service plugin
--- /dev/null
+---
+features:
+ - The relevant parameters have been added to deploy the heat APIs over httpd.
+ This means that the HeatWorkers now affect httpd instead of the heat API
+ themselves, and that the apache hieradata will also be deployed in the
+ nodes where the heat APIs run.
--- /dev/null
+---
+fixes:
+ - |
+ NeutronDhcpAgents had a default value of 3 that, even though unused in
+ practice was a bad default value. Changing the default value to a
+ sentinel value and making the hiera conditional allows deploy-time
+ logic in puppet to provide a default value based on the number of dhcp
+ agents being deployed.
--- /dev/null
+---
+features:
+ - Deploy Gnocchi with Keystone v3 endpoints and make
+ sure it doesn't rely on Keystone v2 anymore.
+++ /dev/null
----
-deprecations:
- - The environments/puppet-pacemaker.yaml file is now deprecated and the HA
- deployment is now the default. In order to get the non-HA deployment use
- environments/nonha-arch.yaml explicitly.
--- /dev/null
+---
+features:
+ - Sahara is now deployed with keystone_authtoken parameters and move
+ forward with Keystone v3 version.
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronBgpvpnApi
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::Docker
- name: Compute
CountDefault: 1
- OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
+REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'kolla_config',
+ 'puppet_config', 'config_settings', 'step_config']
+OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
+ 'service_config_settings']
+DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'puppet_tags', 'step_config',
+ 'config_image']
+
def exit_usage():
print('Usage %s <yaml file or directory>' % sys.argv[0])
return 1
return 0
+
def validate_mysql_connection(settings):
no_op = lambda *args: False
error_status = [0]
return error_status[0]
+def validate_docker_service(filename, tpl):
+ if 'outputs' in tpl and 'role_data' in tpl['outputs']:
+ if 'value' not in tpl['outputs']['role_data']:
+ print('ERROR: invalid role_data for filename: %s'
+ % filename)
+ return 1
+ role_data = tpl['outputs']['role_data']['value']
+
+ for section_name in REQUIRED_DOCKER_SECTIONS:
+ if section_name not in role_data:
+ print('ERROR: %s is required in role_data for %s.'
+ % (section_name, filename))
+ return 1
+
+ for section_name in role_data.keys():
+ if section_name in REQUIRED_DOCKER_SECTIONS:
+ continue
+ else:
+ if section_name in OPTIONAL_DOCKER_SECTIONS:
+ continue
+ else:
+ print('ERROR: %s is extra in role_data for %s.'
+ % (section_name, filename))
+ return 1
+
+ if 'puppet_config' in role_data:
+ puppet_config = role_data['puppet_config']
+ for key in puppet_config:
+ if key in DOCKER_PUPPET_CONFIG_SECTIONS:
+ continue
+ else:
+ print('ERROR: %s should not be in puppet_config section.'
+ % key)
+ return 1
+ for key in DOCKER_PUPPET_CONFIG_SECTIONS:
+ if key not in puppet_config:
+ print('ERROR: %s is required in puppet_config for %s.'
+ % (key, filename))
+ return 1
+
+ if 'parameters' in tpl:
+ for param in required_params:
+ if param not in tpl['parameters']:
+ print('ERROR: parameter %s is required for %s.'
+ % (param, filename))
+ return 1
+ return 0
+
+
def validate_service(filename, tpl):
if 'outputs' in tpl and 'role_data' in tpl['outputs']:
if 'value' not in tpl['outputs']['role_data']:
filename != './puppet/services/services.yaml'):
retval = validate_service(filename, tpl)
+ if (filename.startswith('./docker/services/') and
+ filename != './docker/services/services.yaml'):
+ retval = validate_docker_service(filename, tpl)
+
if filename.endswith('hyperconverged-ceph.yaml'):
retval = validate_hci_compute_services_default(filename, tpl)
echo "SUCCESS"
}
+# Verify the FQDN from the nova/ironic deployment matches
+# FQDN in the heat templates.
+function fqdn_check() {
+ HOSTNAME=$(hostname)
+ SHORT_NAME=$(hostname -s)
+ FQDN_FROM_HOSTS=$(awk '$3 == "'${SHORT_NAME}'"{print $2}' /etc/hosts)
+ echo -n "Checking hostname vs /etc/hosts entry..."
+ if [[ $HOSTNAME != $FQDN_FROM_HOSTS ]]; then
+ echo "FAILURE"
+ echo -e "System hostname: ${HOSTNAME}\nEntry from /etc/hosts: ${FQDN_FROM_HOSTS}\n"
+ exit 1
+ fi
+ echo "SUCCESS"
+}
+
ping_controller_ips "$ping_test_ips"
ping_default_gateways
+if [[ $validate_fqdn == "True" ]];then
+ fqdn_check
+fi
Code Review / apex-tripleo-heat-templates.git / commitdiff