##################################################
# Per step starting of the containers using paunch
##################################################
- - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists
+ - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists
stat:
- path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json
+ path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
register: docker_config_json
+ # Note docker-puppet.py generates the hashed-*.json file, which is a copy of
+ # the *step_n.json with a hash of the generated external config added
+ # This acts as a salt to enable restarting the container if config changes
- name: Start containers for step {{step}}
- command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+ command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
when: docker_config_json.stat.exists
changed_when: false
check_mode: no
# that can be used to generate config files or run ad-hoc puppet modules
# inside of a container.
+import glob
import json
import logging
import os
+import sys
import subprocess
import sys
import tempfile
log.debug(cmd_stderr)
+def match_config_volume(prefix, config):
+ # Match the mounted config volume - we can't just use the
+ # key as e.g "novacomute" consumes config-data/nova
+ volumes = config.get('volumes', [])
+ config_volume=None
+ for v in volumes:
+ if v.startswith(prefix):
+ config_volume = os.path.relpath(
+ v.split(":")[0], prefix).split("/")[0]
+ break
+ return config_volume
+
+
+def get_config_hash(prefix, config_volume):
+ hashfile = os.path.join(prefix, "%s.md5sum" % config_volume)
+ hash_data = None
+ if os.path.isfile(hashfile):
+ with open(hashfile) as f:
+ hash_data = f.read().rstrip()
+ return hash_data
+
+
def rm_container(name):
if os.environ.get('SHOW_DIFF', None):
log.info('Diffing container: %s' % name)
mkdir -p /var/lib/config-data/${NAME}/var/www
cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/
fi
+
+ # Write a checksum of the config-data dir, this is used as a
+ # salt to trigger container restart when the config changes
+ tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
fi
""")
log.error('ERROR configuring %s' % config_volume)
success = False
+
+# Update the startup configs with the config hash we generated above
+config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data')
+log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix)
+startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs)
+infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+for infile in infiles:
+ with open(infile) as f:
+ infile_data = json.load(f)
+
+ for k, v in infile_data.iteritems():
+ config_volume = match_config_volume(config_volume_prefix, v)
+ if config_volume:
+ config_hash = get_config_hash(config_volume_prefix, config_volume)
+ if config_hash:
+ env = v.get('environment', [])
+ env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
+ log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash))
+ infile_data[k]['environment'] = env
+
+ outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
+ with open(outfile, 'w') as out_f:
+ json.dump(infile_data, out_f)
+
if not success:
sys.exit(1)
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
with_dict: "{{kolla_config}}"
- - name: Install paunch FIXME remove when packaged
- shell: |
- yum -y install python-pip
- pip install paunch
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-api.json:
+ /var/lib/kolla/config_files/aodh_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/aodh/var/www/:/var/www/:ro
- /var/log/containers/aodh:/var/log/aodh
-
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-evaluator.json:
+ /var/lib/kolla/config_files/aodh_evaluator.json:
command: /usr/bin/aodh-evaluator
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-listener.json:
+ /var/lib/kolla/config_files/aodh_listener.json:
command: /usr/bin/aodh-listener
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-notifier.json:
+ /var/lib/kolla/config_files/aodh_notifier.json:
command: /usr/bin/aodh-notifier
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-central.json:
+ /var/lib/kolla/config_files/ceilometer_agent_central.json:
command: /usr/bin/ceilometer-polling --polling-namespaces central
docker_config:
step_3:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-compute.json:
+ /var/lib/kolla/config_files/ceilometer_agent_compute.json:
command: /usr/bin/ceilometer-polling --polling-namespaces compute
docker_config:
step_4:
- ceilometer_agent-compute:
+ ceilometer_agent_compute:
image: *ceilometer_agent_compute_image
net: host
privileged: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/run/libvirt:/var/run/libvirt:ro
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-notification.json:
+ /var/lib/kolla/config_files/ceilometer_agent_notification.json:
command: /usr/bin/ceilometer-agent-notification
docker_config:
step_3:
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
- ceilometer_agent-notification:
+ ceilometer_agent_notification:
image: *ceilometer_agent_notification_image
net: host
privileged: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Containerized collectd service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCollectdImage:
+ description: image
+ default: 'centos-binary-collectd:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CollectdBase:
+ type: ../../puppet/services/metrics/collectd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the collectd role.
+ value:
+ service_name: {get_attr: [CollectdBase, role_data, service_name]}
+ config_settings: {get_attr: [CollectdBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CollectdBase, role_data, step_config]
+ service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: collectd
+ puppet_tags: collectd_client_config
+ step_config: *step_config
+ config_image: &collectd_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/collectd.json:
+ command: /usr/sbin/collectd -f
+ docker_config:
+ step_3:
+ collectd:
+ image: *collectd_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable collectd service
+ tags: step2
+ service: name=collectd.service state=stopped enabled=no
+
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Congress API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCongressApiImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ DockerCongressConfigImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CongressApiBase:
+ type: ../../puppet/services/congress.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Congress API role.
+ value:
+ service_name: {get_attr: [CongressApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [CongressApiBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [CongressApiBase, role_data, step_config]
+ service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: congress
+ puppet_tags: congress_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/congress_api.json:
+ command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log
+ permissions:
+ - path: /var/log/congress
+ owner: congress:congress
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_3:
+ congress_init_logs:
+ start_order: 0
+ image: &congress_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/congress:/var/log/congress
+ command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
+ congress_db_sync:
+ start_order: 1
+ image: *congress_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/congress/etc/:/etc/:ro
+ - /var/log/containers/congress:/var/log/congress
+ command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
+ step_4:
+ congress_api:
+ start_order: 15
+ image: *congress_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro
+ - /var/log/containers/congress:/var/log/congress
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/congress
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable congress_api service
+ tags: step2
+ service: name=openstack-congress-server state=stopped enabled=no
privileged: false
volumes: &mongodb_volumes
- /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mongodb/etc/:/etc/:ro
+ - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro
+ - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/etc/:/etc/:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
volumes:
- /run:/run
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/redis/etc/:/etc/:ro
+ - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/redis:/var/log/redis
environment:
step_config: 'include ::tripleo::profile::base::etcd'
config_image: *etcd_image
volumes:
- - /var/lib/config-data/etcd/etc/:/etc
+ - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
- /var/lib/etcd:/var/lib/etcd:ro
host_prep_tasks:
- name: create /var/lib/etcd
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/glance-api.json:
+ /var/lib/kolla/config_files/glance_api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
- /var/log/containers/glance:/var/log/glance
environment:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-api.json:
+ /var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
-
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-metricd.json:
+ /var/lib/kolla/config_files/gnocchi_metricd.json:
command: /usr/bin/gnocchi-metricd
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-statsd.json:
+ /var/lib/kolla/config_files/gnocchi_statsd.json:
command: /usr/bin/gnocchi-statsd
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
-
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/ironic/var/www/:/var/www/:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/keystone/var/www/:/var/www/:ro
- /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/keystone:/var/log/keystone
-
if:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerManilaApiImage:
+ description: image
+ default: 'centos-binary-manila-api:latest'
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ default: 'centos-binary-manila-base:latest'
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ManilaApiPuppetBase:
+ type: ../../puppet/services/manila-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Manila API role.
+ value:
+ service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
+ service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,manila_api_paste_ini
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/manila_api.json:
+ command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_3:
+ manila_api_db_sync:
+ user: root
+ image: &manila_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ]
+ net: host
+ detach: false
+ volumes:
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
+ step_4:
+ manila_api:
+ image: *manila_api_image
+ net: host
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/log/containers/manila:/var/log/manila
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: Create persistent manila logs directory
+ file:
+ path: /var/log/containers/manila
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable manila_api service
+ tags: step2
+ service: name=openstack-manila-api state=stopped enabled=no
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-l3-agent.json:
+ /var/lib/kolla/config_files/neutron_l3_agent.json:
command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
permissions:
- path: /var/log/neutron
recurse: true
docker_config:
step_4:
- neutronl3agent:
+ neutron_l3_agent:
image:
list_join:
- '/'
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-metadata-agent.json:
+ /var/lib/kolla/config_files/neutron_metadata_agent.json:
command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
permissions:
- path: /var/log/neutron
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-openvswitch-agent.json:
+ /var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
permissions:
- path: /var/log/neutron
recurse: true
docker_config:
step_4:
- neutronovsagent:
+ neutron_ovs_agent:
image: &neutron_ovs_agent_image
list_join:
- '/'
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-compute.json:
+ /var/lib/kolla/config_files/nova_compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
permissions:
- path: /var/log/nova
docker_config:
# FIXME: run discover hosts here
step_4:
- novacompute:
+ nova_compute:
image: *nova_compute_image
net: host
privileged: true
- user: root
+ user: nova
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /dev:/dev
- /etc/iscsi:/etc/iscsi
recurse: true
docker_config:
step_5:
- novacompute:
+ nova_compute:
image:
list_join:
- '/'
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ UseTLSTransportForLiveMigration:
+ type: boolean
+ default: true
+ description: If set to true and if EnableInternalTLS is enabled, it will
+ set the libvirt URI's transport to tls and configure the
+ relevant keys for libvirt.
+
+conditions:
+
+ use_tls_for_live_migration:
+ and:
+ - equals:
+ - {get_param: EnableInternalTLS}
+ - true
+ - equals:
+ - {get_param: UseTLSTransportForLiveMigration}
+ - true
resources:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-libvirt.json:
- command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ /var/lib/kolla/config_files/nova_libvirt.json:
+ command:
+ if:
+ - use_tls_for_live_migration
+ - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+ - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
permissions:
- path: /var/log/nova
owner: nova:nova
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
-
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
- /var/log/containers/nova:/var/log/nova
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/panko-api.json:
+ /var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/panko
recurse: true
docker_config:
step_3:
- panko-init-log:
+ panko_init_log:
start_order: 0
image: *panko_image
user: root
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/panko/var/www/:/var/www/:ro
- /var/log/containers/panko:/var/log/panko
-
step_config: 'include ::tripleo::profile::base::rabbitmq'
config_image: *rabbitmq_image
volumes:
- - /var/lib/config-data/rabbitmq/etc/:/etc/
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
host_prep_tasks:
- name: create persistent directories
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+
resources:
description: Role data for the swift storage services.
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
- config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ # FIXME (cschwede): re-enable this once checks works inside containers
+ - swift::storage::all::mount_check: false
step_config: &step_config
get_attr: [SwiftStorageBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
with_items:
- /var/log/containers/swift
- /srv/node
+ - name: Format and mount devices defined in SwiftRawDisks
+ mount:
+ name: /srv/node/{{ item }}
+ src: /dev/{{ item }}
+ fstype: xfs
+ opts: noatime
+ state: mounted
+ with_items:
+ - repeat:
+ template: 'DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
upgrade_tasks:
- name: Stop and disable swift storage services
tags: step2
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Tacker service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerTackerImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ DockerTackerConfigImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ TackerBase:
+ type: ../../puppet/services/tacker.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Tacker role.
+ value:
+ service_name: {get_attr: [TackerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [TackerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [TackerBase, role_data, step_config]
+ service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: tacker
+ puppet_tags: tacker_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/tacker_api.json:
+ command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log
+ permissions:
+ - path: /var/log/tacker
+ owner: tacker:tacker
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_3:
+ tacker_init_logs:
+ start_order: 0
+ image: &tacker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/tacker:/var/log/tacker
+ command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker']
+ tacker_db_sync:
+ start_order: 1
+ image: *tacker_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/tacker/etc/:/etc/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'"
+ step_4:
+ tacker_api:
+ image: *tacker_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/tacker
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable tacker-server service
+ tags: step2
+ service: name=openstack-tacker-server state=stopped enabled=no
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/lib/config-data/zaqar/var/www/:/var/www/:ro
- - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/zaqar:/var/log/zaqar
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
--- /dev/null
+=================================
+Samples for plan-environment.yaml
+=================================
+
+The ``plan-environment.yaml`` file provides the details of the plan to be
+deployed by TripleO. Along with the details of the heat environments and
+parameters, it is also possible to provide workflow specific parameters to the
+TripleO mistral workflows. A new section ``workflow_parameters`` has been
+added to provide workflow specific parameters. This provides a clear
+separation of heat environment parameters and the workflow only parameters.
+These customized plan environment files can be provided as with ``-p`` option
+to the ``openstack overcloud deploy`` and ``openstack overcloud plan create``
+commands. The sample format to provide the workflow specific parameters::
+
+ workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ # DPDK Parameters
+ number_of_pmd_cpu_threads_per_numa_node: 2
+
+
+All the parameters specified under the workflow name will be passed as
+``user_input`` to the workflow, while invoking from the tripleoclient.
\ No newline at end of file
--- /dev/null
+version: 1.0
+
+name: overcloud
+description: >
+ Default Deployment plan
+template: overcloud.yaml
+environments:
+ - path: overcloud-resource-registry-puppet.yaml
+workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ ######### DPDK Parameters #########
+ # Specifices the minimum number of CPU threads to be allocated for DPDK
+ # PMD threads. The actual allocation will be based on network config, if
+ # the a DPDK port is associated with a numa node, then this configuration
+ # will be used, else 0.
+ number_of_pmd_cpu_threads_per_numa_node: 4
+ # Amount of memory to be configured as huge pages in percentage. Ouf the
+ # total available memory (excluding the NovaReservedHostMemory), the
+ # specified percentage of the remaining is configured as huge pages.
+ huge_page_allocation_percentage: 90
+ ######### HCI Parameters #########
+ hci_profile: default
+ hci_profile_config:
+ default:
+ average_guest_memory_size_in_mb: 2048
+ average_guest_cpu_utilization_percentage: 50
+ many_small_vms:
+ average_guest_memory_size_in_mb: 1024
+ average_guest_cpu_utilization_percentage: 20
+ few_large_vms:
+ average_guest_memory_size_in_mb: 4096
+ average_guest_cpu_utilization_percentage: 80
+ nfv_default:
+ average_guest_memory_size_in_mb: 8192
+ average_guest_cpu_utilization_percentage: 90
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ DefaultCRLURL:
+ default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+ description: URI where to get the CRL to be configured in the nodes.
+ type: string
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
+ config_settings:
+ tripleo::certmonger::ca::crl::crl_source:
+ if:
+ - internal_tls_enabled
+ - {get_param: DefaultCRLURL}
+ - null
step_config: |
include ::tripleo::profile::base::certmonger_user
default: 30
description: Delay between processing metrics.
type: number
- NumberOfStorageSacks:
- default: '128'
- description: Number of storage sacks to create.
- type: string
GnocchiPassword:
description: The password for the gnocchi service and db account.
type: string
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- gnocchi::db::sync::extra_opts:
- list_join:
- - ' '
- - - '--num-storage-sacks'
- - {get_param: NumberOfStorageSacks}
+ gnocchi::db::sync::extra_opts: ''
gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 3
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
+ InternalTLSCRLPEMFile:
+ default: '/etc/pki/CA/crl/overcloud-crl.pem'
+ type: string
+ description: Specifies the default CRL PEM file to use for revocation if
+ TLS is used for services in the internal network.
resources:
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
+ tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - nova::compute::vcpu_pin_set: NovaVcpuPinSet
+ nova::compute::reserved_host_memory: NovaReservedHostMemory
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaVcpuPinSet: {get_param: NovaVcpuPinSet}
+ NovaReservedHostMemory: {get_param: NovaReservedHostMemory}
+
outputs:
role_data:
description: Role data for the Nova Compute service.
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
- nova::compute::libvirt::manage_libvirt_services: false
nova::compute::pci_passthrough:
str_replace:
template: "JSON_PARAM"
params:
- JSON_PARAM: {get_param: NovaPCIPassthrough}
- nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
- nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
+ map_replace:
+ - map_replace:
+ - JSON_PARAM: NovaPCIPassthrough
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
PacemakerRemoteLoggingSource:
type: json
default:
proto: 'tcp'
dport:
- 3121
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
+++ /dev/null
----
-features:
- - Add support to configure number of sacks in gnocchi.
--- /dev/null
+---
+features:
+ - Added a custom plan-environment file for providing workflow specific
+ inputs for the derived parameters workflow.