+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
| swift | | X | | | X | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
-| aodh | X | | | | | |
+| aodh | X | X | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
-| ceilometer | X | | | | | |
+| ceilometer | X | X | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
-| gnocchi | X | | | | | |
+| gnocchi | rbd | swift | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
-| panko | X | | | | | |
+| panko | X | X | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
| barbican | | X | | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentIpmi
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::PankoApi
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
-- hosts: localhost
- connection: local
- tasks:
+ # Note the indentation here is required as it's joined
+ # to create a playbook in deploy-steps.j2
+
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: 'true'
- DEBUG: '{{docker_puppet_debug}}'
+ DEBUG: '{{docker_puppet_debug|default(false)}}'
when: step == "1"
changed_when: false
check_mode: no
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
+{% set update_steps_max = 6 -%}
heat_template_version: pike
- name: update_identifier
- name: bootstrap_server_id
- name: docker_puppet_debug
- config: {get_file: deploy-steps-playbook.yaml}
+ config:
+ str_replace:
+ template: |
+ - hosts: localhost
+ connection: local
+ tasks:
+ _TASKS
+ params:
+ _TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
# BEGIN service_workflow_tasks handling
connection: local
vars:
puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
- docker_puppet_script: {get_file: docker-puppet.py}
+ docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
+ type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step{{step}}_Execution
# TODO(gfidente): the following if/else condition
{% endfor %}
+
+outputs:
+ RoleConfig:
+ description: Mapping of config data for all roles
+ value:
+ deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
+ deploy_steps_playbook: |
+ - hosts: overcloud
+ tasks:
+{%- for role in roles %}
+ - include: {{role.name}}/host_prep_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+ update_steps_tasks: |
+{%- for role in roles %}
+ - include: {{role.name}}/update_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ update_steps_playbook: |
+ - hosts: overcloud
+ serial: 1
+ tasks:
+ - include: update_steps_tasks.yaml
+ with_sequence: count={{update_steps_max-1}}
+ loop_control:
+ loop_var: step
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+
# Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% include 'docker-steps.j2' %}
+{% include 'deploy-steps.j2' %}
--- /dev/null
+{% include 'deploy-steps.j2' %}
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ UpdateTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
UpgradeBatchTasks:
type: OS::Heat::Value
properties:
service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
--- /dev/null
+#!/bin/bash
+
+set -eu
+
+# whitespace (space or newline) separated list
+OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""}
+OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"}
+# this is just for compatibility with CI
+SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
+# this is the intended variable for overriding
+OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
+
+SLEEP_TIME=5
+
+function overcloud_ssh_hosts_json {
+ echo "$OVERCLOUD_HOSTS" | python -c '
+from __future__ import print_function
+import json, re, sys
+print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
+}
+
+function overcloud_ssh_key_json {
+ # we pass the contents to Mistral instead of just path, otherwise
+ # the key file would have to be readable for the mistral user
+ cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
+}
+
+function workflow_finished {
+ local execution_id="$1"
+ openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null
+}
+
+if [ -z "$OVERCLOUD_HOSTS" ]; then
+ echo 'Please set $OVERCLOUD_HOSTS'
+ exit 1
+fi
+
+echo "Starting workflow to create ssh admin on deployed servers."
+echo "SSH user: $OVERCLOUD_SSH_USER"
+echo "SSH key file: $OVERCLOUD_SSH_KEY"
+echo "Hosts: $OVERCLOUD_HOSTS"
+echo
+
+EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}"
+EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
+echo "$EXECUTION_CREATE_OUTPUT"
+EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
+
+if [ -z "$EXECUTION_ID" ]; then
+ echo "Failed to get workflow execution ID for ssh admin creation workflow"
+ exit 1
+fi
+
+echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)."
+while ! workflow_finished $EXECUTION_ID; do
+ sleep $SLEEP_TIME
+ echo -n .
+done
+
+echo "Success."
+++ /dev/null
-{% include 'docker-steps.j2' %}
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'
- - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
+ - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
data: {get_param: DockerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
+resources:
+ DockerImageUrlParts:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ host:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1]
+ data: {get_param: DockerCephDaemonImage}
+ - docker.io
+ image:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2]
+ data: {get_param: DockerCephDaemonImage}
+ - yaql:
+ expression: $.data.rightSplit(':', 1)[0]
+ data: {get_param: DockerCephDaemonImage}
+ image_tag:
+ yaql:
+ expression: $.data.rightSplit(':', 1)[1]
+ data: {get_param: DockerCephDaemonImage}
+
outputs:
role_data:
description: Role data for the Ceph base service.
ceph_common_ansible_vars:
fsid: { get_param: CephClusterFSID }
docker: true
- ceph_docker_registry:
- if:
- - custom_registry_host
- - yaql:
- expression: regex('(?:https?://)?(.*)/').split($.data)[1]
- data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- - docker.io
- ceph_docker_image:
- if:
- - custom_registry_host
- - yaql:
- expression: regex('(?:https?://)?(.*)/').split($.data)[2]
- data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]}
+ ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
+ ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]}
+ ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+ monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
- acls:
- - "u:glance:r--"
- - "u:nova:r--"
- - "u:cinder:r--"
- - "u:gnocchi:r--"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/mongodb
owner: mongodb:mongodb
- path: /var/log/mongodb
owner: mongodb:mongodb
recurse: true
+ - path: /etc/pki/tls/certs/mongodb.pem
+ owner: mongodb:mongodb
docker_config:
step_2:
mongodb:
net: host
privileged: false
volumes: &mongodb_volumes
- - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/log/containers/mongodb:/var/log/mongodb
- - /var/lib/mongodb:/var/lib/mongodb
+ list_concat:
+ - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/log/containers/mongodb:/var/log/mongodb
+ - /var/lib/mongodb:/var/lib/mongodb
+ - if:
+ - internal_tls_enabled
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
step_config: 'include ::tripleo::profile::base::database::mongodb'
config_image: *mongodb_config_image
volumes:
- - /var/lib/mongodb:/var/lib/mongodb
- - /var/log/containers/mongodb:/var/log/mongodb
+ list_concat:
+ - - /var/lib/mongodb:/var/lib/mongodb
+ - /var/log/containers/mongodb:/var/log/mongodb
+ - if:
+ - internal_tls_enabled
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
+ - null
host_prep_tasks:
- name: create persistent directories
file:
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
+ metadata_settings:
+ get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable mongodb service
tags: step2
EnableInternalTLS:
type: boolean
default: false
+ NumberOfStorageSacks:
+ default: 128
+ description: Number of storage sacks to create.
+ type: number
conditions:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
- step_3:
+ step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
net: host
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
- step_4:
+ - /etc/ceph:/etc/ceph:ro
+ command:
+ str_replace:
+ template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM'
+ params:
+ SACK_NUM: {get_param: NumberOfStorageSacks}
+ step_5:
gnocchi_api:
image: *gnocchi_api_image
net: host
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- internal_tls_enabled
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable httpd service
tags: step2
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /var/log/containers/heat:/var/log/heat
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
- nova_wsgi_enabled: false
- nova::api::service_name: '%{::nova::params::api_service_name}'
- nova::wsgi::apache_api::ssl: false
step_config: &step_config
list_join:
- "\n"
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
- command: /usr/bin/nova-api
+ command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
start_order: 2
image: *nova_api_image
net: host
- user: nova
+ user: root
privileged: true
restart: always
volumes:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
description: Port that dockerized nova migration target sshd service
binds to.
type: number
-
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
conditions:
- {get_param: UseTLSTransportForLiveMigration}
- true
+ need_libvirt_secret:
+ or:
+ - equals:
+ - {get_param: NovaEnableRbdBackend}
+ - true
+ - equals:
+ - {get_param: CinderEnableRbdBackend}
+ - true
+
resources:
ContainersCommon:
- {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
- puppet_tags: libvirtd_config,nova_config,file,exec
+ puppet_tags: libvirtd_config,nova_config,file
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
- - /etc/libvirt/secrets:/etc/libvirt/secrets
+ - /etc/libvirt:/etc/libvirt
# Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- - /etc/libvirt/qemu:/etc/libvirt/qemu
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_4:
+ if:
+ - need_libvirt_secret
+ - nova_libvirt_init_secret:
+ detach: false
+ image: {get_param: DockerNovaLibvirtImage}
+ privileged: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
+ - /etc/libvirt:/etc/libvirt
+ - /var/run/libvirt:/var/run/libvirt
+ - /var/lib/libvirt:/var/lib/libvirt
+ command:
+ - /bin/bash
+ - -c
+ - str_replace:
+ template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
+ params:
+ SECRET_UUID: {get_param: CephClusterFSID}
+ SECRET_KEY: {get_param: CephClientKey}
+ - {}
host_prep_tasks:
- name: create libvirt persistent data directories
file:
path: "{{ item }}"
state: directory
with_items:
+ - /etc/libvirt
- /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
type: string
hidden: true
default: ''
+ MysqlClustercheckPassword:
+ type: string
+ hidden: true
RoleName:
default: ''
description: Role name on which the service is applied
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Containerized service MySQL using composable services.
- 4567
- 4568
- 9200
+ -
+ if:
+ - internal_tls_enabled
+ -
+ tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
+ get_param: InternalTLSCAFile
+ - {}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path: /etc/pki/tls/certs/mysql.crt
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/mysql.key
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
docker_config:
step_1:
mysql_data_ownership:
image: *mysql_image
net: host
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
- command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+ command:
+ - 'bash'
+ - '-ec'
+ -
+ list_join:
+ - "\n"
+ - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
+ - 'kolla_start'
+ - 'mysqld_safe --skip-networking --wsrep-on=OFF &'
+ - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
+ - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
+ - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
+ - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
volumes: &mysql_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- KOLLA_BOOTSTRAP=True
# NOTE(mandre) skip wsrep cluster status check
- KOLLA_KUBERNETES=True
+ - DB_MAX_TIMEOUT=60
+ -
+ list_join:
+ - '='
+ - - 'DB_CLUSTERCHECK_PASSWORD'
+ - {get_param: MysqlClustercheckPassword}
-
list_join:
- '='
file:
path: /var/lib/mysql
state: directory
+ metadata_settings:
+ get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
+ - name: Remove clustercheck service from xinetd
+ tags: step2
+ file: state=absent path=/etc/xinetd.d/galera-monitor
+ - name: Restart xinetd service after clustercheck removal
+ tags: step2
+ service: name=xinetd state=restarted
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
-# Generated with the following on 2017-07-12T11:40:50.219622
+# Generated with the following on 2017-08-11T04:58:59.567629
#
-# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
+# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
#
parameter_defaults:
DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest
DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest
DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest
+ DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest
DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest
DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest
DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest
DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest
DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest
DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest
- DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest
+ DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest
DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest
DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest
DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest
DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest
DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest
- DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest
+ DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest
DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest
DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest
DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest
DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest
DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest
DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest
- DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest
- DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest
DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest
DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest
DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest
# Pacemaker runs on the host
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
# Services that are disabled for HA deployments with pacemaker
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml
+ OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
- OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
- OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
- OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
+ OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
-
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
- OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
# OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
-
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
- OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
- 172.16.0.251
#management:
#- 172.16.4.251
- NovaComputeIPs:
+ ComputeIPs:
# Each compute will get an IP from the lists below, first compute, first IP
internal_api:
- 172.16.2.252
resource_registry:
- # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to
- # enable docker specific logic, or is just overridding PostUpgradeSteps
- # enough (as we want to share the ansible tasks steps etc)
- OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: UPGRADE
resource_registry:
- OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml
parameter_defaults:
EnableConfigPurge: true
StackUpdateType: UPGRADE
# Use this to reset any mappings only used for upgrades after the
# update of all nodes is completed
resource_registry:
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
+ OS::TripleO::PostDeploySteps: ../common/post.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: ''
# Use this to reset any mappings only used for upgrades after the
# update of all nodes is completed
resource_registry:
- OS::TripleO::PostDeploySteps: ../puppet/post.yaml
+ OS::TripleO::PostDeploySteps: ../common/post.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: ''
--- /dev/null
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks.
+# primary role is: {{primary_role_name}}
+resource_registry:
+ # networks as defined in network_data.yaml
+ {%- for network in networks if network.enabled|default(true) %}
+ {%- if network.name != 'Tenant' %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- else %}
+ # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endif %}
+ {%- endfor %}
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip and network.enabled|default(true) %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- endfor %}
+
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
+
+{%- for role in roles %}
+ # Port assignments for the {{role.name}}
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %}
+ # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- else %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{%- endfor %}
+
+
+parameter_defaults:
+ # Enable IPv6 for Ceph.
+ CephIPv6: True
+ # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
+ CorosyncIPv6: True
+ # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
+ MongoDbIPv6: True
+ # Enable various IPv6 features in Nova.
+ NovaIPv6: True
+ # Enable IPv6 environment for RabbitMQ.
+ RabbitIPv6: True
+ # Enable IPv6 environment for Memcached.
+ MemcachedIPv6: True
+++ /dev/null
-# Enable the creation of IPv6 Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks.
-resource_registry:
- OS::TripleO::Network::External: ../network/external_v6.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml
- OS::TripleO::Network::Storage: ../network/storage_v6.yaml
- # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
- OS::TripleO::Network::Tenant: ../network/tenant.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
-parameter_defaults:
- # Enable IPv6 for Ceph.
- CephIPv6: True
- # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
- CorosyncIPv6: True
- # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
- MongoDbIPv6: True
- # Enable various IPv6 features in Nova.
- NovaIPv6: True
- # Enable IPv6 environment for RabbitMQ.
- RabbitIPv6: true
- # Enable IPv6 environment for Memcached.
- MemcachedIPv6: true
+# ******************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml
+# and define the needed networks in your custom role file.
+# ******************************************************************************
# Enable the creation of an IPv6 system management network. This
# creates a Neutron network for isolated Overcloud
# system management traffic and configures each role to
+# ***************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml
+# and define the needed networks in your custom role file.
+# ***************************************************************************
# Enable the creation of a system management network. This
# creates a Neutron network for isolated Overcloud
# system management traffic and configures each role to
# A Heat environment file which can be used to enable a
# a Neutron Nuage backend on the controller, configured via puppet
resource_registry:
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
# Override the NeutronCorePlugin to use Nuage
- OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage
parameter_defaults:
NeutronNuageNetPartitionName: 'default_name'
NeutronNuageBaseURIVersion: 'default_uri_version'
NeutronNuageCMSId: ''
UseForwardedFor: true
- NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin'
- NeutronEnableDHCPAgent: false
- NeutronServicePlugins: []
- NovaOVSBridge: 'alubr0'
- controllerExtraConfig:
+ NeutronServicePlugins: ''
+ NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini'
+ NeutronTypeDrivers: ''
+ NeutronNetworkType: ''
+ NeutronMechanismDrivers: ''
+ NeutronPluginExtensions: ''
+ NeutronFlatNetworks: ''
+ NeutronTunnelIdRanges: ''
+ NeutronNetworkVLANRanges: ''
+ NeutronVniRanges: ''
+ NovaOVSBridge: 'default_bridge'
+ NeutronMetadataProxySharedSecret: 'default'
+ InstanceNameTemplate: 'inst-%08x'
+ ControllerExtraConfig:
neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/'
# Nuage backend on the compute, configured via puppet
resource_registry:
OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
parameter_defaults:
NuageActiveController: '0.0.0.0'
NuageStandbyController: '0.0.0.0'
+ NovaOVSBridge: 'default_bridge'
+ NovaComputeLibvirtType: 'default_type'
+ NovaIPv6: False
+ NuageMetadataProxySharedSecret: 'default'
+ NuageNovaApiEndpoint: 'default_endpoint'
# ******************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml
+# DEPRECATED: Use tripleo-heat-templates/environments/storage/external-ceph.yaml
# instead.
# ******************************************************************************
# A Heat environment file which can be used to enable the
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
+ DeleteOnRHELUnregistration:
+ type: boolean
+ default: false
+ description: |
+ When true, the system profile will be deleted from the registration
+ service when the rhel-registration.yaml nested stack is deleted.
conditions:
- deployment_actions_empty:
+ unregister_on_delete:
equals:
- - {get_param: deployment_actions}
- - []
+ - {get_param: DeleteOnRHELUnregistration}
+ - true
+ update_requested:
+ equals:
+ - {get_param: UpdateOnRHELRegistration}
+ - true
resources:
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ yaql
+
RHELRegistration:
type: OS::Heat::SoftwareConfig
properties:
config: {get_resource: RHELUnregistration}
actions:
if:
- - deployment_actions_empty
+ - unregister_on_delete
+ - ['DELETE']
- []
- - ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
UpdateDeploymentAfterRHELRegistration:
type: OS::Heat::SoftwareDeployment
depends_on: RHELRegistrationDeployment
- conditions:
- update_requested: {get_param: UpdateOnRHELRegistration}
+ condition: update_requested
properties:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
log_debug "Stop and disable libvirtd service for upgrade to containers"
systemctl stop libvirtd
systemctl disable libvirtd
+ log_debug "Stop and disable openstack-nova-compute for upgrade to containers"
+ systemctl stop openstack-nova-compute
+ systemctl disable openstack-nova-compute
fi
# Apply puppet manifest to converge just right after the ${ROLE} upgrade
str_replace:
template: |
#!/bin/bash
- curl http://169.254.169.254/openstack/2012-08-10/meta_data.json -o /root/meta_data.json
mkdir -p /home/$user/.ssh
chmod 700 /home/$user/.ssh
- cat /root/meta_data.json | jq -r ".keys[0].data" > /home/$user/.ssh/authorized_keys
+ os-apply-config --key public-keys.0.openssh-key --type raw > /home/$user/.ssh/authorized_keys
chmod 600 /home/$user/.ssh/authorized_keys
chown -R $user:$user /home/$user/.ssh
params:
# This template specifies which j2 rendered templates
# should be excluded in the render process from
# tripleo-common/tripleo_common/actions/templates.py
-
+# E.g:
+# name:
+# - puppet/cephstorage-role.yaml
name:
- - puppet/controller-role.yaml
- - puppet/compute-role.yaml
- - puppet/blockstorage-role.yaml
- - puppet/objectstorage-role.yaml
- - puppet/cephstorage-role.yaml
- - network/internal_api.yaml
- - network/external.yaml
- - network/storage.yaml
- - network/storage_mgmt.yaml
- - network/tenant.yaml
- - network/management.yaml
- network/internal_api_v6.yaml
- network/external_v6.yaml
- network/storage_v6.yaml
+++ /dev/null
-heat_template_version: pike
-
-description: >
- External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ExternalNetCidr:
- default: '10.0.0.0/24'
- description: Cidr for the external network.
- type: string
- ExternalNetValueSpecs:
- default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'}
- description: Value specs for the external network.
- type: json
- ExternalNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ExternalNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- ExternalNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ExternalSubnetName:
- default: external_subnet
- description: The name of the external subnet in Neutron.
- type: string
- ExternalAllocationPools:
- default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
- description: Ip allocation pool range for the external network.
- type: json
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
-
-resources:
- ExternalNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ExternalNetAdminStateUp}
- name: {get_param: ExternalNetName}
- shared: {get_param: ExternalNetShared}
- value_specs: {get_param: ExternalNetValueSpecs}
-
- ExternalSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: ExternalNetCidr}
- enable_dhcp: {get_param: ExternalNetEnableDHCP}
- name: {get_param: ExternalSubnetName}
- network: {get_resource: ExternalNetwork}
- allocation_pools: {get_param: ExternalAllocationPools}
- gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
-
-outputs:
- OS::stack_id:
- description: Neutron external network
- value: {get_resource: ExternalNetwork}
- subnet_cidr:
- value: {get_attr: ExternalSubnet, cidr}
description: Neutron external network
value: {get_resource: ExternalNetwork}
subnet_cidr:
- value: {get_attr: ExternalSubnet, cidr}
+ value: {get_attr: [ExternalSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Internal API network. Used for most APIs, Database, RPC.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- InternalApiNetCidr:
- default: '172.16.2.0/24'
- description: Cidr for the internal API network.
- type: string
- InternalApiNetValueSpecs:
- default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'}
- description: Value specs for the internal API network.
- type: json
- InternalApiNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- InternalApiNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- InternalApiNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- InternalApiNetName:
- default: internal_api
- description: The name of the internal API network.
- type: string
- InternalApiSubnetName:
- default: internal_api_subnet
- description: The name of the internal API subnet in Neutron.
- type: string
- InternalApiAllocationPools:
- default: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
- description: Ip allocation pool range for the internal API network.
- type: json
-
-resources:
- InternalApiNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: InternalApiNetAdminStateUp}
- name: {get_param: InternalApiNetName}
- shared: {get_param: InternalApiNetShared}
- value_specs: {get_param: InternalApiNetValueSpecs}
-
- InternalApiSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: InternalApiNetCidr}
- enable_dhcp: {get_param: InternalApiNetEnableDHCP}
- name: {get_param: InternalApiSubnetName}
- network: {get_resource: InternalApiNetwork}
- allocation_pools: {get_param: InternalApiAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron internal network
- value: {get_resource: InternalApiNetwork}
- subnet_cidr:
- value: {get_attr: InternalApiSubnet, cidr}
InternalApiNetCidr:
# OpenStack uses the EUI-64 address format, which requires a /64 prefix
default: 'fd00:fd00:fd00:2000::/64'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
InternalApiNetValueSpecs:
default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'}
- description: Value specs for the internal API network.
+ description: Value specs for the internal_api network.
type: json
InternalApiNetAdminStateUp:
default: false
type: boolean
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
InternalApiSubnetName:
default: internal_api_subnet
- description: The name of the internal API subnet in Neutron.
+ description: The name of the internal_api subnet in Neutron.
type: string
InternalApiAllocationPools:
default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the internal API network.
+ description: Ip allocation pool range for the internal_api network.
type: json
IPv6AddressMode:
default: dhcpv6-stateful
description: Neutron internal network
value: {get_resource: InternalApiNetwork}
subnet_cidr:
- value: {get_attr: InternalApiSubnet, cidr}
+ value: {get_attr: [InternalApiSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Management network. System administration, SSH, DNS, NTP, etc. This network
- would usually be the default gateway for the non-controller nodes.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ManagementNetCidr:
- default: '10.0.1.0/24'
- description: Cidr for the management network.
- type: string
- ManagementNetValueSpecs:
- default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
- description: Value specs for the management network.
- type: json
- ManagementNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ManagementNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- ManagementNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- ManagementSubnetName:
- default: management_subnet
- description: The name of the management subnet in Neutron.
- type: string
- ManagementAllocationPools:
- default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
- description: Ip allocation pool range for the management network.
- type: json
- ManagementInterfaceDefaultRoute:
- default: unset
- description: The default route of the management network.
- type: string
-
-resources:
- ManagementNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ManagementNetAdminStateUp}
- name: {get_param: ManagementNetName}
- shared: {get_param: ManagementNetShared}
- value_specs: {get_param: ManagementNetValueSpecs}
-
- ManagementSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: ManagementNetCidr}
- enable_dhcp: {get_param: ManagementNetEnableDHCP}
- name: {get_param: ManagementSubnetName}
- network: {get_resource: ManagementNetwork}
- allocation_pools: {get_param: ManagementAllocationPools}
- gateway_ip: {get_param: ManagementInterfaceDefaultRoute}
-
-outputs:
- OS::stack_id:
- description: Neutron management network
- value: {get_resource: ManagementNetwork}
- subnet_cidr:
- value: {get_attr: ManagementSubnet, cidr}
description: Neutron management network
value: {get_resource: ManagementNetwork}
subnet_cidr:
- value: {get_attr: ManagementSubnet, cidr}
+ value: {get_attr: [ManagementSubnet, cidr]}
type: json
{{network.name}}NetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
{{network.name}}NetEnableDHCP:
default: false
type: boolean
{{network.name}}NetName:
default: {{network.name_lower}}
- description: The name of the {{network.name_lower}} network.
+ description: The name of the {{network.name_lower}} network.
type: string
{{network.name}}SubnetName:
default: {{network.name_lower}}_subnet
description: Ip allocation pool range for the {{network.name_lower}} network.
type: json
{{network.name}}InterfaceDefaultRoute:
- default: {{network.gateway_ip|default("not_defined")}}
+ default: {{network.gateway_ip|default('""')}}
description: default route for the {{network.name_lower}} network
type: string
{%- if network.vlan %}
description: {{network.name_lower}} network
value: {get_resource: {{network.name}}Network}
subnet_cidr:
- value: {get_attr: {{network.name}}Subnet, cidr}
-
+ value: {get_attr: [{{network.name}}Subnet, cidr]}
description: Create networks to split out Overcloud traffic
resources:
-
{%- for network in networks %}
- {{network.name}}Network:
+ {%- set network_name = network.compat_name|default(network.name) %}
+ {{network_name}}Network:
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
+ {%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}:
yaql:
- data: {get_attr: [{{network.name}}Network, subnet_cidr]}
+ data: {get_attr: [{{network_name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
{%- endfor %}
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
type: number
InternalApiNetCidr:
default: '172.16.2.0/24'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
outputs:
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
type: number
InternalApiNetCidr:
default: 'fd00:fd00:fd00:2000::/64'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
outputs:
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: '172.16.3.0/24'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Storage network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageNetCidr:
- default: '172.16.1.0/24'
- description: Cidr for the storage network.
- type: string
- StorageNetValueSpecs:
- default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'}
- description: Value specs for the storage network.
- type: json
- StorageNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- StorageNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageSubnetName:
- default: storage_subnet
- description: The name of the storage subnet in Neutron.
- type: string
- StorageAllocationPools:
- default: [{'start': '172.16.1.4', 'end': '172.16.1.250'}]
- description: Ip allocation pool range for the storage network.
- type: json
-
-resources:
- StorageNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageNetAdminStateUp}
- name: {get_param: StorageNetName}
- shared: {get_param: StorageNetShared}
- value_specs: {get_param: StorageNetValueSpecs}
-
- StorageSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: StorageNetCidr}
- enable_dhcp: {get_param: StorageNetEnableDHCP}
- name: {get_param: StorageSubnetName}
- network: {get_resource: StorageNetwork}
- allocation_pools: {get_param: StorageAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage network
- value: {get_resource: StorageNetwork}
- subnet_cidr:
- value: {get_attr: StorageSubnet, cidr}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Storage management network. Storage replication, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageMgmtNetCidr:
- default: '172.16.3.0/24'
- description: Cidr for the storage management network.
- type: string
- StorageMgmtNetValueSpecs:
- default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'}
- description: Value specs for the storage_mgmt network.
- type: json
- StorageMgmtNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageMgmtNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- StorageMgmtNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the Storage management network.
- type: string
- StorageMgmtSubnetName:
- default: storage_mgmt_subnet
- description: The name of the Storage management subnet in Neutron.
- type: string
- StorageMgmtAllocationPools:
- default: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
- description: Ip allocation pool range for the storage mgmt network.
- type: json
-
-resources:
- StorageMgmtNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageMgmtNetAdminStateUp}
- name: {get_param: StorageMgmtNetName}
- shared: {get_param: StorageMgmtNetShared}
- value_specs: {get_param: StorageMgmtNetValueSpecs}
-
- StorageMgmtSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: StorageMgmtNetCidr}
- enable_dhcp: {get_param: StorageMgmtNetEnableDHCP}
- name: {get_param: StorageMgmtSubnetName}
- network: {get_resource: StorageMgmtNetwork}
- allocation_pools: {get_param: StorageMgmtAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage management network
- value: {get_resource: StorageMgmtNetwork}
- subnet_cidr:
- value: {get_attr: StorageMgmtSubnet, cidr}
StorageMgmtNetCidr:
# OpenStack uses the EUI-64 address format, which requires a /64 prefix
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
StorageMgmtNetValueSpecs:
default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'}
type: boolean
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
StorageMgmtSubnetName:
default: storage_mgmt_subnet
- description: The name of the Storage management subnet in Neutron.
+ description: The name of the storage_mgmt subnet in Neutron.
type: string
StorageMgmtAllocationPools:
default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the storage mgmt network.
+ description: Ip allocation pool range for the storage_mgmt network.
type: json
IPv6AddressMode:
default: dhcpv6-stateful
description: Neutron storage management network
value: {get_resource: StorageMgmtNetwork}
subnet_cidr:
- value: {get_attr: StorageMgmtSubnet, cidr}
+ value: {get_attr: [StorageMgmtSubnet, cidr]}
description: Neutron storage network
value: {get_resource: StorageNetwork}
subnet_cidr:
- value: {get_attr: StorageSubnet, cidr}
+ value: {get_attr: [StorageSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Tenant network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- TenantNetCidr:
- default: '172.16.0.0/24'
- description: Cidr for the tenant network.
- type: string
- TenantNetValueSpecs:
- default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'}
- description: Value specs for the tenant network.
- type: json
- TenantNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- TenantNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- TenantNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
- TenantSubnetName:
- default: tenant_subnet
- description: The name of the tenant subnet in Neutron.
- type: string
- TenantAllocationPools:
- default: [{'start': '172.16.0.4', 'end': '172.16.0.250'}]
- description: Ip allocation pool range for the tenant network.
- type: json
-
-resources:
- TenantNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: TenantNetAdminStateUp}
- name: {get_param: TenantNetName}
- shared: {get_param: TenantNetShared}
- value_specs: {get_param: TenantNetValueSpecs}
-
- TenantSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: TenantNetCidr}
- enable_dhcp: {get_param: TenantNetEnableDHCP}
- name: {get_param: TenantSubnetName}
- network: {get_resource: TenantNetwork}
- allocation_pools: {get_param: TenantAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron tenant network
- value: {get_resource: TenantNetwork}
- subnet_cidr:
- value: {get_attr: TenantSubnet, cidr}
description: Neutron tenant network
value: {get_resource: TenantNetwork}
subnet_cidr:
- value: {get_attr: TenantSubnet, cidr}
+ value: {get_attr: [TenantSubnet, cidr]}
# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}]
# gateway_ip: gateway for the network (optional, may use parameter defaults)
# NOTE: IP-related values set parameter defaults in templates, may be overridden.
+# compat_name: for existing stack you may need to override the default transformation
+# for the resource's name.
#
# Example:
# - name Example
vip: true
ip_subnet: '172.16.2.0/24'
allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
+ compat_name: Internal
- name: Storage
vip: true
name_lower: storage
resource_registry:
OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
- OS::TripleO::PostDeploySteps: puppet/post.yaml
- OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml
+ OS::TripleO::PostDeploySteps: common/post.yaml
+ OS::TripleO::PostUpgradeSteps: common/post-upgrade.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments
OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
- OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml
+ OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml
OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
+ OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup
+
# services
OS::TripleO::Services: common/services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
+ OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml
OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml
OS::TripleO::Services::OVNDBs: OS::Heat::None
OS::TripleO::Services::OVNController: OS::Heat::None
{% if role.name != 'Compute' %}
{{role.name}}SchedulerHints:
+ description: Optional scheduler hints to pass to nova
{% else %}
NovaComputeSchedulerHints:
+ description: DEPRECATED - use ComputeSchedulerHints instead
{% endif %}
type: json
- description: Optional scheduler hints to pass to nova
default: {}
{{role.name}}Parameters:
description: >
List of server hostnames to blacklist from any triggered deployments.
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - controllerExtraConfig
- - NovaComputeExtraConfig
-
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
- {get_attr: [{{role.name}}ServiceChainRoleData, value]}
- {get_attr: [{{role.name}}MergedConfigSettings, value]}
{% endfor %}
+ RoleConfig:
+ description: The configuration workflows associated with each role
+ value: {get_attr: [AllNodesDeploySteps, RoleConfig]}
RoleNetIpMap:
description: Mapping of each network to a list of IPs for each role
value:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
+++ /dev/null
-heat_template_version: pike
-description: 'OpenStack cinder storage configured by Puppet'
-parameters:
- BlockStorageImage:
- default: overcloud-full
- type: string
- constraints:
- - custom_constraint: glance.image
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that BlockStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- BlockStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- BlockStorageIPs:
- default: {}
- type: json
- OvercloudBlockStorageFlavor:
- description: Flavor for block storage nodes to request when deploying.
- type: string
- default: baremetal
- constraints:
- - custom_constraint: nova.flavor
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- BlockStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- BlockStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
- BlockStorage:
- type: OS::TripleO::BlockStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image:
- {get_param: BlockStorageImage}
- flavor: {get_param: OvercloudBlockStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: BlockStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: BlockStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::BlockStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::BlockStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::BlockStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::BlockStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::BlockStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::BlockStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- IPPool: {get_param: BlockStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::BlockStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [BlockStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::BlockStorage::PreNetworkConfig
- properties:
- server: {get_resource: BlockStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: BlockStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
- BlockStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- BlockStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: BlockStorageUpgradeInitDeployment
- server: {get_resource: BlockStorage}
- config: {get_resource: BlockStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- BlockStorageDeployment:
- type: OS::Heat::StructuredDeployment
- depends_on: BlockStorageUpgradeInitDeployment
- properties:
- name: BlockStorageDeployment
- server: {get_resource: BlockStorage}
- config: {get_resource: BlockStorageConfig}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- # Map heat metadata into hiera datafiles
- BlockStorageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - volume_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - volume
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- volume_extraconfig: {get_param: BlockStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- volume:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: BlockStorageDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: BlockStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: BlockStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- config: {get_resource: UpdateConfig}
- server: {get_resource: BlockStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: BlockStorageDeployment
- properties:
- server: {get_resource: BlockStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [BlockStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [BlockStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [BlockStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the block storage server
- value:
- {get_resource: BlockStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [BlockStorage, os_collect_config]}
+++ /dev/null
-heat_template_version: pike
-description: 'OpenStack ceph storage node configured by Puppet'
-parameters:
- OvercloudCephStorageFlavor:
- description: Flavor for the Ceph Storage node.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- CephStorageImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that CephStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- CephStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- CephStorageIPs:
- default: {}
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- CephStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- CephStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
- CephStorage:
- type: OS::TripleO::CephStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: CephStorageImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudCephStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: CephStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: CephStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::CephStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::CephStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::CephStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::CephStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::CephStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::CephStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::CephStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::CephStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::CephStorage::PreNetworkConfig
- properties:
- server: {get_resource: CephStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: CephStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
- CephStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- CephStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: CephStorageUpgradeInitDeployment
- server: {get_resource: CephStorage}
- config: {get_resource: CephStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageDeployment:
- type: OS::Heat::StructuredDeployment
- depends_on: CephStorageUpgradeInitDeployment
- properties:
- name: CephStorageDeployment
- config: {get_resource: CephStorageConfig}
- server: {get_resource: CephStorage}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - ceph_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - ceph
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- ceph_extraconfig: {get_param: CephStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- ceph:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: CephStorageDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- CephStorageExtraConfigPre:
- depends_on: CephStorageDeployment
- type: OS::TripleO::CephStorageExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- config: {get_resource: UpdateConfig}
- server: {get_resource: CephStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: CephStorageDeployment
- properties:
- server: {get_resource: CephStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [CephStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [CephStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the ceph storage server
- value:
- {get_resource: CephStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [CephStorage, os_collect_config]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- OpenStack hypervisor node configured via Puppet.
-
-parameters:
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that NovaComputeExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudComputeFlavor:
- description: Flavor for the nova compute node
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- NovaImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- NodeIndex:
- type: number
- default: 0
- NovaComputeExtraConfig:
- default: {}
- description: |
- NovaCompute specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- NovaComputeIPs:
- default: {}
- type: json
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- NovaComputeServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- NovaComputeSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
-
-resources:
-
- NovaCompute:
- type: OS::TripleO::ComputeServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: NovaImage}
- image_update_policy:
- get_param: ImageUpdatePolicy
- flavor: {get_param: OvercloudComputeFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: NovaComputeServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: NovaComputeSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Compute::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Compute::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::Compute::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::Compute::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::Compute::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::Compute::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::Compute::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Compute::PreNetworkConfig
- properties:
- server: {get_resource: NovaCompute}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Compute::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- config: {get_resource: NetworkConfig}
- server: {get_resource: NovaCompute}
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- NovaComputeUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- NovaComputeUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: NovaComputeUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: NovaCompute}
- config: {get_resource: NovaComputeUpgradeInitConfig}
-
- NovaComputeConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - compute_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - compute
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- - nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- - midonet_data # Optionally provided by AllNodesExtraConfig
- - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- compute_extraconfig: {get_param: NovaComputeExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- compute:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- NovaComputeDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: NovaComputeUpgradeInitDeployment
- properties:
- name: NovaComputeDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: NovaComputeConfig}
- server: {get_resource: NovaCompute}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ComputeExtraConfigPre:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::ComputeExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: NovaCompute}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: NovaComputeDeployment
- properties:
- server: {get_resource: NovaCompute}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [NovaCompute, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: NovaCompute}
- condition: server_not_blacklisted
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [NovaCompute, os_collect_config]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- OpenStack controller node configured by Puppet.
-
-parameters:
- controllerExtraConfig:
- default: {}
- description: |
- Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
- type: json
- ControllerExtraConfig:
- default: {}
- description: |
- Controller specific hiera configuration data to inject into the cluster.
- type: json
- ControllerIPs:
- default: {}
- description: >
- A network mapped list of IPs to assign to Controllers in the following form:
- {
- "internal_api": ["a.b.c.d", "e.f.g.h"],
- ...
- }
- type: json
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- ExtraConfig:
- default: {}
- description: |
- Additional hieradata to inject into the cluster, note that
- ControllerExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudControlFlavor:
- description: Flavor for control nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- controllerImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- NodeIndex:
- type: number
- default: 0
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- ControllerServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- ControllerSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - controllerExtraConfig
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
-
- Controller:
- type: OS::TripleO::ControllerServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: controllerImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudControlFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: ControllerServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: ControllerSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Controller::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Controller::Ports::ExternalPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- InternalApiPort:
- type: OS::TripleO::Controller::Ports::InternalApiPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StoragePort:
- type: OS::TripleO::Controller::Ports::StoragePort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StorageMgmtPort:
- type: OS::TripleO::Controller::Ports::StorageMgmtPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- TenantPort:
- type: OS::TripleO::Controller::Ports::TenantPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- ManagementPort:
- type: OS::TripleO::Controller::Ports::ManagementPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Controller::PreNetworkConfig
- properties:
- server: {get_resource: Controller}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Controller::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: Controller}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NetworkDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: Controller}
-
- # Resource for site-specific passing of private keys/certificates
- NodeTLSData:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeTLSData
- properties:
- server: {get_resource: Controller}
- NodeIndex: {get_param: NodeIndex}
-
- ControllerUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- ControllerUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: ControllerUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: Controller}
- config: {get_resource: ControllerUpgradeInitConfig}
-
- ControllerDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: ControllerUpgradeInitDeployment
- properties:
- name: ControllerDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: ControllerConfig}
- server: {get_resource: Controller}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Map heat metadata into hiera datafiles
- ControllerConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - controller_extraconfig
- - extraconfig
- - service_configs
- - service_names
- - controller
- - bootstrap_node # provided by BootstrapNodeConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- - midonet_data #Optionally provided by AllNodesExtraConfig
- - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- controller_extraconfig:
- map_merge:
- - {get_param: controllerExtraConfig}
- - {get_param: ControllerExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- controller:
- # Misc
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ControllerExtraConfigPre:
- depends_on: ControllerDeployment
- type: OS::TripleO::ControllerExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ControllerExtraConfigPre, NodeTLSData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: Controller}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: ControllerDeployment
- properties:
- server: {get_resource: Controller}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [Controller, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description:
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [Controller, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [Controller, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: Controller}
- condition: server_not_blacklisted
- tls_key_modulus_md5:
- description: MD5 checksum of the TLS Key Modulus
- value: {get_attr: [NodeTLSData, key_modulus_md5]}
- tls_cert_modulus_md5:
- description: MD5 checksum of the TLS Certificate Modulus
- value: {get_attr: [NodeTLSData, cert_modulus_md5]}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [Controller, os_collect_config]}
parameters:
# Can be overridden via parameter_defaults in the environment
SSLCertificate:
+ default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
+++ /dev/null
-heat_template_version: pike
-description: 'OpenStack swift storage node configured by Puppet'
-parameters:
- OvercloudSwiftStorageFlavor:
- description: Flavor for Swift storage nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- SwiftStorageImage:
- default: overcloud-full
- type: string
- constraints:
- - custom_constraint: glance.image
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that ObjectStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- ObjectStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- SwiftStorageIPs:
- default: {}
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- SwiftStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- ObjectStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
-
- SwiftStorage:
- type: OS::TripleO::ObjectStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: SwiftStorageImage}
- flavor: {get_param: OvercloudSwiftStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: SwiftStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: ObjectStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::ObjectStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::SwiftStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::SwiftStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::SwiftStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::SwiftStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::SwiftStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- IPPool: {get_param: SwiftStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::ObjectStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [SwiftStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::ObjectStorage::PreNetworkConfig
- properties:
- server: {get_resource: SwiftStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: SwiftStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
-
- SwiftStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- SwiftStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: SwiftStorageUpgradeInitDeployment
- server: {get_resource: SwiftStorage}
- config: {get_resource: SwiftStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SwiftStorageHieraConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - object_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - object
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- object_extraconfig: {get_param: ObjectStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- object:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- SwiftStorageHieraDeploy:
- type: OS::Heat::StructuredDeployment
- depends_on: SwiftStorageUpgradeInitDeployment
- properties:
- name: SwiftStorageHieraDeploy
- server: {get_resource: SwiftStorage}
- config: {get_resource: SwiftStorageHieraConfig}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: SwiftStorageHieraDeploy
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: SwiftStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: SwiftStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- config: {get_resource: UpdateConfig}
- server: {get_resource: SwiftStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: SwiftStorageHieraDeploy
- properties:
- server: {get_resource: SwiftStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [SwiftStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [SwiftStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [SwiftStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the swift storage server
- value:
- {get_resource: SwiftStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [SwiftStorage, os_collect_config]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Post-upgrade configuration steps via puppet for all roles
- where upgrade is not disabled as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-resources:
-# Note the include here is the same as post.j2.yaml but the data used at
-# the time of rendering is different if any roles disable upgrades
-{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% include 'puppet-steps.j2' %}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Post-deploy configuration steps via puppet for all roles,
- as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-{% include 'puppet-steps.j2' %}
+++ /dev/null
-{% set deploy_steps_max = 6 %}
-conditions:
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}_Enabled:
- or:
- {%- for role in roles %}
- - not:
- equals:
- - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
- - ''
- - False
- {%- endfor %}
-{% endfor %}
-
-resources:
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
-{% for role in roles %}
- # {{role.name}} Role post-deploy steps
- {{role.name}}ArtifactsConfig:
- type: deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- name: {{role.name}}ArtifactsDeploy
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
-
- # Step through a series of configuration steps
-{% for step in range(1, deploy_steps_max) %}
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- depends_on:
- - WorkflowTasks_Step{{step}}_Execution
- # TODO(gfidente): the following if/else condition
- # replicates what is already defined for the
- # WorkflowTasks_StepX resource and can be remove
- # if https://bugs.launchpad.net/heat/+bug/1700569
- # is fixed.
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-{% endfor %}
-
- # Note, this should be the last step to execute configuration changes.
- # Ensure that all {{role.name}}ExtraConfigPost steps are executed
- # after all the previous deployment steps.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {%- endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- # The {{role.name}}PostConfig steps are in charge of
- # quiescing all services, i.e. in the Controller case,
- # we should run a full service reload.
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}ExtraConfigPost
- {%- endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
-
-{% endfor %}
-
-# BEGIN service_workflow_tasks handling
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}:
- type: OS::Mistral::Workflow
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on:
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
- type: direct
- tasks:
- yaql:
- expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
- data:
- {%- for role in roles %}
- - get_param: [role_data, {{role.name}}, service_workflow_tasks]
- {%- endfor %}
-
- WorkflowTasks_Step{{step}}_Execution:
- type: OS::Mistral::ExternalResource
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on: WorkflowTasks_Step{{step}}
- properties:
- actions:
- CREATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- UPDATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- always_update: true
-{% endfor %}
-# END service_workflow_tasks handling
-{# ## Some variables are set to enable rendering backwards compatible templates #}
-{# ## where a few parameter/resource names don't match the expected pattern #}
-{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
-{%- if role.name == 'Controller' -%}
- {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
-{% endif %}
+{#- ## Some variables are set to enable rendering backwards compatible templates #}
+{#- ## where a few parameter/resource names don't match the expected pattern #}
+{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
heat_template_version: pike
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
+{%- set default_flavor_name = 'baremetal' %}
+{%- if role.deprecated_param_flavor is defined %}
+ {{role.deprecated_param_flavor}}:
+ description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
+ default: {{default_flavor_name}}
+ type: string
+{%- endif %}
Overcloud{{role.name}}Flavor:
description: Flavor for the {{role.name}} node.
- default: baremetal
+ default: {{default_flavor_name}}
type: string
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.flavor
-{% endif %}
+{%- endif %}
+{%- set default_image_name = 'overcloud-full' %}
+{%- if role.deprecated_param_image is defined %}
+ {{role.deprecated_param_image}}:
+ type: string
+ default: {{default_image_name}}
+ description: DEPRECATED Use {{role.name}}Image instead
+{%- endif %}
{{role.name}}Image:
type: string
- default: overcloud-full
-{% if role.disable_constraints is not defined %}
+ default: {{default_image_name}}
+ description: The disk image file to use for the role.
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: glance.image
-{% endif %}
+{%- endif %}
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
default: default
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.keypair
-{% endif %}
+{%- endif %}
NeutronPhysicalBridge:
default: 'br-ex'
- description: An OVS bridge to create for accessing tenant networks.
+ description: An OVS bridge to create for accessing external networks.
type: string
NeutronPublicInterface:
default: nic1
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
-{%- if deprecated_extraconfig_param is defined %}
- {{deprecated_extraconfig_param}}:
+{%- if role.deprecated_param_extraconfig is defined %}
+ {{role.deprecated_param_extraconfig}}:
default: {}
description: |
DEPRECATED use {{role.name}}ExtraConfig instead
{{role.name}}IPs:
default: {}
type: json
+{%- if role.deprecated_param_ips is defined %}
+ {{role.deprecated_param_ips}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}IPs instead
+ type: json
+{%- endif %}
NetworkDeploymentActions:
type: comma_delimited_list
description: >
role-specific and is merged with the values given to the ServerMetadata
parameter.
type: json
+{%- if role.deprecated_param_metadata is defined %}
+ {{role.deprecated_param_metadata}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}ServerMetadata instead
+ type: json
+{%- endif %}
ServerMetadata:
default: {}
description: >
type: json
description: Optional scheduler hints to pass to nova
default: {}
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ {{role.deprecated_param_scheduler_hints}}:
+ type: json
+ description: DEPRECATED - use {{role.name}}SchedulerHints instead
+ default: {}
+{%- endif %}
NodeIndex:
type: number
default: 0
object: 0
default: {}
-{% if deprecated_extraconfig_param is defined %}
+{% if role.uses_deprecated_params is defined %}
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- - {{deprecated_extraconfig_param}}
+{%- for property in role %}
+{%- if property.startswith('deprecated_param_') %}
+ - {{role[property]}}
+{%- endif %}
+{%- endfor %}
{%- endif %}
conditions:
- DeploymentSwiftDataMap
- {get_param: Hostname}
- ""
+{%- if role.deprecated_param_image is defined %}
+ deprecated_param_image_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_image}}}
+ - {{default_image_name}}
+{%- endif %}
+{%- if role.deprecated_param_flavor is defined %}
+ deprecated_param_flavor_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {{default_flavor_name}}
+{%- endif %}
resources:
- {{role.name}}:
+ {{server_resource_name}}:
type: OS::TripleO::{{role.name}}Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
splay: {get_param: ConfigCollectSplay}
properties:
- image: {get_param: {{role.name}}Image}
+ image:
+{%- if role.deprecated_param_image is defined %}
+ if:
+ - deprecated_param_image_set
+ - {get_param: {{role.deprecated_param_image}}}
+ - {get_param: {{role.name}}Image}
+{%- else %}
+ get_param: {{role.name}}Image
+{%- endif %}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Overcloud{{role.name}}Flavor}
+ flavor:
+{%- if role.deprecated_param_flavor is defined %}
+ if:
+ - deprecated_param_flavor_set
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {get_param: Overcloud{{role.name}}Flavor}
+{%- else %}
+ get_param: Overcloud{{role.name}}Flavor
+{%- endif %}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
metadata:
map_merge:
- {get_param: ServerMetadata}
+{%- if role.deprecated_param_metadata is defined %}
+ - {get_param: {{role.deprecated_param_metadata}}}
+{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: {{role.name}}SchedulerHints}
+ scheduler_hints:
+ map_merge:
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ - {get_param: {{role.deprecated_param_scheduler_hints}}}
+{%- endif %}
+ - {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
{{network.name}}Port:
type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
properties:
- ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role.name}}IPs}
+ ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
+ IPPool:
+ map_merge:
+{%- if role.deprecated_param_ips is defined %}
+ - {get_param: {{role.deprecated_param_ips}}}
+{%- endif %}
+ - {get_param: {{role.name}}IPs}
NodeIndex: {get_param: NodeIndex}
{%- endfor %}
NetworkConfig:
type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
{%- endfor %}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
internal_api:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
storage:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
storage_mgmt:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
tenant:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
management:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
ctlplane:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
PreNetworkConfig:
type: OS::TripleO::{{role.name}}::PreNetworkConfig
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
deployment_actions: {get_attr: [DeploymentActions, value]}
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
- {get_param: NetworkDeploymentActions}
- []
- {{role.name}}UpgradeInitConfig:
+ {{server_resource_name}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
# Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- {{role.name}}UpgradeInitDeployment:
+ {{server_resource_name}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
properties:
- name: {{role.name}}UpgradeInitDeployment
- server: {get_resource: {{role.name}}}
- config: {get_resource: {{role.name}}UpgradeInitConfig}
+ name: {{server_resource_name}}UpgradeInitDeployment
+ server: {get_resource: {{server_resource_name}}}
+ config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
actions:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Deployment:
+ {{server_resource_name}}Deployment:
type: OS::Heat::StructuredDeployment
- depends_on: {{role.name}}UpgradeInitDeployment
+ depends_on: {{server_resource_name}}UpgradeInitDeployment
properties:
- name: {{role.name}}Deployment
- config: {get_resource: {{role.name}}Config}
- server: {get_resource: {{role.name}}}
+ name: {{server_resource_name}}Deployment
+ config: {get_resource: {{server_resource_name}}Config}
+ server: {get_resource: {{server_resource_name}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
actions:
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Config:
+ {{server_resource_name}}Config:
type: OS::Heat::StructuredConfig
properties:
group: hiera
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
+ # The following are required for compatibility with the Controller role
+ # where some vendor integrations added hieradata via ExtraConfigPre
+ - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.name.lower()}}_extraconfig:
map_merge:
-{%- if deprecated_extraconfig_param is defined %}
- - {get_param: {{deprecated_extraconfig_param}}}
+{%- if role.deprecated_param_extraconfig is defined %}
+ - {get_param: {{role.deprecated_param_extraconfig}}}
{%- endif %}
- - {get_param: {{role.name}}ExtraConfig}
+ - {get_param: {{server_resource_name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
- {%- if 'primary' in role.tags and 'controller' in role.tags %}
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- {%- endif -%}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
{%- if 'primary' in role.tags and 'controller' in role.tags %}
# Resource for site-specific passing of private keys/certificates
depends_on: NodeTLSCAData
type: OS::TripleO::NodeTLSData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
NodeIndex: {get_param: NodeIndex}
{%- endif -%}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
type: OS::TripleO::{{role.name}}ExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
input_values:
update_identifier:
get_param: UpdateIdentifier
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
- value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
hostname:
description: Hostname of the server
- value: {get_attr: [{{role.name}}, name]}
+ value: {get_attr: [{{server_resource_name}}, name]}
hostname_map:
description: Mapping of network names to hostnames
value:
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
known_hosts_entry:
description: Entry for ssh known hosts
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for {{role.name}} server
value:
- {get_resource: {{role.name}}}
+ {get_resource: {{server_resource_name}}}
condition: server_not_blacklisted
deployed_server_port_map:
description: |
map_replace:
- hostname:
fixed_ips:
- - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
- keys:
hostname:
list_join:
container:
str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 5
object:
str_split:
- '?'
- str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 6
- 0
- keys: {hostname: {get_param: Hostname}}
{%- endif %}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [{{role.name}}, os_collect_config]}
+ value: {get_attr: [{{server_resource_name}}, os_collect_config]}
{%- for network in networks %}
{{network.name_lower|default(network.name.lower())}}_ip_address:
description: IP address of the server in the {{network.name}} network
upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
step, "step2" for the second, etc.
- Steps/tages correlate to the following:
+ Steps/tags correlate to the following:
1) Stop all control-plane services.
puppet which does any reconfiguration required for the new version, then starts
the services.
+Update Steps
+------------
+
+Each service template may optionally define a `update_tasks` key, which is a
+list of ansible tasks to be performed during the minor update process.
+
+Similar to the upgrade_tasks, we allow a series of steps for the per-service
+update sequence, but note update_task selects the steps via a conditional
+referencing the step variable e.g when: step == 2, which is different to the
+tags based approach used for upgrade_tasks (the two may be aligned in future).
+
+
Nova Server Metadata Settings
-----------------------------
EnableInternalTLS:
type: boolean
default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
generate_service_certificates: true
mongodb::server::ssl: true
mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
mongodb_certificate_specs:
service_pem: '/etc/pki/tls/certs/mongodb.pem'
service_certificate: '/etc/pki/tls/certs/mongodb.crt'
tags: step3
yum: name=redis state=latest
when: redis_enabled.rc != 0
+ - name: Start redis service
+ tags: step4
+ service: name=redis state=started
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
outputs:
role_data:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
+ SSLCertificate:
+ default: ''
+ description: >
+ The content of the SSL certificate (without Key) in PEM format.
+ type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
+conditions:
+
+ public_tls_enabled:
+ not:
+ equals:
+ - {get_param: SSLCertificate}
+ - ""
+
resources:
HAProxyPublicTLS:
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- - get_attr: [HAProxyPublicTLS, role_data, config_settings]
- - get_attr: [HAProxyInternalTLS, role_data, config_settings]
- tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
+ - if:
+ - public_tls_enabled
+ - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
+ - {}
+ - get_attr: [HAProxyPublicTLS, role_data, config_settings]
+ - get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
Cron to purge expired tokens - Week Day
default: '*'
KeystoneCronTokenFlushMaxDelay:
- type: string
+ type: number
description: >
Cron to purge expired tokens - Max Delay
- default: '0'
+ default: 0
KeystoneCronTokenFlushDestination:
type: string
description: >
networks, neutron uses this value without modification. For overlay
networks such as VXLAN, neutron automatically subtracts the overlay
protocol overhead from this value.
+ NeutronDBSyncExtraParams:
+ default: ''
+ description: |
+ String of extra command line parameters to append to the neutron-db-manage
+ upgrade head command.
+ type: string
ServiceData:
default: {}
description: Dictionary packing service data
neutron::db::database_max_retries: -1
neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
+ neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams}
- if:
- dhcp_agents_zero
- {}
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron ML2/Nuage plugin configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # Config specific parameters, to be provided via parameter_defaults
+ NeutronNuageNetPartitionName:
+ description: Specifies the title that you will see on the VSD
+ type: string
+ default: 'default_name'
+
+ NeutronNuageVSDIp:
+ description: IP address and port of the Virtual Services Directory
+ type: string
+
+ NeutronNuageVSDUsername:
+ description: Username to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDPassword:
+ description: Password to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDOrganization:
+ description: Organization parameter required to log into VSD
+ type: string
+ default: 'organization'
+
+ NeutronNuageBaseURIVersion:
+ description: URI version to be used based on the VSD release
+ type: string
+ default: 'default_uri_version'
+
+ NeutronNuageCMSId:
+ description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD
+ type: string
+
+ UseForwardedFor:
+ description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
+ type: boolean
+ default: false
+
+resources:
+
+ NeutronML2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/Nuage plugin
+ value:
+ service_name: neutron_plugin_ml2_nuage
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronML2Base, role_data, config_settings]
+ - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
+ neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
+ neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
+ neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization}
+ neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
+ neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
+ nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::ml2
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
+ NeutronFirewallDriver:
+ description: Firewall driver for realizing neutron security group function
+ type: string
+ default: 'openvswitch'
resources:
NeutronBase:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
tripleo::profile::base::nova::migration::client::libvirt_enabled: true
description: The authkey for the pacemaker remote service.
hidden: true
default: ''
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
tripleo::fencing::config: {get_param: FencingConfig}
enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+ pacemaker::corosync::manage_fw: false
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
- name: Update all packages
tags: step3
yum: name=* state=latest
+ update_tasks:
+ - name: Update all packages
+ yum: name=* state=latest
+ when: step == "3"
--- /dev/null
+---
+deprecations:
+ - |
+ The following parameters are deprecated for the Compute role:
+ NovaComputeSchedulerHints - use ComputeSchedulerHints instead
+ NovaComputeServerMetadata - use ComputeServerMetadata instead
+ NovaComputeExtraConfig - use ComputeExtraConfig instead
+ NovaComputeIPs - use ComputeIPs instead
+ NovaImage - Use OvercloudComputeImage instead
--- /dev/null
+---
+deprecations:
+ - |
+ The following parameters are deprecated for the Controller role:
+ controllerExtraConfig - Use ControllerExtraConfig instead,
+ OvercloudControlFlavor - Use OvercloudControllerFlavor instead,
+ controllerImage - use ControllerImage instead.
+
--- /dev/null
+---
+deprecations:
+ - |
+ Both environments/network-management.yaml and environments/network-management-v6.yaml
+ are now deprecated in favor of specifying the needed networks on each role.
--- /dev/null
+---
+fixes:
+ - Don't unregister systems from the portal/satellite
+ when deleting from Heat. There are several reasons why
+ it's compelling to fix this behavior. See
+ https://bugs.launchpad.net/tripleo/+bug/1710144
+ for full information. The previous behavior can be triggered
+ by setting the DeleteOnRHELUnregistration parameter to "true".
--- /dev/null
+---
+fixes:
+ - |
+ Fix Heat condition for RHEL registration yum update
+ There were 2 problems with this condition making the
+ rhel-registration.yaml template broken: "conditions" should be "condition"
+ and the condition should refer to just a condition name defined in the
+ "conditions:" section of the template. See
+ https://bugs.launchpad.net/tripleo/+bug/1709916
--- /dev/null
+---
+deprecations:
+ - |
+ The following parameters are deprecated for the ObjectStorage role:
+ SwiftStorageServerMetadata - use ObjectStorageServerMetadata instead
+ SwiftStorageIPs - use ObjectStorageIPs instead
+ SwiftStorageImage - Use ObjectStorageImage instead
+ OvercloudSwiftStorageFlavor - Use OvercloudObjectStorageFlavor instead
--- /dev/null
+---
+deprecations:
+ - |
+ The static role definitions contained a number of conflicting parameters
+ which require special handling to convert to dynamic template generation.
+ In the future, these parameters will be removed. If a role requires one
+ of these deprecated parameters, then it will be defined in the role
+ definition in a property named "deprecated_param_<name>". If the role has one
+ or more deprecated parameters, then "uses_deprecated_params" should be
+ set to True as well. This will enable creation of a parameter_group
+ containing the deprecated parameters in the role definition, which will enable
+ warning users if they use deprecated parameters on deployment.
+upgrade:
+ - |
+ For deployments where a custom roles_data file is used, it should be rebased
+ against the default roles_data.yaml, as several additional items, e.g to
+ specify deprecated parameter names for some of the default roles, have been
+ added. Alternatively you can regenerate your roles_data using the new
+ overcloud roles generate command, so that the updated role definitions in
+ /usr/share/openstack-tripleo-heat-templates/roles are used, which include
+ the necessary additional data.
- Tenant
- Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_image: 'NovaImage'
+ deprecated_param_extraconfig: 'NovaComputeExtraConfig'
+ deprecated_param_metadata: 'NovaComputeServerMetadata'
+ deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints'
+ deprecated_param_ips: 'NovaComputeIPs'
+ deprecated_server_resource_name: 'NovaCompute'
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_extraconfig: 'controllerExtraConfig'
+ deprecated_param_flavor: 'OvercloudControlFlavor'
+ deprecated_param_image: 'controllerImage'
ServicesDefault:
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- InternalApi
- Storage
- StorageMgmt
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_metadata: 'SwiftStorageServerMetadata'
+ deprecated_param_ips: 'SwiftStorageIPs'
+ deprecated_param_image: 'SwiftStorageImage'
+ deprecated_param_flavor: 'OvercloudSwiftStorageFlavor'
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_extraconfig: 'controllerExtraConfig'
+ deprecated_param_flavor: 'OvercloudControlFlavor'
+ deprecated_param_image: 'controllerImage'
ServicesDefault:
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- Tenant
- Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_image: 'NovaImage'
+ deprecated_param_extraconfig: 'NovaComputeExtraConfig'
+ deprecated_param_metadata: 'NovaComputeServerMetadata'
+ deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints'
+ deprecated_param_ips: 'NovaComputeIPs'
+ deprecated_server_resource_name: 'NovaCompute'
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- InternalApi
- Storage
- StorageMgmt
+ # Deprecated & backward-compatible values (FIXME: Make parameters consistent)
+ # Set uses_deprecated_params to True if any deprecated params are used.
+ uses_deprecated_params: True
+ deprecated_param_metadata: 'SwiftStorageServerMetadata'
+ deprecated_param_ips: 'SwiftStorageIPs'
+ deprecated_param_image: 'SwiftStorageImage'
+ deprecated_param_flavor: 'OvercloudSwiftStorageFlavor'
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
Code Review / apex-tripleo-heat-templates.git / commitdiff