# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
+libssl-dev [platform:dpkg]
+openssl-devel [platform:rpm]
description: Enables Neutron BGPVPN Service Plugin
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/services/neutron-lbaasv2.yaml
+ title: Neutron LBaaSv2 Service Plugin
+ description: Enables Neutron LBaaSv2 Service Plugin and Agent
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-bigswitch.yaml
title: BigSwitch Extensions
description: >
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Software Config to drive validations that occur on all nodes.
+ Note, you need the heat-config-script element built into your
+ images, due to the script group below.
+
+ This implementation of the validations is a noop that always reports success.
+
+parameters:
+ PingTestIps:
+ default: ''
+ description: A string containing a space separated list of IP addresses used to ping test each available network interface.
+ type: string
+ ValidateFqdn:
+ default: false
+ description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
+ type: boolean
+ ValidateNtp:
+ default: true
+ description: Validation to ensure at least one time source is accessible.
+ type: boolean
+
+resources:
+ AllNodesValidationsImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: ping_test_ips
+ default: {get_param: PingTestIps}
+ - name: validate_fqdn
+ default: {get_param: ValidateFqdn}
+ - name: validate_ntp
+ default: {get_param: ValidateNtp}
+ config: |
+ #!/bin/bash
+ exit 0
+
+outputs:
+ OS::stack_id:
+ description: The ID of the AllNodesValidationsImpl resource.
+ value: {get_resource: AllNodesValidationsImpl}
--- /dev/null
+This directory contains environments that are used in tripleo-ci. They may change from
+release to release or within a release, and should not be relied upon in a production
+environment. The top-level ``environments`` directory in tripleo-heat-templates
+contains the production-ready environment files.
--- /dev/null
+parameter_defaults:
+ CephPoolDefaultSize: 1
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
ceph::profile::params::osd_max_object_namespace_len: 64
SwiftCeilometerPipelineEnabled: False
Debug: True
+ NotificationDriver: 'noop'
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
ceph::profile::params::osd_max_object_namespace_len: 64
SwiftCeilometerPipelineEnabled: False
Debug: True
+ NotificationDriver: 'noop'
heat::rpc_response_timeout: 600
SwiftCeilometerPipelineEnabled: False
Debug: True
+ NotificationDriver: 'noop'
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
- OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
- OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
- OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
- OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
+ OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
+ OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
+ OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
+ OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
+ # TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
- OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
+ OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
SwiftCeilometerPipelineEnabled: false
+ NotificationDriver: 'noop'
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
SwiftCeilometerPipelineEnabled: false
+ NotificationDriver: 'noop'
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
GlanceBackend: 'file'
KeystoneTokenProvider: 'fernet'
SwiftCeilometerPipelineEnabled: false
+ NotificationDriver: 'noop'
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
GlanceBackend: 'file'
KeystoneTokenProvider: 'fernet'
SwiftCeilometerPipelineEnabled: false
+ NotificationDriver: 'noop'
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
SwiftCeilometerPipelineEnabled: false
NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+ NotificationDriver: 'noop'
OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
+ NotificationDriver: 'noop'
--- /dev/null
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
+ OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
+ OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
+ OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+
+ Debug: true
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
+ # we don't deploy Swift so we switch to file backend.
+ GlanceBackend: 'file'
+ IronicCleaningDiskErase: 'metadata'
+ NotificationDriver: 'noop'
+++ /dev/null
-This will contain some common templates but it needs to be added to the RPM spec first
description: |
List nested stack service templates.
type: comma_delimited_list
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
resources: {get_param: Services}
concurrent: true
resource_properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
DefaultPasswords: {get_param: DefaultPasswords}
--- /dev/null
+heat_template_version: pike
+
+parameters:
+ RoleCounts:
+ type: json
+ default: {}
+ VipMap:
+ type: json
+ default: {}
+ DeployedServerPortMap:
+ type: json
+ default: {}
+ DeployedServerDeploymentSwiftDataMap:
+ type: json
+ default: {}
+ DefaultRouteIp:
+ type: string
+ default: 192.168.24.1
+
+resources:
+
+ DeployedServerPortMapParameter:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ DeployedServerPortMap:
+ map_merge:
+ - {get_param: DeployedServerPortMap}
+ - control_virtual_ip:
+ fixed_ips:
+ - ip_address: {get_param: [VipMap, ctlplane]}
+ - redis_virtual_ip:
+ fixed_ips:
+ - ip_address: {get_param: [VipMap, redis]}
+
+ ResourceRegistry:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ OS::TripleO::DeployedServer::ControlPlanePort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
+ OS::TripleO::Network::Ports::ControlPlaneVipPort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
+
+ DeployedServerEnvironment:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ resource_registry:
+ {get_attr: [ResourceRegistry, value]}
+ parameter_defaults:
+ map_merge:
+ - {get_attr: [DeployedServerPortMapParameter, value]}
+ - DeploymentSwiftDataMap: {get_param: DeployedServerDeploymentSwiftDataMap}
+ - EC2MetadataIp: {get_param: DefaultRouteIp}
+ - ControlPlaneDefaultRoute: {get_param: DefaultRouteIp}
+ - {get_param: RoleCounts}
+
+outputs:
+ deployed_server_environment:
+ description:
+ Environment data that can be used as input into the services stack when
+ using split-stack.
+ value: {get_attr: [DeployedServerEnvironment, value]}
- name: Write the config_step hieradata
copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
- name: Run puppet host configuration for step {{step}}
- # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3
- # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp
+ command: >-
+ puppet apply
+ --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ --logdest syslog --color=false
+ /var/lib/tripleo-config/puppet_step_config.pp
+ changed_when: false
+ check_mode: no
+ register: outputs
+ failed_when: false
+ no_log: true
+ - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
+ when: outputs is defined
+ failed_when: outputs|failed
######################################
# Generate config via docker-puppet.py
######################################
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: 'true'
+ DEBUG: '{{docker_puppet_debug}}'
when: step == "1"
changed_when: false
check_mode: no
+ register: outputs
+ failed_when: false
+ no_log: true
+ - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
+ when: outputs is defined
+ failed_when: outputs|failed
##################################################
# Per step starting of the containers using paunch
##################################################
# the *step_n.json with a hash of the generated external config added
# This acts as a salt to enable restarting the container if config changes
- name: Start containers for step {{step}}
- command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+ command: >-
+ paunch --debug apply
+ --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
+ --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
when: docker_config_json.stat.exists
changed_when: false
check_mode: no
+ register: outputs
+ failed_when: false
+ no_log: true
+ - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
+ when: outputs is defined
+ failed_when: outputs|failed
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
when: deploy_server_id == bootstrap_server_id
changed_when: false
check_mode: no
+ register: outputs
+ failed_when: false
+ no_log: true
+ - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
+ when: outputs is defined
+ failed_when: outputs|failed
import tempfile
import multiprocessing
-log = logging.getLogger()
-log.setLevel(logging.DEBUG)
-ch = logging.StreamHandler(sys.stdout)
-ch.setLevel(logging.DEBUG)
-formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s')
-ch.setFormatter(formatter)
-log.addHandler(ch)
+logger = None
+
+def get_logger():
+ global logger
+ if logger is None:
+ logger = logging.getLogger()
+ ch = logging.StreamHandler(sys.stdout)
+ if os.environ.get('DEBUG', False):
+ logger.setLevel(logging.DEBUG)
+ ch.setLevel(logging.DEBUG)
+ else:
+ logger.setLevel(logging.INFO)
+ ch.setLevel(logging.INFO)
+ formatter = logging.Formatter('%(asctime)s %(levelname)s: '
+ '%(process)s -- %(message)s')
+ ch.setFormatter(formatter)
+ logger.addHandler(ch)
+ return logger
+
# this is to match what we do in deployed-server
def short_hostname():
process_count = int(os.environ.get('PROCESS_COUNT',
multiprocessing.cpu_count()))
-
+log = get_logger()
log.info('Running docker-puppet')
config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json')
log.debug('CONFIG: %s' % config_file)
if not manifest or not config_image:
continue
- log.debug('config_volume %s' % config_volume)
- log.debug('puppet_tags %s' % puppet_tags)
- log.debug('manifest %s' % manifest)
- log.debug('config_image %s' % config_image)
- log.debug('volumes %s' % volumes)
+ log.info('config_volume %s' % config_volume)
+ log.info('puppet_tags %s' % puppet_tags)
+ log.info('manifest %s' % manifest)
+ log.info('config_image %s' % config_image)
+ log.info('volumes %s' % volumes)
# We key off of config volume for all configs.
if config_volume in configs:
# Append puppet tags and manifest.
log.info('Service compilation completed.')
def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)):
-
+ log = get_logger()
+ log.info('Started processing puppet configs')
log.debug('config_volume %s' % config_volume)
log.debug('puppet_tags %s' % puppet_tags)
log.debug('manifest %s' % manifest)
TAGS="--tags \"$PUPPET_TAGS\""
fi
- # workaround LP1696283
- mkdir -p /etc/ssh
- touch /etc/ssh/ssh_known_hosts
+ # Create a reference timestamp to easily find all files touched by
+ # puppet. The sync ensures we get all the files we want due to
+ # different timestamp.
+ touch /tmp/the_origin_of_time
+ sync
- FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp
+ FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \
+ --color=false --logdest syslog $TAGS /etc/config.pp
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
- archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www")
+ archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron")
rsync_srcs=""
for d in "${archivedirs[@]}"; do
if [ -d "$d" ]; then
# This is useful for debugging
mkdir -p /var/lib/config-data/puppet-generated/${NAME}
rsync -a -R -0 --delay-updates --delete-after \
- --files-from=<(find $rsync_srcs -newer /etc/ssh/ssh_known_hosts -print0) \
+ --files-from=<(find $rsync_srcs -newer /tmp/the_origin_of_time -not -path '/etc/puppet*' -print0) \
/ /var/lib/config-data/puppet-generated/${NAME}
# Write a checksum of the config-data dir, this is used as a
# salt to trigger container restart when the config changes
- tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
+ tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
fi
""")
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
+ # Syslog socket for puppet logs
+ '--volume', '/dev/log:/dev/log',
# OpenSSL trusted CA injection
'--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro',
'--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro',
subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, env=env)
cmd_stdout, cmd_stderr = subproc.communicate()
- if cmd_stdout:
- log.debug(cmd_stdout)
- if cmd_stderr:
- log.debug(cmd_stderr)
if subproc.returncode != 0:
log.error('Failed running docker-puppet.py for %s' % config_volume)
+ if cmd_stdout:
+ log.error(cmd_stdout)
+ if cmd_stderr:
+ log.error(cmd_stderr)
else:
+ if cmd_stdout:
+ log.debug(cmd_stdout)
+ if cmd_stderr:
+ log.debug(cmd_stderr)
# only delete successful runs, for debugging
rm_container('docker-puppet-%s' % config_volume)
+
+ log.info('Finished processing puppet configs')
return subproc.returncode
# Holds all the information for each process to consume.
volumes = service[4] if len(service) > 4 else []
if puppet_tags:
- puppet_tags = "file,file_line,concat,augeas,%s" % puppet_tags
+ puppet_tags = "file,file_line,concat,augeas,cron,%s" % puppet_tags
else:
- puppet_tags = "file,file_line,concat,augeas"
+ puppet_tags = "file,file_line,concat,augeas,cron"
process_map.append([config_volume, puppet_tags, manifest, config_image, volumes])
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DockerPuppetDebug:
+ type: string
+ default: ''
+ description: Set to True to enable debug logging with docker-puppet.py
ctlplane_service_ips:
type: json
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
- {% for role in roles %}
+ {%- for role in roles %}
- not:
equals:
- get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
- ''
- False
- {% endfor %}
+ {%- endfor %}
{% endfor %}
resources:
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
+ - name: docker_puppet_debug
config: {get_file: deploy-steps-playbook.yaml}
{%- for step in range(1, deploy_steps_max) %}
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
- {% if step == 1 %}
- {% for dep in roles %}
+ {%- if step == 1 %}
+ {%- for dep in roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
- {% endfor %}
- {% else %}
- {% for dep in roles %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
type: direct
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
- {% for role in roles %}
+ {%- for role in roles %}
- get_param: [role_data, {{role.name}}, service_workflow_tasks]
- {% endfor %}
+ {%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
type: OS::Mistral::ExternalResource
params:
env:
service_ips: { get_param: ctlplane_service_ips }
+ role_merged_configs:
+ {%- for r in roles %}
+ {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
+ {%- endfor %}
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
+ role_merged_configs:
+ {%- for r in roles %}
+ {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
+ {%- endfor %}
always_update: true
# END service_workflow_tasks handling
{% endfor %}
update_identifier: {get_param: DeployIdentifier}
{% for step in range(1, deploy_steps_max) %}
-
{{role.name}}Deployment_Step{{step}}:
type: OS::Heat::StructuredDeploymentGroup
depends_on:
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- {% if step == 1 %}
- {% for dep in roles %}
+ {%- if step == 1 %}
+ {%- for dep in roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
- {% endfor %}
- {% else %}
- {% for dep in roles %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
properties:
name: {{role.name}}Deployment_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
-
+ docker_puppet_debug: {get_param: DockerPuppetDebug}
{% endfor %}
# END CONFIG STEPS
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
- {% for dep in roles %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step5
- {% endfor %}
+ {%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
- {% for dep in roles %}
+ {%- for dep in roles %}
- {{dep.name}}ExtraConfigPost
- {% endfor %}
+ {%- endfor %}
properties:
servers: {get_param: servers}
input_values:
action='store_true',
help="""Start docker container interactively (-ti).""",
default=False)
+ parser.add_argument('-d', '--detach',
+ action='store_true',
+ help="""Start container detached.""",
+ default=False)
opts = parser.parse_args(argv[1:])
return opts
+
def docker_arg_map(key, value):
value = str(value).encode('ascii', 'ignore')
if len(value) == 0:
'net': "--net=%s" % value,
'pid': "--pid=%s" % value,
'privileged': "--privileged=%s" % value.lower(),
- #'restart': "--restart=%s" % "false",
'user': "--user=%s" % value,
'volumes': "--volume=%s" % value,
'volumes_from': "--volumes-from=%s" % value,
}.get(key, None)
+
def run_docker_container(opts, container_name):
container_found = False
if opts.user:
continue
arg = docker_arg_map(container_data,
- json_data[step][container][container_data])
+ json_data[step][container][container_data])
if arg:
cmd.append(arg)
if opts.user:
cmd.append('--user')
cmd.append(opts.user)
+ if opts.detach:
+ cmd.append('--detach')
if opts.interactive:
cmd.append('-ti')
# May as well remove it when we're done too
if not container_found:
print("Container '%s' not found!" % container_name)
+
def list_docker_containers(opts):
- print opts
with open(opts.config) as f:
json_data = json.load(f)
for step in (json_data or []):
if step is None:
continue
- print step
for container in (json_data[step] or []):
print('\tcontainer: %s' % container)
for container_data in (json_data[step][container] or []):
- #print('\t\tcontainer_data: %s' % container_data)
if container_data == "start_order":
print('\t\tstart_order: %s' % json_data[step][container][container_data])
run_docker_container(opts, opts.container)
else:
list_docker_containers(opts)
-
DockerNamespace:
type: string
default: tripleoupstream
+ description: namespace
DockerNamespaceIsRegistry:
type: boolean
default: false
* puppet_tags: Puppet resource tag names that are used to generate config
files with puppet. Only the named config resources are used to generate
a config file. Any service that specifies tags will have the default
- tags of 'file,concat,file_line,augeas' appended to the setting.
+ tags of 'file,concat,file_line,augeas,cron' appended to the setting.
Example: keystone_config
* config_volume: The name of the volume (directory) where config files
OpenStack containerized aodh service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerAodhApiImage:
description: image
- default: 'centos-binary-aodh-api:latest'
+ type: string
+ DockerAodhConfigImage:
+ description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: aodh
puppet_tags: aodh_api_paste_ini,aodh_config
step_config: *step_config
- config_image: &aodh_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
+ config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
# db sync runs before permissions set by kolla_config
step_2:
aodh_init_log:
- image: *aodh_image
+ image: &aodh_api_image {get_param: DockerAodhApiImage}
user: root
volumes:
- /var/log/containers/aodh:/var/log/aodh
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh']
step_3:
aodh_db_sync:
- image: *aodh_image
+ image: *aodh_api_image
net: host
privileged: false
detach: false
command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
step_4:
aodh_api:
- image: *aodh_image
+ image: *aodh_api_image
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/aodh/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
-
if:
OpenStack containerized Aodh Evaluator service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerAodhEvaluatorImage:
description: image
- default: 'centos-binary-aodh-evaluator:latest'
+ type: string
+ DockerAodhConfigImage:
+ description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/aodh-evaluator.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
- config_image: &aodh_evaluator_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
+ config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_evaluator.json:
command: /usr/bin/aodh-evaluator
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
docker_config:
step_4:
aodh_evaluator:
- image: *aodh_evaluator_image
+ image: {get_param: DockerAodhEvaluatorImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Aodh Listener service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerAodhListenerImage:
description: image
- default: 'centos-binary-aodh-listener:latest'
+ type: string
+ DockerAodhConfigImage:
+ description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/aodh-listener.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
- config_image: &aodh_listener_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
+ config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_listener.json:
command: /usr/bin/aodh-listener
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
docker_config:
step_4:
aodh_listener:
- image: *aodh_listener_image
+ image: {get_param: DockerAodhListenerImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Aodh Notifier service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerAodhNotifierImage:
description: image
- default: 'centos-binary-aodh-notifier:latest'
+ type: string
+ DockerAodhConfigImage:
+ description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/aodh-notifier.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
- config_image: &aodh_notifier_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
+ config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_notifier.json:
command: /usr/bin/aodh-notifier
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
docker_config:
step_4:
aodh_notifier:
- image: *aodh_notifier_image
+ image: {get_param: DockerAodhNotifierImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+ - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Ceilometer Agent Central service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCeilometerCentralImage:
description: image
- default: 'centos-binary-ceilometer-central:latest'
+ type: string
+ DockerCeilometerConfigImage:
+ description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ceilometer-agent-central.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
- config_image: &ceilometer_agent_central_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
+ config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_central.json:
command: /usr/bin/ceilometer-polling --polling-namespaces central
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
- image: *ceilometer_agent_central_image
+ image: &ceilometer_agent_central_image {get_param: DockerCeilometerCentralImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+ command:
+ - '/usr/bin/bootstrap_host_exec'
+ - 'ceilometer_agent_central'
+ - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
OpenStack containerized Ceilometer Agent Compute service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCeilometerComputeImage:
description: image
- default: 'centos-binary-ceilometer-compute:latest'
+ type: string
+ DockerCeilometerConfigImage:
+ description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ceilometer-agent-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
- config_image: &ceilometer_agent_compute_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
+ config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_compute.json:
command: /usr/bin/ceilometer-polling --polling-namespaces compute
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_4:
ceilometer_agent_compute:
- image: *ceilometer_agent_compute_image
+ image: {get_param: DockerCeilometerComputeImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/run/libvirt:/var/run/libvirt:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Ceilometer Agent Ipmi service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCeilometerIpmiImage:
description: image
- default: 'centos-binary-ceilometer-ipmi:latest'
+ type: string
+ DockerCeilometerConfigImage:
+ description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ceilometer-agent-ipmi.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
- config_image: &ceilometer_agent_ipmi_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ]
+ config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer-agent-ipmi.json:
command: /usr/bin/ceilometer-polling --polling-namespaces ipmi
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
- image: *ceilometer_agent_ipmi_image
+ image: &ceilometer_agent_ipmi_image {get_param: DockerCeilometerIpmiImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- step_5:
- ceilometer_gnocchi_upgrade:
- start_order: 1
- image: *ceilometer_agent_ipmi_image
- net: host
- detach: false
- privileged: false
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- - /var/log/containers/ceilometer:/var/log/ceilometer
- command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
upgrade_tasks:
- name: Stop and disable ceilometer agent ipmi service
tags: step2
OpenStack containerized Ceilometer Agent Notification service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCeilometerNotificationImage:
description: image
- default: 'centos-binary-ceilometer-notification:latest'
+ type: string
+ DockerCeilometerConfigImage:
+ description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ceilometer-agent-notification.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
- config_image: &ceilometer_agent_notification_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
+ config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_notification.json:
command: /usr/bin/ceilometer-agent-notification
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
- image: *ceilometer_agent_notification_image
+ image: &ceilometer_agent_notification_image {get_param: DockerCeilometerNotificationImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- step_5:
- ceilometer_gnocchi_upgrade:
- start_order: 1
- image: *ceilometer_agent_notification_image
- net: host
- detach: false
- privileged: false
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- - /var/log/containers/ceilometer:/var/log/ceilometer
- command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
upgrade_tasks:
- name: Stop and disable ceilometer agent notification service
tags: step2
OpenStack containerized Cinder API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderApiImage:
description: image
- default: 'centos-binary-cinder-api:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/cinder-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
docker_config:
step_2:
cinder_api_init_logs:
- image: &cinder_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ]
+ image: &cinder_api_image {get_param: DockerCinderApiImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro
- - /var/lib/config-data/cinder/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
-
if:
OpenStack containerized Cinder Backup service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderBackupImage:
description: image
- default: 'centos-binary-cinder-backup:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/cinder-backup.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ config_files:
+ # NOTE(mandre): the copy of ceph conf will need to go once we
+ # generate a ceph.conf for cinder in puppet
+ # Copy ceph config files before cinder ones as a precaution, for
+ # the later one to take precendence in case of duplicate files.
+ - source: "/var/lib/kolla/config_files/src-ceph/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
step_3:
cinder_backup_init_logs:
start_order: 0
- image: &cinder_backup_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ]
+ image: &cinder_backup_image {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ # FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
OpenStack containerized Cinder Scheduler service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderSchedulerImage:
description: image
- default: 'centos-binary-cinder-scheduler:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/cinder-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_scheduler.json:
command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
docker_config:
step_2:
cinder_scheduler_init_logs:
- image: &cinder_scheduler_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ]
+ image: &cinder_scheduler_image {get_param: DockerCinderSchedulerImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Cinder Volume service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderVolumeImage:
description: image
- default: 'centos-binary-cinder-volume:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
description: Role data for the Cinder Volume role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
- config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - tripleo::profile::base::lvm::enable_udev: false
step_config: &step_config
- get_attr: [CinderBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - "include ::tripleo::profile::base::lvm"
+ - get_attr: [CinderBase, role_data, step_config]
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ config_files:
+ # NOTE(mandre): the copy of ceph conf will need to go once we
+ # generate a ceph.conf for cinder in puppet
+ # Copy ceph config files before cinder ones as a precaution, for
+ # the later one to take precendence in case of duplicate files.
+ - source: "/var/lib/kolla/config_files/src-ceph/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
step_3:
cinder_volume_init_logs:
start_order: 0
- image: &cinder_volume_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ # FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
Containerized collectd service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCollectdImage:
description: image
- default: 'centos-binary-collectd:latest'
+ type: string
+ DockerCollectdConfigImage:
+ description: The container image to use for the collectd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/metrics/collectd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: collectd
puppet_tags: collectd_client_config
step_config: *step_config
- config_image: &collectd_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ]
+ config_image: {get_param: DockerCollectdConfigImage}
kolla_config:
/var/lib/kolla/config_files/collectd.json:
command: /usr/sbin/collectd -f
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/collectd
owner: collectd:collectd
docker_config:
step_3:
collectd:
- image: *collectd_image
+ image: {get_param: DockerCollectdImage}
net: host
privileged: true
restart: always
-
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro
- - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro
- - /var/log/containers/collectd:/var/log/collectd:rw
+ - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
OpenStack containerized Congress API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCongressApiImage:
description: image
- default: 'centos-binary-congress-api:latest'
type: string
DockerCongressConfigImage:
- description: image
- default: 'centos-binary-congress-api:latest'
+ description: The container image to use for the congress config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContainersCommon:
type: ./containers-common.yaml
- CongressApiBase:
+ CongressBase:
type: ../../puppet/services/congress.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
role_data:
description: Role data for the Congress API role.
value:
- service_name: {get_attr: [CongressApiBase, role_data, service_name]}
+ service_name: {get_attr: [CongressBase, role_data, service_name]}
config_settings:
map_merge:
- - get_attr: [CongressApiBase, role_data, config_settings]
+ - get_attr: [CongressBase, role_data, config_settings]
step_config: &step_config
- get_attr: [CongressApiBase, role_data, step_config]
- service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]}
+ get_attr: [CongressBase, role_data, step_config]
+ service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: congress
puppet_tags: congress_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ]
+ config_image: {get_param: DockerCongressConfigImage}
kolla_config:
/var/lib/kolla/config_files/congress_api.json:
command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/congress
owner: congress:congress
# db sync runs before permissions set by kolla_config
step_2:
congress_init_logs:
- image: &congress_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ]
+ image: &congress_api_image {get_param: DockerCongressApiImage}
privileged: false
user: root
volumes:
command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
step_3:
congress_db_sync:
- image: *congress_image
+ image: *congress_api_image
net: host
privileged: false
detach: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/congress/etc/:/etc/:ro
+ # FIXME(mandre) mounting /etc rw to workaround LP1696283
+ # This should go away anyway and mount the exact files it
+ # needs or use kolla set_configs.py
+ - /var/lib/config-data/congress/etc/:/etc/
- /var/log/containers/congress:/var/log/congress
command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
step_4:
congress_api:
start_order: 15
- image: *congress_image
+ image: *congress_api_image
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro
+ - /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/congress:/var/log/congress
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
MongoDB service deployment using puppet and docker
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMongodbImage:
description: image
- default: 'centos-binary-mongodb:latest'
+ type: string
+ DockerMongodbConfigImage:
+ description: The container image to use for the mongodb config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/database/mongodb.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: mongodb
puppet_tags: file # set this even though file is the default
step_config: *step_config
- config_image: &mongodb_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ]
+ config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage}
kolla_config:
/var/lib/kolla/config_files/mongodb.json:
command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/mongodb
owner: mongodb:mongodb
docker_config:
step_2:
mongodb:
- image: *mongodb_image
+ image: {get_param: DockerMongodbImage}
net: host
privileged: false
volumes: &mongodb_volumes
- /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro
- - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro
+ - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
config_volume: 'mongodb_init_tasks'
puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset'
step_config: 'include ::tripleo::profile::base::database::mongodb'
- config_image: *mongodb_image
+ config_image: *mongodb_config_image
volumes:
- /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb
Configuration for containerized MySQL clients
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
- DockerMysqlImage:
- description: image
- default: 'centos-binary-mariadb:latest'
+ DockerMysqlClientConfigImage:
+ description: The container image to use for the mysql_client config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: mysql_client
puppet_tags: file # set this even though file is the default
step_config: "include ::tripleo::profile::base::database::mysql::client"
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ config_image: {get_param: DockerMysqlClientConfigImage}
# no need for a docker config, this service only generates configuration files
docker_config: {}
MySQL service deployment using puppet
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMysqlImage:
description: image
- default: 'centos-binary-mariadb:latest'
+ type: string
+ DockerMysqlConfigImage:
+ description: The container image to use for the mysql config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: mysql
puppet_tags: file # set this even though file is the default
step_config: *step_config
- config_image: &mysql_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ config_image: &mysql_config_image {get_param: DockerMysqlConfigImage}
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/bin/mysqld_safe
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/mysql
owner: mysql:mysql
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
mysql_init_logs:
- image: *mysql_image
+ image: &mysql_image {get_param: DockerMysqlImage}
privileged: false
user: root
volumes:
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+ - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
config_volume: 'mysql_init_tasks'
puppet_tags: 'mysql_database,mysql_grant,mysql_user'
step_config: 'include ::tripleo::profile::base::database::mysql'
- config_image: *mysql_image
+ config_image: *mysql_config_image
volumes:
- /var/lib/mysql:/var/lib/mysql/:ro
- /var/log/containers/mysql:/var/log/mariadb
OpenStack containerized Redis services
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerRedisImage:
description: image
- default: 'centos-binary-redis:latest'
+ type: string
+ DockerRedisConfigImage:
+ description: The container image to use for the redis config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/database/redis.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
# https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
puppet_tags: 'exec'
step_config: *step_config
- config_image: &redis_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ]
+ config_image: {get_param: DockerRedisConfigImage}
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/bin/redis-server /etc/redis.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/run/redis
owner: redis:redis
redis_init_logs:
start_order: 0
detach: false
- image: *redis_image
+ image: &redis_image {get_param: DockerRedisImage}
privileged: false
user: root
volumes:
volumes:
- /run:/run
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro
+ - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/redis:/var/log/redis
environment:
OpenStack containerized EC2 API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerEc2ApiImage:
description: image
- default: 'centos-binary-ec2-api:latest'
+ type: string
+ DockerEc2ApiConfigImage:
+ description: The container image to use for the ec2_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: ec2api
+ config_volume: ec2_api
puppet_tags: ec2api_api_paste_ini,ec2api_config
step_config: *step_config
- config_image: &ec2_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ]
+ config_image: {get_param: DockerEc2ApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/ec2_api.json:
command: /usr/bin/ec2-api
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/ec2api
owner: ec2api:ec2api
recurse: true
/var/lib/kolla/config_files/ec2_api_metadata.json:
command: /usr/bin/ec2-api-metadata
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/ec2api # default log dir for metadata service as well
owner: ec2api:ec2api
# db sync runs before permissions set by kolla_config
step_2:
ec2_api_init_logs:
- image: *ec2_api_image
+ image: &ec2_api_image {get_param: DockerEc2ApiImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
+ - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api:/var/log/ec2api
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
+ - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized etcd services
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerEtcdImage:
description: image
- default: 'centos-binary-etcd:latest'
+ type: string
+ DockerEtcdConfigImage:
+ description: The container image to use for the etcd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/etcd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken}
puppet_config:
config_volume: etcd
step_config: *step_config
- config_image: &etcd_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ]
+ config_image: &etcd_config_image {get_param: DockerEtcdConfigImage}
kolla_config:
/var/lib/kolla/config_files/etcd.json:
command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/etcd
owner: etcd:etcd
docker_config:
step_2:
etcd:
- image: *etcd_image
+ image: {get_param: DockerEtcdImage}
net: host
privileged: false
restart: always
- /var/lib/etcd:/var/lib/etcd
- /etc/localtime:/etc/localtime:ro
- /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro
+ - /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
config_volume: 'etcd_init_tasks'
puppet_tags: 'etcd_key'
step_config: 'include ::tripleo::profile::base::etcd'
- config_image: *etcd_image
+ config_image: *etcd_config_image
volumes:
- /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
- /var/lib/etcd:/var/lib/etcd:ro
OpenStack Glance service configured with Puppet
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerGlanceApiImage:
description: image
- default: 'centos-binary-glance-api:latest'
+ type: string
+ DockerGlanceApiConfigImage:
+ description: The container image to use for the glance_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/glance-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: glance_api
puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
step_config: *step_config
- config_image: &glance_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
+ config_image: {get_param: DockerGlanceApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/glance_api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
step_2:
glance_init_logs:
- image: *glance_image
+ image: &glance_api_image {get_param: DockerGlanceApiImage}
privileged: false
user: root
volumes:
command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
step_3:
glance_api_db_sync:
- image: *glance_image
+ image: *glance_api_image
net: host
privileged: false
detach: false
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
+ - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
environment:
- KOLLA_BOOTSTRAP=True
map_merge:
- glance_api:
start_order: 2
- image: *glance_image
+ image: *glance_api_image
net: host
privileged: false
restart: always
- internal_tls_enabled
- glance_api_tls_proxy:
start_order: 2
- image: *glance_image
+ image: *glance_api_image
net: host
user: root
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
OpenStack containerized gnocchi service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerGnocchiApiImage:
description: image
- default: 'centos-binary-gnocchi-api:latest'
+ type: string
+ DockerGnocchiConfigImage:
+ description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: gnocchi
puppet_tags: gnocchi_api_paste_ini,gnocchi_config
step_config: *step_config
- config_image: &gnocchi_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
+ config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
# db sync runs before permissions set by kolla_config
step_2:
gnocchi_init_log:
- image: *gnocchi_image
+ image: &gnocchi_api_image {get_param: DockerGnocchiApiImage}
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
step_3:
gnocchi_db_sync:
- image: *gnocchi_image
+ image: *gnocchi_api_image
net: host
detach: false
privileged: false
command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
step_4:
gnocchi_api:
- image: *gnocchi_image
+ image: *gnocchi_api_image
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
-
if:
OpenStack containerized Gnocchi Metricd service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerGnocchiMetricdImage:
description: image
- default: 'centos-binary-gnocchi-metricd:latest'
+ type: string
+ DockerGnocchiConfigImage:
+ description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/gnocchi-metricd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: gnocchi
puppet_tags: gnocchi_config
step_config: *step_config
- config_image: &gnocchi_metricd_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ]
+ config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_metricd.json:
command: /usr/bin/gnocchi-metricd
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
docker_config:
step_4:
gnocchi_metricd:
- image: *gnocchi_metricd_image
+ image: {get_param: DockerGnocchiMetricdImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+ - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Gnocchi Statsd service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerGnocchiStatsdImage:
description: image
- default: 'centos-binary-gnocchi-statsd:latest'
+ type: string
+ DockerGnocchiConfigImage:
+ description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/gnocchi-statsd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: gnocchi
puppet_tags: gnocchi_config
step_config: *step_config
- config_image: &gnocchi_statsd_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ]
+ config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_statsd.json:
command: /usr/bin/gnocchi-statsd
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
docker_config:
step_4:
gnocchi_statsd:
- image: *gnocchi_statsd_image
+ image: {get_param: DockerGnocchiStatsdImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+ - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized HAproxy service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHAProxyImage:
description: image
- default: 'centos-binary-haproxy:latest'
type: string
+ DockerHAProxyConfigImage:
+ description: The container image to use for the haproxy config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
RedisPassword:
description: The password for Redis
type: string
type: ../../puppet/services/haproxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: haproxy
puppet_tags: haproxy_config
step_config: *step_config
- config_image: &haproxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ config_image: {get_param: DockerHAProxyConfigImage}
+ volumes: &deployed_cert_mount
+ - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_1:
haproxy:
- image: *haproxy_image
+ image: {get_param: DockerHAProxyImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/haproxy/etc/:/etc/:ro
+ - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
OpenStack containerized Heat API CFN service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHeatApiCfnImage:
description: image
- default: 'centos-binary-heat-api-cfn:latest'
type: string
# puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
- DockerHeatConfigImage:
- description: image
- default: 'centos-binary-heat-api-cfn:latest'
+ DockerHeatApiCfnConfigImage:
+ description: The container image to use for the heat_api_cfn config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/heat-api-cfn.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: heat_api_cfn
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
+ config_image: {get_param: DockerHeatApiCfnConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
docker_config:
step_4:
heat_api_cfn:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
+ image: {get_param: DockerHeatApiCfnImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
-
if:
OpenStack containerized Heat API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHeatApiImage:
description: image
- default: 'centos-binary-heat-api:latest'
type: string
# puppet needs the heat-wsgi-api binary from centos-binary-heat-api
- DockerHeatConfigImage:
- description: image
- default: 'centos-binary-heat-api:latest'
+ DockerHeatApiConfigImage:
+ description: The container image to use for the heat_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/heat-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: heat_api
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
+ config_image: {get_param: DockerHeatApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
docker_config:
step_4:
heat_api:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ]
+ image: {get_param: DockerHeatApiImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/heat_api/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
-
if:
OpenStack containerized Heat Engine service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHeatEngineImage:
description: image
- default: 'centos-binary-heat-engine:latest'
+ type: string
+ DockerHeatConfigImage:
+ description: The container image to use for the heat config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/heat-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: heat
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
- config_image: &heat_engine_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ]
+ config_image: {get_param: DockerHeatConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_engine.json:
command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
# db sync runs before permissions set by kolla_config
step_2:
heat_init_log:
- image: *heat_engine_image
+ image: &heat_engine_image {get_param: DockerHeatEngineImage}
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+ - /var/lib/config-data/puppet-generated/heat/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Horizon service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHorizonImage:
description: image
- default: 'centos-binary-horizon:latest'
+ type: string
+ DockerHorizonConfigImage:
+ description: The container image to use for the horizon config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/horizon.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: horizon
puppet_tags: horizon_config
step_config: {get_attr: [HorizonBase, role_data, step_config]}
- config_image: &horizon_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ]
+ config_image: {get_param: DockerHorizonConfigImage}
kolla_config:
/var/lib/kolla/config_files/horizon.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/horizon/
owner: apache:apache
docker_config:
step_2:
horizon_fix_perms:
- image: *horizon_image
+ image: &horizon_image {get_param: DockerHorizonImage}
user: root
# NOTE Set ownership for /var/log/horizon/horizon.log file here,
# otherwise it's created by root when generating django cache.
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro
- - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro
+ - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Ironic API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerIronicApiImage:
description: image
- default: 'centos-binary-ironic-api:latest'
type: string
- DockerIronicConfigImage:
- description: image
- default: 'centos-binary-ironic-pxe:latest'
+ DockerIronicApiConfigImage:
+ description: The container image to use for the ironic_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ironic-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: ironic
+ config_volume: ironic_api
puppet_tags: ironic_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ config_image: {get_param: DockerIronicApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/ironic
owner: ironic:ironic
# db sync runs before permissions set by kolla_config
step_2:
ironic_init_logs:
- image: &ironic_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
+ image: &ironic_api_image {get_param: DockerIronicApiImage}
privileged: false
user: root
volumes:
step_3:
ironic_db_sync:
start_order: 1
- image: *ironic_image
+ image: *ironic_api_image
net: host
privileged: false
detach: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
+ - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
start_order: 10
- image: *ironic_image
+ image: *ironic_api_image
net: host
user: root
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/ironic/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Ironic Conductor service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerIronicConductorImage:
description: image
- default: 'centos-binary-ironic-conductor:latest'
type: string
DockerIronicConfigImage:
- description: image
- default: 'centos-binary-ironic-pxe:latest'
+ description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/ironic-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: ironic
puppet_tags: ironic_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
step_4:
ironic_conductor:
start_order: 80
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ]
+ image: {get_param: DockerIronicConductorImage}
net: host
privileged: true
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+ - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
OpenStack containerized Ironic PXE service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerIronicPxeImage:
description: image
- default: 'centos-binary-ironic-pxe:latest'
type: string
DockerIronicConfigImage:
- description: image
- default: 'centos-binary-ironic-pxe:latest'
+ description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: ironic
puppet_tags: ironic_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
+ config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_pxe_http.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/ironic_pxe_tftp.json:
command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/ironic
owner: ironic:ironic
step_4:
ironic_pxe_tftp:
start_order: 90
- image: &ironic_pxe_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ]
+ image: &ironic_pxe_image {get_param: DockerIronicPxeImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- # TODO(mandre) check how docker like mounting in a bind-mounted tree
- # This directory may contain migrated data from BM
+ - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/
- # These files were generated by puppet inside the config container
- # TODO(mandre) check the mount permission (ro/rw)
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
- - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
- /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic
environment:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/ironic/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
environment:
OpenStack containerized Iscsid service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerIscsidImage:
description: image
- default: 'centos-binary-iscsid:latest'
+ type: string
+ DockerIscsidConfigImage:
+ description: The container image to use for the iscsid config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: iscsid
#puppet_tags: file
step_config: ''
- config_image: &iscsid_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ]
+ config_image: {get_param: DockerIscsidConfigImage}
kolla_config:
/var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f
step_3:
iscsid:
start_order: 2
- image: *iscsid_image
+ image: {get_param: DockerIscsidImage}
net: host
privileged: true
restart: always
when: stat_iscsid_socket.stat.exists
upgrade_tasks:
- name: stat /lib/systemd/system/iscsid.service
+ tags: step2
stat: path=/lib/systemd/system/iscsid.service
register: stat_iscsid_service
- name: Stop and disable iscsid service
service: name=iscsid state=stopped enabled=no
when: stat_iscsid_service.stat.exists
- name: stat /lib/systemd/system/iscsid.socket
+ tags: step2
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
- name: Stop and disable iscsid.socket service
OpenStack containerized Keystone service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerKeystoneImage:
description: image
- default: 'centos-binary-keystone:latest'
+ type: string
+ DockerKeystoneConfigImage:
+ description: The container image to use for the keystone config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/keystone.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: keystone
puppet_tags: keystone_config
step_config: *step_config
- config_image: &keystone_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+ config_image: &keystone_config_image {get_param: DockerKeystoneConfigImage}
kolla_config:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
step_2:
keystone_init_log:
- image: *keystone_image
+ image: &keystone_image {get_param: DockerKeystoneImage}
user: root
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
volumes:
keystone_db_sync:
image: *keystone_image
net: host
+ user: root
privileged: false
detach: false
volumes: &keystone_volumes
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/keystone/var/www/:/var/www/:ro
- - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keystone:/var/log/keystone
-
if:
keystone_bootstrap:
start_order: 3
action: exec
+ user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
docker_puppet_tasks:
config_volume: 'keystone_init_tasks'
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
step_config: 'include ::tripleo::profile::base::keystone'
- config_image: *keystone_image
+ config_image: *keystone_config_image
host_prep_tasks:
- name: create persistent logs directory
file:
OpenStack containerized Manila API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerManilaApiImage:
description: image
- default: 'centos-binary-manila-api:latest'
type: string
DockerManilaConfigImage:
- description: image
- default: 'centos-binary-manila-api:latest'
+ description: The container image to use for the manila config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/manila-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
config_volume: manila
puppet_tags: manila_config,manila_api_paste_ini
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_api.json:
command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
docker_config:
step_2:
manila_init_logs:
- image: &manila_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ]
+ image: &manila_api_image {get_param: DockerManilaApiImage}
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Manila Scheduler service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerManilaSchedulerImage:
description: image
- default: 'centos-binary-manila-scheduler:latest'
type: string
DockerManilaConfigImage:
- description: image
- default: 'centos-binary-manila-api:latest'
+ description: The container image to use for the manila config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/manila-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
config_volume: manila
puppet_tags: manila_config,manila_scheduler_paste_ini
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_scheduler.json:
command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
docker_config:
step_4:
manila_scheduler:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ]
+ image: {get_param: DockerManilaSchedulerImage}
net: host
restart: always
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila Share service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerManilaShareImage:
+ description: image
+ default: 'centos-binary-manila-share:latest'
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ default: 'centos-binary-manila-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ ManilaBase:
+ type: ../../puppet/services/manila-share.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Manila Share role.
+ value:
+ service_name: {get_attr: [ManilaBase, role_data, service_name]}
+ config_settings: {get_attr: [ManilaBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [ManilaBase, role_data, step_config]
+ service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/manila_share.json:
+ command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ # NOTE(gfidente): ceph-ansible generated
+ - source: "/var/lib/kolla/config_files/src-ceph/*"
+ dest: "/etc/ceph"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_4:
+ manila_share:
+ image: &manila_share_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ]
+ net: host
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/manila:/var/log/manila
+ - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: /var/log/containers/manila
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable manila_share service
+ tags: step2
+ service: name=openstack-manila-share state=stopped enabled=no
OpenStack containerized Memcached services
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMemcachedImage:
description: image
- default: 'centos-binary-memcached:latest'
+ type: string
+ DockerMemcachedConfigImage:
+ description: The container image to use for the memcached config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/memcached.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: 'memcached'
puppet_tags: 'file'
step_config: *step_config
- config_image: &memcached_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ]
+ config_image: {get_param: DockerMemcachedConfigImage}
kolla_config: {}
docker_config:
step_1:
memcached_init_logs:
start_order: 0
detach: false
- image: *memcached_image
+ image: &memcached_image {get_param: DockerMemcachedImage}
privileged: false
user: root
volumes:
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
# TODO(bogdando) capture memcached syslog logs from a container
command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
OpenStack containerized Mistral API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMistralApiImage:
description: image
- default: 'centos-binary-mistral-api:latest'
type: string
DockerMistralConfigImage:
- description: image
- default: 'centos-binary-mistral-api:latest'
+ description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/mistral-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_api.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
# db sync runs before permissions set by kolla_config
step_2:
mistral_init_logs:
- image: &mistral_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
+ image: &mistral_api_image {get_param: DockerMistralApiImage}
privileged: false
user: root
volumes:
step_3:
mistral_db_sync:
start_order: 0
- image: *mistral_image
+ image: *mistral_api_image
net: host
privileged: false
detach: false
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
start_order: 1
- image: *mistral_image
+ image: *mistral_api_image
net: host
privileged: false
detach: false
step_4:
mistral_api:
start_order: 15
- image: *mistral_image
+ image: *mistral_api_image
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+ - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Mistral Engine service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMistralEngineImage:
description: image
- default: 'centos-binary-mistral-engine:latest'
type: string
DockerMistralConfigImage:
- description: image
- default: 'centos-binary-mistral-api:latest'
+ description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/mistral-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_engine.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
docker_config:
step_4:
mistral_engine:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ]
+ image: {get_param: DockerMistralEngineImage}
net: host
privileged: false
restart: always
-
- /run:/run
- /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+ - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Mistral Executor service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMistralExecutorImage:
description: image
- default: 'centos-binary-mistral-executor:latest'
type: string
DockerMistralConfigImage:
- description: image
- default: 'centos-binary-mistral-api:latest'
+ description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/mistral-executor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ]
+ config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
docker_config:
step_4:
mistral_executor:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ]
+ image: {get_param: DockerMistralExecutorImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+ - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run
# FIXME: this is required in order for Nova cells
# initialization workflows on the Undercloud. Need to
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
+ - name: Check if mistral executor is deployed
+ command: systemctl is-enabled openstack-mistral-executor
+ tags: common
+ ignore_errors: True
+ register: mistral_executor_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_executor_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable mistral_executor service
tags: step2
+ when: mistral_executor_enabled.rc == 0
service: name=openstack-mistral-executor state=stopped enabled=no
OpenStack containerized Multipathd service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMultipathdImage:
description: image
- default: 'centos-binary-multipathd:latest'
+ type: string
+ DockerMultipathdConfigImage:
+ description: The container image to use for the multipathd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
config_volume: multipathd
#puppet_tags: file
step_config: ''
- config_image: &multipathd_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ]
+ config_image: {get_param: DockerMultipathdConfigImage}
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
step_3:
multipathd:
start_order: 1
- image: *multipathd_image
+ image: {get_param: DockerMultipathdImage}
net: host
privileged: true
restart: always
OpenStack containerized Neutron API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNeutronApiImage:
description: image
- default: 'centos-binary-neutron-server:latest'
type: string
- # we configure all neutron services in the same neutron
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/neutron-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: neutron
puppet_tags: neutron_config,neutron_api_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_api.json:
- command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
+ command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
neutron_init_logs:
- image: &neutron_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
+ image: &neutron_api_image {get_param: DockerNeutronApiImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_server is deployed
+ command: systemctl is-enabled neutron-server
+ tags: common
+ ignore_errors: True
+ register: neutron_server_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-server is running"
+ shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+ when: neutron_server_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_api service
tags: step2
+ when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped enabled=no
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
OpenStack containerized Neutron DHCP service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNeutronDHCPImage:
description: image
- default: 'centos-binary-neutron-dhcp-agent:latest'
type: string
- # we configure all neutron services in the same neutron
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/neutron-dhcp.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: neutron
puppet_tags: neutron_config,neutron_dhcp_agent_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_dhcp.json:
- command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
+ command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
docker_config:
step_4:
neutron_dhcp:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronDHCPImage} ]
+ image: {get_param: DockerNeutronDHCPImage}
net: host
pid: host
privileged: true
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/:/run
- /var/log/containers/neutron:/var/log/neutron
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_dhcp_agent is deployed
+ command: systemctl is-enabled neutron-dhcp-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_dhcp_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_dhcp_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_dhcp service
tags: step2
+ when: neutron_dhcp_agent_enabled.rc == 0
service: name=neutron-dhcp-agent state=stopped enabled=no
OpenStack containerized Neutron L3 agent
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNeutronL3AgentImage:
description: image
- default: 'centos-binary-neutron-l3-agent:latest'
type: string
- # we configure all neutron services in the same neutron
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/neutron-l3.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
puppet_tags: neutron_config,neutron_l3_agent_config
config_volume: neutron
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_l3_agent.json:
- command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
+ command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
docker_config:
step_4:
neutron_l3_agent:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ]
+ image: {get_param: DockerNeutronL3AgentImage}
net: host
pid: host
privileged: true
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/log/containers/neutron:/var/log/neutron
OpenStack containerized Neutron Metadata agent
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNeutronMetadataImage:
description: image
- default: 'centos-binary-neutron-metadata-agent:latest'
type: string
- # we configure all neutron services in the same neutron
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/neutron-metadata.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
puppet_tags: neutron_config,neutron_metadata_agent_config
config_volume: neutron
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_metadata_agent.json:
command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
docker_config:
step_4:
neutron_metadata_agent:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ]
+ image: {get_param: DockerNeutronMetadataImage}
net: host
pid: host
privileged: true
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/log/containers/neutron:/var/log/neutron
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_metadata_agent is deployed
+ command: systemctl is-enabled neutron-metadata-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_metadata_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_metadata_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_metadata service
tags: step2
+ when: neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped enabled=no
OpenStack Neutron openvswitch service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerOpenvswitchImage:
description: image
- default: 'centos-binary-neutron-openvswitch-agent:latest'
type: string
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/neutron-ovs-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json:
- command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+ command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
docker_config:
step_4:
neutron_ovs_agent:
- image: &neutron_ovs_agent_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
+ image: {get_param: DockerOpenvswitchImage}
net: host
pid: host
privileged: true
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/log/containers/neutron:/var/log/neutron
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNeutronConfigImage:
- description: image
- default: 'centos-binary-neutron-server:latest'
+ description: The container image to use for the neutron config_volume
type: string
DefaultPasswords:
- default: {}
type: json
RoleName:
default: ''
resources:
NeutronBase:
- type: ../../puppet/services/neutron-plugin-ml2.yaml
+ type: OS::TripleO::Docker::NeutronMl2PluginBase
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'neutron'
- puppet_tags: ''
+ puppet_tags: neutron_plugin_ml2
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ config_image: {get_param: DockerNeutronConfigImage}
kolla_config: {}
docker_config: {}
OpenStack containerized Nova API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaApiImage:
description: image
- default: 'centos-binary-nova-api:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
+ nova_wsgi_enabled: false
+ nova::api::service_name: '%{::nova::params::api_service_name}'
+ nova::wsgi::apache_api::ssl: false
step_config: &step_config
list_join:
- "\n"
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/bin/nova-api
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
# db sync runs before permissions set by kolla_config
step_2:
nova_init_logs:
- image: &nova_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
+ image: &nova_api_image {get_param: DockerNovaApiImage}
privileged: false
user: root
volumes:
net: host
detach: false
user: root
- volumes: &nova_api_volumes
+ volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
net: host
detach: false
user: root
- volumes: *nova_api_volumes
+ volumes: *nova_api_bootstrap_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
- volumes: *nova_api_volumes
+ volumes: *nova_api_bootstrap_volumes
# NOTE: allowing the exit code 2 is a dirty way of making
# this idempotent (if the resource already exists a conflict
# is raised)
image: *nova_api_image
net: host
detach: false
- volumes: *nova_api_volumes
+ volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
user: nova
privileged: true
restart: always
+ volumes: &nova_api_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ nova_api_cron:
+ image: *nova_api_image
+ net: host
+ user: root
+ privileged: true
+ restart: always
volumes: *nova_api_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: "/usr/sbin/crond -n"
step_5:
nova_api_discover_hosts:
start_order: 1
image: *nova_api_image
net: host
detach: false
- volumes: *nova_api_volumes
+ volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
host_prep_tasks:
OpenStack containerized Nova Compute service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaComputeImage:
description: image
- default: 'centos-binary-nova-compute:latest'
type: string
+ DockerNovaLibvirtConfigImage:
+ description: The container image to use for the nova_libvirt config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config: *step_config
- config_image: &nova_compute_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
+ config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
# FIXME: run discover hosts here
step_4:
nova_compute:
- image: *nova_compute_image
+ image: &nova_compute_image {get_param: DockerNovaComputeImage}
net: host
privileged: true
user: nova
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /dev:/dev
- /etc/iscsi:/etc/iscsi
- /lib/modules:/lib/modules:ro
OpenStack containerized Nova Conductor service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaConductorImage:
description: image
- default: 'centos-binary-nova-conductor:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_conductor.json:
command: /usr/bin/nova-conductor
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_4:
nova_conductor:
- image: &nova_conductor_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ]
+ image: {get_param: DockerNovaConductorImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Nova Consoleauth service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaConsoleauthImage:
description: image
- default: 'centos-binary-nova-consoleauth:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-consoleauth.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_consoleauth.json:
command: /usr/bin/nova-consoleauth
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_4:
nova_consoleauth:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ]
+ image: {get_param: DockerNovaConsoleauthImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Nova Ironic Compute service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
- DockerNovaComputeImage:
+ DockerNovaComputeIronicImage:
description: image
- default: 'centos-binary-nova-compute-ironic:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NovaIronicBase:
type: ../../puppet/services/nova-ironic.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
config_volume: nova
puppet_tags: nova_config,nova_paste_api_ini
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_ironic.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_5:
nova_compute:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
+ image: {get_param: DockerNovaComputeIronicImage}
net: host
privileged: true
user: root
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /dev:/dev
- /etc/iscsi:/etc/iscsi
OpenStack Libvirt Service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
- DockerLibvirtImage:
+ DockerNovaLibvirtImage:
description: image
- default: 'centos-binary-nova-libvirt:latest'
type: string
# we configure libvirt via the nova-compute container due to coupling
# in the puppet modules
- DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-compute:latest'
+ DockerNovaLibvirtConfigImage:
+ description: The container image to use for the nova_libvirt config_volume
type: string
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation
type: boolean
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-libvirt.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
get_attr: [NovaLibvirtBase, role_data, step_config]
puppet_config:
config_volume: nova_libvirt
- puppet_tags: nova_config
+ puppet_tags: nova_config,file,exec
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_libvirt.json:
command:
- use_tls_for_live_migration
- /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
- /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_3:
nova_libvirt:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ]
+ image: {get_param: DockerNovaLibvirtImage}
net: host
pid: host
privileged: true
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
+ - /etc/libvirt/secrets:/etc/libvirt/secrets
# Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
path: "{{ item }}"
state: directory
with_items:
+ - /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-metadata.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
OpenStack containerized Nova Placement API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaPlacementImage:
description: image
- default: 'centos-binary-nova-placement-api:latest'
+ type: string
+ DockerNovaPlacementConfigImage:
+ description: The container image to use for the nova_placement config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-placement.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova_placement
puppet_tags: nova_config
step_config: *step_config
- config_image: &nova_placement_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ]
+ config_image: {get_param: DockerNovaPlacementConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_placement.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
step_3:
nova_placement:
start_order: 1
- image: *nova_placement_image
+ image: {get_param: DockerNovaPlacementImage}
net: host
user: root
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Nova Scheduler service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaSchedulerImage:
description: image
- default: 'centos-binary-nova-scheduler:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_scheduler.json:
command: /usr/bin/nova-scheduler
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_4:
nova_scheduler:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
+ image: {get_param: DockerNovaSchedulerImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /var/log/containers/nova:/var/log/nova
environment:
OpenStack containerized Nova Vncproxy service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerNovaVncProxyImage:
description: image
- default: 'centos-binary-nova-novncproxy:latest'
type: string
DockerNovaConfigImage:
- description: image
- default: 'centos-binary-nova-base:latest'
+ description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/nova-vnc-proxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_vnc_proxy.json:
command: /usr/bin/nova-novncproxy --web /usr/share/novnc/
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
docker_config:
step_4:
nova_vnc_proxy:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ]
+ image: {get_param: DockerNovaVncProxyImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Octavia service configured with Puppet
+
+parameters:
+ DockerOctaviaApiImage:
+ description: image
+ type: string
+ DockerOctaviaConfigImage:
+ description: The container image to use for the octavia config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OctaviaApiPuppetBase:
+ type: ../../puppet/services/octavia-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia API role.
+ value:
+ service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [OctaviaApiPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: octavia
+ puppet_tags: octavia_config
+ step_config: *step_config
+ config_image: {get_param: DockerOctaviaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/octavia_api.json:
+ command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ /var/lib/kolla/config_files/octavia_api_tls_proxy.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ # Kolla_bootstrap/db_sync runs before permissions set by kolla_config
+ step_2:
+ octavia_api_init_dirs:
+ start_order: 0
+ image: &octavia_api_image {get_param: DockerOctaviaApiImage}
+ user: root
+ volumes:
+ # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
+ # It is normally created as part of the RPM install, but it is
+ # missing here because we use the same config_volume for all
+ # octavia services, hence the same container image to generate
+ # configuration.
+ - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
+ - /var/log/containers/octavia:/var/log/octavia
+ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia']
+ step_3:
+ octavia_db_sync:
+ start_order: 0
+ image: *octavia_api_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro
+ - /var/log/containers/octavia:/var/log/octavia
+ command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'"
+ step_4:
+ map_merge:
+ - octavia_api:
+ start_order: 2
+ image: *octavia_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/octavia:/var/log/octavia
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - if:
+ - internal_tls_enabled
+ - octavia_api_tls_proxy:
+ start_order: 2
+ image: *octavia_api_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/octavia
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable octavia_api service
+ tags: step2
+ service: name=openstack-octavia-api state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Octavia health-manager service configured with Puppet
+
+parameters:
+ DockerOctaviaHealthManagerImage:
+ description: image
+ type: string
+ DockerOctaviaConfigImage:
+ description: The container image to use for the octavia config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OctaviaHealthManagerPuppetBase:
+ type: ../../puppet/services/octavia-health-manager.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia health-manager role.
+ value:
+ service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: octavia
+ puppet_tags: octavia_config
+ step_config: *step_config
+ config_image: {get_param: DockerOctaviaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/octavia_health_manager.json:
+ command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ step_2:
+ octavia_health_manager_init_dirs:
+ start_order: 0
+ image: &octavia_health_manager_image {get_param: DockerOctaviaHealthManagerImage}
+ user: root
+ volumes:
+ # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
+ # It is normally created as part of the RPM install, but it is
+ # missing here because we use the same config_volume for all
+ # octavia services, hence the same container image to generate
+ # configuration.
+ - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
+ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager']
+ step_4:
+ octavia_health_manager:
+ start_order: 2
+ image: *octavia_health_manager_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/octavia:/var/log/octavia
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/octavia
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable octavia_health_manager service
+ tags: step2
+ service: name=openstack-octavia-health-manager state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Octavia service configured with Puppet
+
+parameters:
+ DockerOctaviaHousekeepingImage:
+ description: image
+ type: string
+ DockerOctaviaConfigImage:
+ description: The container image to use for the octavia config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OctaviaHousekeepingPuppetBase:
+ type: ../../puppet/services/octavia-housekeeping.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia housekeeping role.
+ value:
+ service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: octavia
+ puppet_tags: octavia_config
+ step_config: *step_config
+ config_image: {get_param: DockerOctaviaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/octavia_housekeeping.json:
+ command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ step_2:
+ octavia_housekeeping_init_dirs:
+ start_order: 0
+ image: &octavia_housekeeping_image {get_param: DockerOctaviaHousekeepingImage}
+ user: root
+ volumes:
+ # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
+ # It is normally created as part of the RPM install, but it is
+ # missing here because we use the same config_volume for all
+ # octavia services, hence the same container image to generate
+ # configuration.
+ - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
+ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping']
+ step_4:
+ octavia_housekeeping:
+ start_order: 2
+ image: *octavia_housekeeping_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/octavia:/var/log/octavia
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/octavia
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable octavia_housekeeping service
+ tags: step2
+ service: name=openstack-octavia-housekeeping state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Octavia worker service configured with Puppet
+
+parameters:
+ DockerOctaviaWorkerImage:
+ description: image
+ type: string
+ DockerOctaviaConfigImage:
+ description: The container image to use for the octavia config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OctaviaWorkerPuppetBase:
+ type: ../../puppet/services/octavia-worker.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia worker role.
+ value:
+ service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: octavia
+ puppet_tags: octavia_config
+ step_config: *step_config
+ config_image: {get_param: DockerOctaviaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/octavia_worker.json:
+ command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ step_2:
+ octavia_worker_init_dirs:
+ start_order: 0
+ image: &octavia_worker_image {get_param: DockerOctaviaWorkerImage}
+ user: root
+ volumes:
+ # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
+ # It is normally created as part of the RPM install, but it is
+ # missing here because we use the same config_volume for all
+ # octavia services, hence the same container image to generate
+ # configuration.
+ - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
+ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker']
+ step_4:
+ octavia_worker:
+ start_order: 2
+ image: *octavia_worker_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/octavia:/var/log/octavia
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/octavia
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable octavia_worker service
+ tags: step2
+ service: name=openstack-octavia-worker state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized OpenDaylight API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerOpendaylightApiImage:
+ description: image
+ default: 'centos-binary-opendaylight:latest'
+ type: string
+ DockerOpendaylightConfigImage:
+ description: image
+ default: 'centos-binary-opendaylight:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OpenDaylightBase:
+ type: ../../puppet/services/opendaylight-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the OpenDaylight API role.
+ value:
+ service_name: {get_attr: [OpenDaylightBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OpenDaylightBase, role_data, config_settings]
+ step_config: &step_config
+ list_join:
+ - "\n"
+ - - get_attr: [OpenDaylightBase, role_data, step_config]
+ - "include tripleo::profile::base::neutron::opendaylight::create_cluster"
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: opendaylight
+ # 'file,concat,file_line,augeas' are included by default
+ puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/opendaylight_api.json:
+ command: /opt/opendaylight/bin/karaf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /opt/opendaylight
+ owner: odl:odl
+ recurse: true
+ docker_config:
+ step_1:
+ opendaylight_api:
+ start_order: 0
+ image: &odl_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ]
+ privileged: false
+ net: host
+ detach: true
+ user: odl
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+
+ upgrade_tasks:
+ - name: Stop and disable opendaylight_api service
+ tags: step2
+ service: name=opendaylight state=stopped enabled=no
OpenStack containerized Cinder Backup service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderBackupImage:
description: image
- default: 'centos-binary-cinder-backup:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
CinderBackupBackend:
default: swift
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/cinder-backup.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ]
+ - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage}
cinder::backup::manage_service: false
cinder::backup::enabled: false
step_config: ""
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: {get_attr: [CinderBackupBase, role_data, step_config]}
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
OpenStack containerized Cinder Volume service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerCinderVolumeImage:
description: image
- default: 'centos-binary-cinder-volume:latest'
type: string
- # we configure all cinder services in the same cinder base container
DockerCinderConfigImage:
- description: image
- default: 'centos-binary-cinder-api:latest'
+ description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::host: hostgroup
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: {get_attr: [CinderBase, role_data, step_config]}
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
the local galera node is synced
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerClustercheckImage:
description: image
- default: 'centos-binary-mariadb:latest'
+ type: string
+ DockerClustercheckConfigImage:
+ description: The container image to use for the clustercheck config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: clustercheck
puppet_tags: file # set this even though file is the default
step_config: "include ::tripleo::profile::pacemaker::clustercheck"
- config_image: &clustercheck_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ]
+ config_image: {get_param: DockerClustercheckConfigImage}
kolla_config:
/var/lib/kolla/config_files/clustercheck.json:
command: /usr/sbin/xinetd -dontfork
config_files:
- - dest: /etc/xinetd.conf
- source: /var/lib/kolla/config_files/src/etc/xinetd.conf
- owner: mysql
- perm: '0644'
- - dest: /etc/xinetd.d/galera-monitor
- source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor
- owner: mysql
- perm: '0644'
- - dest: /etc/sysconfig/clustercheck
- source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
- owner: mysql
- perm: '0600'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_2:
clustercheck:
start_order: 1
- image: *clustercheck_image
+ image: {get_param: DockerClustercheckImage}
restart: always
net: host
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro
- /var/lib/mysql:/var/lib/mysql
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
MySQL service deployment with pacemaker bundle
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerMysqlImage:
description: image
- default: 'centos-binary-mariadb:latest'
+ type: string
+ DockerMysqlConfigImage:
+ description: The container image to use for the mysql config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
- list_join:
- - '/'
- - - {get_param: DockerNamespace}
- - {get_param: DockerMysqlImage}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
- "exec {'wait-for-settle': command => '/bin/true' }"
- "include ::tripleo::profile::pacemaker::database::mysql_bundle"
- config_image: *mysql_image
+ config_image: {get_param: DockerMysqlConfigImage}
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- - dest: /etc/libqb/force-filesystem-sockets
- source: /dev/null
- owner: root
- perm: '0644'
- - dest: /etc/my.cnf
- source: /var/lib/kolla/config_files/src/etc/my.cnf
- owner: mysql
- perm: '0644'
- - dest: /etc/my.cnf.d/galera.cnf
- source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
- owner: mysql
- perm: '0644'
- - dest: /etc/sysconfig/clustercheck
- source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
- owner: root
- perm: '0600'
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_1:
mysql_data_ownership:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- /var/lib/mysql:/var/lib/mysql
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
- - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
- - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
- /var/lib/mysql:/var/lib/mysql:rw
host_prep_tasks:
- name: create /var/lib/mysql
OpenStack containerized Redis services
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerRedisImage:
description: image
- default: 'centos-binary-redis:latest'
+ type: string
+ DockerRedisConfigImage:
+ description: The container image to use for the redis config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../../puppet/services/database/redis.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
- tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image
- list_join:
- - '/'
- - - {get_param: DockerNamespace}
- - {get_param: DockerRedisImage}
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
puppet_tags: 'exec'
step_config:
get_attr: [RedisBase, role_data, step_config]
- config_image: *redis_image
+ config_image: &redis_config_image {get_param: DockerRedisConfigImage}
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/sbin/pacemaker_remoted
source: /dev/null
owner: root
perm: '0644'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
permissions:
- path: /var/run/redis
owner: redis:redis
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
- image: *redis_image
+ image: *redis_config_image
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
OpenStack containerized HAproxy service for pacemaker
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHAProxyImage:
description: image
- default: 'centos-binary-haproxy:latest'
type: string
+ DockerHAProxyConfigImage:
+ description: The container image to use for the haproxy config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
RoleName:
default: ''
description: Role name on which the service is applied
type: ../../../puppet/services/pacemaker/haproxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_daemon: false
haproxy_docker: true
- tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
- "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
- config_image: *haproxy_image
+ config_image: {get_param: DockerHAProxyConfigImage}
+ volumes: &deployed_cert_mount
+ - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
docker_config:
step_2:
haproxy_init_bundle:
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
image: *haproxy_image
volumes:
- # puppet saves iptables rules in /etc/sysconfig
- - /etc/sysconfig:/etc/sysconfig:rw
- # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
- # the necessary bit and prevent systemd to try to reload the service in the container
- - /usr/libexec/iptables:/usr/libexec/iptables:ro
- - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/puppet:/tmp/puppet-etc:ro
- - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- - /dev/shm:/dev/shm:rw
+ list_concat:
+ - *deployed_cert_mount
+ -
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
OpenStack containerized Rabbitmq service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerRabbitmqImage:
description: image
- default: 'centos-binary-rabbitmq:latest'
+ type: string
+ DockerRabbitmqConfigImage:
+ description: The container image to use for the rabbitmq config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../../puppet/services/rabbitmq.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
- tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
- list_join:
- - '/'
- - - {get_param: DockerNamespace}
- - {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
step_config: &step_config
get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
config_volume: rabbitmq
puppet_tags: file
step_config: *step_config
- config_image: *rabbitmq_image
+ config_image: {get_param: DockerRabbitmqConfigImage}
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/sbin/pacemaker_remoted
source: /dev/null
owner: root
perm: '0644'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
privileged: false
volumes:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+ - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
will be disabled in future releases.
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerPankoApiImage:
description: image
- default: 'centos-binary-panko-api:latest'
+ type: string
+ DockerPankoConfigImage:
+ description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/panko-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config: *step_config
- config_image: &panko_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
+ config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
docker_config:
step_2:
panko_init_log:
- image: *panko_image
+ image: &panko_api_image {get_param: DockerPankoApiImage}
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
step_3:
panko_db_sync:
- image: *panko_image
+ image: *panko_api_image
net: host
detach: false
privileged: false
step_4:
panko_api:
start_order: 2
- image: *panko_image
+ image: *panko_api_image
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- - /var/lib/config-data/panko/var/www/:/var/www/:ro
+ - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/panko:/var/log/panko
-
if:
OpenStack containerized Rabbitmq service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerRabbitmqImage:
description: image
- default: 'centos-binary-rabbitmq:latest'
+ type: string
+ DockerRabbitmqConfigImage:
+ description: The container image to use for the rabbitmq config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/rabbitmq.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
puppet_config:
config_volume: rabbitmq
step_config: *step_config
- config_image: &rabbitmq_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
+ config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/lib/rabbitmq/bin/rabbitmq-server
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
rabbitmq_init_logs:
start_order: 0
detach: false
- image: *rabbitmq_image
+ image: &rabbitmq_image {get_param: DockerRabbitmqImage}
privileged: false
user: root
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+ - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
environment:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+ - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
environment:
config_volume: 'rabbit_init_tasks'
puppet_tags: 'rabbitmq_policy,rabbitmq_user'
step_config: 'include ::tripleo::profile::base::rabbitmq'
- config_image: *rabbitmq_image
+ config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
OpenStack Sahara service configured with Puppet
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerSaharaApiImage:
description: image
- default: 'centos-binary-sahara-api:latest'
+ type: string
+ DockerSaharaConfigImage:
+ description: The container image to use for the sahara config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/sahara-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
config_volume: sahara
puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
step_config: *step_config
- config_image: &sahara_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ]
+ config_image: {get_param: DockerSaharaConfigImage}
kolla_config:
/var/lib/kolla/config_files/sahara-api.json:
command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/sahara
owner: sahara:sahara
docker_config:
step_3:
sahara_db_sync:
- image: *sahara_image
+ image: &sahara_api_image {get_param: DockerSaharaApiImage}
net: host
privileged: false
detach: false
- volumes: &sahara_volumes
+ user: root
+ volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
- /lib/modules:/lib/modules:ro
- /var/lib/sahara:/var/lib/sahara
command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'"
step_4:
sahara_api:
- image: *sahara_image
+ image: *sahara_api_image
net: host
privileged: false
restart: always
- volumes: *sahara_volumes
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/sahara:/var/lib/sahara
+ - /var/log/containers/sahara:/var/log/sahara
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
OpenStack Sahara service configured with Puppet
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerSaharaEngineImage:
description: image
- default: 'centos-binary-sahara-engine:latest'
+ type: string
+ DockerSaharaConfigImage:
+ description: The container image to use for the sahara config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/sahara-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
config_volume: sahara
puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
step_config: *step_config
- config_image: &sahara_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ]
+ config_image: {get_param: DockerSaharaConfigImage}
kolla_config:
/var/lib/kolla/config_files/sahara-engine.json:
command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/sahara
owner: sahara:sahara
docker_config:
step_4:
sahara_engine:
- image: *sahara_image
+ image: {get_param: DockerSaharaEngineImage}
net: host
privileged: false
restart: always
- volumes: &sahara_volumes
+ volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+ - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro
- /var/lib/sahara:/var/lib/sahara
- /var/log/containers/sahara:/var/log/sahara
environment:
Containerized Sensu client service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerSensuClientImage:
description: image
- default: 'centos-binary-sensu-client:latest'
+ type: string
+ DockerSensuConfigImage:
+ description: The container image to use for the sensu config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/monitoring/sensu-client.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
config_volume: sensu
puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
step_config: *step_config
- config_image: &sensu_client_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ]
+ config_image: {get_param: DockerSensuConfigImage}
kolla_config:
/var/lib/kolla/config_files/sensu-client.json:
command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/sensu
owner: sensu:sensu
docker_config:
step_3:
sensu_client:
- image: *sensu_client_image
+ image: {get_param: DockerSensuClientImage}
net: host
privileged: true
# NOTE(mmagr) kolla image changes the user to 'sensu', we need it
-
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro
+ - /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/sensu:/var/log/sensu:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized swift proxy service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerSwiftProxyImage:
description: image
- default: 'centos-binary-swift-proxy-server:latest'
+ type: string
+ DockerSwiftConfigImage:
+ description: The container image to use for the swift config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/swift-proxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: swift
puppet_tags: swift_proxy_config
step_config: *step_config
- config_image: &swift_proxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_proxy.json:
command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/swift
owner: swift:swift
recurse: true
/var/lib/kolla/config_files/swift_proxy_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_4:
map_merge:
- swift_proxy:
- image: *swift_proxy_image
+ image: &swift_proxy_image {get_param: DockerSwiftProxyImage}
net: host
user: swift
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
- # FIXME I'm mounting /etc/swift as rw. Are the rings written to
- # at all during runtime?
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
OpenStack Swift Ringbuilder
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
- DockerSwiftProxyImage:
- description: image
- default: 'centos-binary-swift-proxy-server:latest'
+ DockerSwiftConfigImage:
+ description: The container image to use for the swift config_volume
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/swift-ringbuilder.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: 'swift'
puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ config_image: {get_param: DockerSwiftConfigImage}
kolla_config: {}
docker_config: {}
OpenStack containerized Swift Storage services.
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerSwiftProxyImage:
description: image
- default: 'centos-binary-swift-proxy-server:latest'
type: string
DockerSwiftAccountImage:
description: image
- default: 'centos-binary-swift-account:latest'
type: string
DockerSwiftContainerImage:
description: image
- default: 'centos-binary-swift-container:latest'
type: string
DockerSwiftObjectImage:
description: image
- default: 'centos-binary-swift-object:latest'
+ type: string
+ DockerSwiftConfigImage:
+ description: The container image to use for the swift config_volume
+ default: 'centos-binary-swift-proxy-server:latest'
type: string
EndpointMap:
default: {}
default: {}
description: Parameters specific to the role
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/swift-storage.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: swift
- puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config
+ puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server
step_config: *step_config
- config_image: &swift_proxy_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
+ config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_account_auditor.json:
command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_account_reaper.json:
command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_account_replicator.json:
command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_account_server.json:
command: /usr/bin/swift-account-server /etc/swift/account-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_container_auditor.json:
command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_container_replicator.json:
command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_container_updater.json:
command: /usr/bin/swift-container-updater /etc/swift/container-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_container_server.json:
command: /usr/bin/swift-container-server /etc/swift/container-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_object_auditor.json:
command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_object_expirer.json:
command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_object_replicator.json:
command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_object_updater.json:
command: /usr/bin/swift-object-updater /etc/swift/object-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/swift_object_server.json:
command: /usr/bin/swift-object-server /etc/swift/object-server.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/swift
owner: swift:swift
recurse: true
+ /var/lib/kolla/config_files/swift_rsync.json:
+ command: /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
# The puppet config sets this up but we don't have a way to mount the named
# volume during the configuration stage. We just need to create this
# directory and make sure it's owned by swift.
swift_setup_srv:
- image: &swift_account_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ]
+ image: &swift_account_image {get_param: DockerSwiftAccountImage}
user: root
command: ['chown', '-R', 'swift:', '/srv/node']
volumes:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_container_auditor:
- image: &swift_container_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ]
+ image: &swift_container_image {get_param: DockerSwiftContainerImage}
net: host
user: swift
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_auditor:
- image: &swift_object_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ]
+ image: &swift_object_image {get_param: DockerSwiftObjectImage}
net: host
user: swift
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_expirer:
- image: *swift_proxy_image
+ image: &swift_proxy_image {get_param: DockerSwiftProxyImage}
net: host
user: swift
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
+ - /run:/run
+ - /srv/node:/srv/node
+ - /dev:/dev
+ - /var/log/containers/swift:/var/log/swift
+ environment: *kolla_env
+ swift_rsync:
+ image: *swift_object_image
+ net: host
+ user: root
+ restart: always
+ privileged: true
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/swift_rsync.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
+
host_prep_tasks:
- name: create persistent directories
file:
OpenStack containerized Tacker service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerTackerImage:
description: image
- default: 'centos-binary-tacker:latest'
type: string
DockerTackerConfigImage:
- description: image
- default: 'centos-binary-tacker:latest'
+ description: The container image to use for the tacker config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/tacker.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: tacker
puppet_tags: tacker_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ]
+ config_image: {get_param: DockerTackerConfigImage}
kolla_config:
/var/lib/kolla/config_files/tacker_api.json:
command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/tacker
owner: tacker:tacker
# db sync runs before permissions set by kolla_config
step_2:
tacker_init_logs:
- image: &tacker_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ]
+ image: &tacker_image {get_param: DockerTackerImage}
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/tacker/etc/:/etc/:ro
+ # FIXME(mandre) mounting /etc rw to workaround LP1696283
+ # This should go away anyway and mount the exact files it
+ # needs or use kolla set_configs.py
+ - /var/lib/config-data/tacker/etc/:/etc/
- /var/log/containers/tacker:/var/log/tacker
command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'"
step_4:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro
+ - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/tacker:/var/log/tacker
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized Zaqar services
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerZaqarImage:
description: image
- default: 'centos-binary-zaqar:latest'
+ type: string
+ DockerZaqarConfigImage:
+ description: The container image to use for the zaqar config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: ../../puppet/services/zaqar.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
config_volume: zaqar
puppet_tags: zaqar_config
step_config: *step_config
- config_image: &zaqar_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
+ config_image: {get_param: DockerZaqarConfigImage}
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/zaqar
owner: zaqar:zaqar
docker_config:
step_4:
zaqar:
- image: *zaqar_image
+ image: &zaqar_image {get_param: DockerZaqarImage}
net: host
privileged: false
restart: always
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- - /var/lib/config-data/zaqar/var/www/:/var/www/:ro
- - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro
- - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- - /var/lib/config-data/zaqar/var/www/:/var/www/:ro
- - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OS::TripleO::Services::AodhNotifier: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None
OS::TripleO::Services::PankoApi: OS::Heat::None
+
+parameter_defaults:
+ NotificationDriver: 'noop'
--- /dev/null
+# Generated with the following on 2017-07-12T11:40:50.219622
+#
+# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
+#
+
+parameter_defaults:
+ DockerAodhApiImage: tripleoupstream/centos-binary-aodh-api:latest
+ DockerAodhConfigImage: tripleoupstream/centos-binary-aodh-api:latest
+ DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest
+ DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest
+ DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest
+ DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest
+ DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest
+ DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest
+ DockerCeilometerIpmiImage: tripleoupstream/centos-binary-ceilometer-ipmi:latest
+ DockerCeilometerNotificationImage: tripleoupstream/centos-binary-ceilometer-notification:latest
+ DockerCinderApiImage: tripleoupstream/centos-binary-cinder-api:latest
+ DockerCinderBackupImage: tripleoupstream/centos-binary-cinder-backup:latest
+ DockerCinderConfigImage: tripleoupstream/centos-binary-cinder-api:latest
+ DockerCinderSchedulerImage: tripleoupstream/centos-binary-cinder-scheduler:latest
+ DockerCinderVolumeImage: tripleoupstream/centos-binary-cinder-volume:latest
+ DockerClustercheckConfigImage: tripleoupstream/centos-binary-mariadb:latest
+ DockerClustercheckImage: tripleoupstream/centos-binary-mariadb:latest
+ DockerCollectdConfigImage: tripleoupstream/centos-binary-collectd:latest
+ DockerCollectdImage: tripleoupstream/centos-binary-collectd:latest
+ DockerCongressApiImage: tripleoupstream/centos-binary-congress-api:latest
+ DockerCongressConfigImage: tripleoupstream/centos-binary-congress-api:latest
+ DockerEc2ApiConfigImage: tripleoupstream/centos-binary-ec2-api:latest
+ DockerEc2ApiImage: tripleoupstream/centos-binary-ec2-api:latest
+ DockerEtcdConfigImage: tripleoupstream/centos-binary-etcd:latest
+ DockerEtcdImage: tripleoupstream/centos-binary-etcd:latest
+ DockerGlanceApiConfigImage: tripleoupstream/centos-binary-glance-api:latest
+ DockerGlanceApiImage: tripleoupstream/centos-binary-glance-api:latest
+ DockerGnocchiApiImage: tripleoupstream/centos-binary-gnocchi-api:latest
+ DockerGnocchiConfigImage: tripleoupstream/centos-binary-gnocchi-api:latest
+ DockerGnocchiMetricdImage: tripleoupstream/centos-binary-gnocchi-metricd:latest
+ DockerGnocchiStatsdImage: tripleoupstream/centos-binary-gnocchi-statsd:latest
+ DockerHAProxyConfigImage: tripleoupstream/centos-binary-haproxy:latest
+ DockerHAProxyImage: tripleoupstream/centos-binary-haproxy:latest
+ DockerHeatApiCfnConfigImage: tripleoupstream/centos-binary-heat-api-cfn:latest
+ DockerHeatApiCfnImage: tripleoupstream/centos-binary-heat-api-cfn:latest
+ DockerHeatApiConfigImage: tripleoupstream/centos-binary-heat-api:latest
+ DockerHeatApiImage: tripleoupstream/centos-binary-heat-api:latest
+ DockerHeatConfigImage: tripleoupstream/centos-binary-heat-api:latest
+ DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest
+ DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest
+ DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest
+ DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
+ DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest
+ DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest
+ DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest
+ DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest
+ DockerIronicInspectorImage: tripleoupstream/centos-binary-ironic-inspector:latest
+ DockerIronicPxeImage: tripleoupstream/centos-binary-ironic-pxe:latest
+ DockerIscsidConfigImage: tripleoupstream/centos-binary-iscsid:latest
+ DockerIscsidImage: tripleoupstream/centos-binary-iscsid:latest
+ DockerKeystoneConfigImage: tripleoupstream/centos-binary-keystone:latest
+ DockerKeystoneImage: tripleoupstream/centos-binary-keystone:latest
+ DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest
+ DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest
+ DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest
+ DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest
+ DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest
+ DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest
+ DockerMistralConfigImage: tripleoupstream/centos-binary-mistral-api:latest
+ DockerMistralEngineImage: tripleoupstream/centos-binary-mistral-engine:latest
+ DockerMistralExecutorImage: tripleoupstream/centos-binary-mistral-executor:latest
+ DockerMongodbConfigImage: tripleoupstream/centos-binary-mongodb:latest
+ DockerMongodbImage: tripleoupstream/centos-binary-mongodb:latest
+ DockerMultipathdConfigImage: tripleoupstream/centos-binary-multipathd:latest
+ DockerMultipathdImage: tripleoupstream/centos-binary-multipathd:latest
+ DockerMysqlClientConfigImage: tripleoupstream/centos-binary-mariadb:latest
+ DockerMysqlConfigImage: tripleoupstream/centos-binary-mariadb:latest
+ DockerMysqlImage: tripleoupstream/centos-binary-mariadb:latest
+ DockerNeutronApiImage: tripleoupstream/centos-binary-neutron-server:latest
+ DockerNeutronConfigImage: tripleoupstream/centos-binary-neutron-server:latest
+ DockerNeutronDHCPImage: tripleoupstream/centos-binary-neutron-dhcp-agent:latest
+ DockerNeutronL3AgentImage: tripleoupstream/centos-binary-neutron-l3-agent:latest
+ DockerNeutronMetadataImage: tripleoupstream/centos-binary-neutron-metadata-agent:latest
+ DockerNovaApiImage: tripleoupstream/centos-binary-nova-api:latest
+ DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest
+ DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest
+ DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest
+ DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest
+ DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest
+ DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest
+ DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest
+ DockerNovaPlacementConfigImage: tripleoupstream/centos-binary-nova-placement-api:latest
+ DockerNovaPlacementImage: tripleoupstream/centos-binary-nova-placement-api:latest
+ DockerNovaSchedulerImage: tripleoupstream/centos-binary-nova-scheduler:latest
+ DockerNovaVncProxyImage: tripleoupstream/centos-binary-nova-novncproxy:latest
+ DockerOVNControllerConfigImage: tripleoupstream/centos-binary-ovn-controller:latest
+ DockerOVNControllerImage: tripleoupstream/centos-binary-ovn-controller:latest
+ DockerOVNNbDbImage: tripleoupstream/centos-binary-ovn-nb-db-server:latest
+ DockerOVNNorthdImage: tripleoupstream/centos-binary-ovn-northd:latest
+ DockerOVNSbDbImage: tripleoupstream/centos-binary-ovn-sb-db-server:latest
+ DockerOctaviaApiImage: tripleoupstream/centos-binary-octavia-api:latest
+ DockerOctaviaConfigImage: tripleoupstream/centos-binary-octavia-api:latest
+ DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest
+ DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest
+ DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest
+ DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest
+ DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest
+ DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest
+ DockerRabbitmqConfigImage: tripleoupstream/centos-binary-rabbitmq:latest
+ DockerRabbitmqImage: tripleoupstream/centos-binary-rabbitmq:latest
+ DockerRedisConfigImage: tripleoupstream/centos-binary-redis:latest
+ DockerRedisImage: tripleoupstream/centos-binary-redis:latest
+ DockerSaharaApiImage: tripleoupstream/centos-binary-sahara-api:latest
+ DockerSaharaConfigImage: tripleoupstream/centos-binary-sahara-api:latest
+ DockerSaharaEngineImage: tripleoupstream/centos-binary-sahara-engine:latest
+ DockerSensuClientImage: tripleoupstream/centos-binary-sensu-client:latest
+ DockerSensuConfigImage: tripleoupstream/centos-binary-sensu-client:latest
+ DockerSwiftAccountImage: tripleoupstream/centos-binary-swift-account:latest
+ DockerSwiftConfigImage: tripleoupstream/centos-binary-swift-proxy-server:latest
+ DockerSwiftContainerImage: tripleoupstream/centos-binary-swift-container:latest
+ DockerSwiftObjectImage: tripleoupstream/centos-binary-swift-object:latest
+ DockerSwiftProxyImage: tripleoupstream/centos-binary-swift-proxy-server:latest
+ DockerTackerConfigImage: tripleoupstream/centos-binary-tacker:latest
+ DockerTackerImage: tripleoupstream/centos-binary-tacker:latest
+ DockerZaqarConfigImage: tripleoupstream/centos-binary-zaqar:latest
+ DockerZaqarImage: tripleoupstream/centos-binary-zaqar:latest
--- /dev/null
+# Environment file to deploy the HA services via docker
+# Add it *after* -e docker.yaml:
+# ...deploy..-e docker.yaml -e docker-ha.yaml
+resource_registry:
+ # Pacemaker runs on the host
+ OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
+
+ # Services that are disabled for HA deployments with pacemaker
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+
+ # HA Containers managed by pacemaker
+ OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml
+ OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml
+ OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
+ OS::TripleO::Services::RabbitMQ: ../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::Redis: ../docker/services/pacemaker/database/redis.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
-
-parameter_defaults:
- # To specify a local docker registry, enable these
- # where 192.168.24.1 is the host running docker-distribution
- #DockerNamespace: 192.168.24.1:8787/tripleoupstream
- #DockerNamespaceIsRegistry: true
-
- ComputeServices:
- - OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::ComputeNeutronOvsAgent
- - OS::TripleO::Services::Docker
- - OS::TripleO::Services::Sshd
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+ # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
#NOTE (dprince) add roles to be docker enabled as we support them
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
-
-parameter_defaults:
- # To specify a local docker registry, enable these
- # where 192.168.24.1 is the host running docker-distribution
- #DockerNamespace: 192.168.24.1:8787/tripleoupstream
- #DockerNamespaceIsRegistry: true
-
- ComputeServices:
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::ComputeNeutronOvsAgent
- - OS::TripleO::Services::Docker
- - OS::TripleO::Services::CeilometerAgentCompute
- - OS::TripleO::Services::Sshd
UpgradeLevelNovaCompute: auto
UpgradeInitCommonCommand: |
#!/bin/bash
+ set -eu
# Ocata to Pike, put any needed host-level workarounds here
+ yum install -y ansible-pacemaker
NeutronBigswitchRestproxyServerAuth:
NeutronMechanismDrivers: openvswitch,bsn_ml2
NeutronServicePlugins: bsn_l3,bsn_service_plugin
- KeystoneNotificationDriver: messaging
# Optional:
# NeutronBigswitchRestproxyAutoSyncOnFailure:
# a Cisco Neutron plugin.
resource_registry:
OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
OS::TripleO::DefaultPasswords: OS::Heat::None
OS::TripleO::RandomString: OS::Heat::None
OS::TripleO::AllNodesDeployment: OS::Heat::None
+ OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml
parameter_defaults:
# Deploy no services
+resource_registry:
+ OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml
+
parameter_defaults:
# Consistent Hostname format
ControllerDeployedServerHostnameFormat: overcloud-controller-%index%
resource_registry:
- OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml
+ OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
resource_registry:
OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml
+ OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml
--- /dev/null
+# A Heat environment that can be used to deploy OpenDaylight with L3 DVR using Docker containers
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+ OS::TripleO::Services::OpenDaylightApi: ../../docker/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: ../../puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-odl.yaml
+
+parameter_defaults:
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: 'opendaylight_v2'
+ NeutronServicePlugins: 'odl-router_v2,trunk'
+ DockerNeutronApiImage: 'centos-binary-neutron-server-opendaylight:latest'
+ DockerNeutronConfigImage: 'centos-binary-neutron-server-opendaylight:latest'
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml
+ OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
+ OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
+ OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
--- /dev/null
+# A Heat environment file that can be used to deploy Neutron LBaaSv2 service
+#
+# Currently there are only two interface drivers for Neutron LBaaSv2
+# The default option is the standard OVS driver the other option is to be used
+# when linux bridges are used instead of OVS
+# In order to enable other backend, replace the content of NeutronLbaasInterfaceDriver
+#
+# - OVS: neutron.agent.linux.interface.OVSInterfaceDriver
+# - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver
+resource_registry:
+ OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml
+
+parameter_defaults:
+ NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver"
+ NeutronLbaasDeviceDriver: "neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver"
+ NeutronServiceProviders: ['LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default']
+ NeutronServicePlugins: "qos,router,trunk,lbaasv2"
+
# Type: string
CinderNetappLogin: <None>
+ #
+ # Type: string
+ CinderNetappNasSecureFileOperations: false
+
+ #
+ # Type: string
+ CinderNetappNasSecureFilePermissions: false
+
#
# Type: string
CinderNetappNfsMountOptions: ''
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
- actions: ['DELETE'] # Only do this on DELETE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
parameters:
server:
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
name: SomeDeployment
server: {get_param: server}
config: {get_resource: SomeConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
actions: ['CREATE'] # Only do this on CREATE
RebootConfig:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
{{role}}HostCpusList:
type: string
default: ""
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
parameter_group:
- label: deprecated
equals:
- get_param: {{role}}TunedProfileName
- ""
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: {{role}}KernelArgs}
_TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName}
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
default: "vfio-pci"
description: DPDK Driver type
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']}
driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']}
isol_cpus_empty: {equals: [{get_param: IsolCpusList}, '0']}
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
RoleParametersValue:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
template: |
#!/bin/bash
set -x
+
+ # OvS Permission issue temporary workaround
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1459436
+ # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html
+ ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service"
+
+ if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then
+ sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path
+ else
+ echo "RuntimeDirectoryMode=0775" >> $ovs_service_path
+ fi
+
+ if ! grep -Fxq "Group=qemu" $ovs_service_path ; then
+ echo "Group=qemu" >> $ovs_service_path
+ fi
+
+ if ! grep -Fxq "UMask=0002" $ovs_service_path ; then
+ echo "UMask=0002" >> $ovs_service_path
+ fi
+
+ ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl'
+ if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then
+ sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
+ fi
+
+
# DO NOT use --detailed-exitcodes
puppet apply --logdest console \
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
fi
)
}
+
+# https://bugs.launchpad.net/tripleo/+bug/1704131 guard against yum update
+# waiting for an existing process until the heat stack time out
+function check_for_yum_lock {
+ if [[ -f /var/run/yum.pid ]] ; then
+ ERR="ERROR existing yum.pid detected - can't continue! Please ensure
+there is no other package update process for the duration of the minor update
+worfklow. Exiting."
+ echo $ERR
+ exit 1
+ fi
+}
server:
description: ID of the node to apply this config to
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
resources:
SshHostPubKeyConfig:
properties:
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
+ actions: {get_param: deployment_actions}
outputs:
command_arguments=${command_arguments:-}
+# Always ensure yum has full cache
+yum makecache || echo "Yum makecache failed. This can cause failure later on."
+
# yum check-update exits 100 if updates are available
set +e
check_update=$(yum check-update 2>&1)
fi
else
echo "Upgrading openstack-puppet-modules and its dependencies"
+ check_for_yum_lock
yum -q -y update openstack-puppet-modules
yum deplist openstack-puppet-modules | awk '/dependency/{print $2}' | xargs yum -q -y update
echo "Upgrading other packages is handled by config management tooling"
command=${command:-update}
full_command="yum -q -y $command $command_arguments"
-echo "Running: $full_command"
+echo "Running: $full_command"
+check_for_yum_lock
result=$($full_command)
return_code=$?
echo "$result"
addresses:
- ip_netmask:
get_param: StorageIpSubnet
+ # Uncomment when including environments/hyperconverged-ceph.yaml
+ #- type: vlan
+ # device: bond1
+ # vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ # addresses:
+ # - ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: vlan
device: bond1
vlan_id:
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
- #-
- # type: vlan
+ #- type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
- # -
- # ip_netmask: {get_param: ManagementIpSubnet}
+ # - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
- # -
- # default: true
+ # - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
--- /dev/null
+heat_template_version: pike
+description: >
+ Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for a dedicated Neutron networker role.
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ BondInterfaceOvsOptions:
+ default: bond_mode=active-backup
+ description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using
+ this option.
+ type: string
+ constraints:
+ - allowed_pattern: ^((?!balance.tcp).)*$
+ description: 'The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
+ '
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: 10.0.0.1
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: interface
+ name: nic1
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ list_join:
+ - /
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - type: ovs_bridge
+ name: bridge_name
+ dns_servers:
+ get_param: DnsServers
+ members:
+ - type: ovs_bond
+ name: bond1
+ ovs_options:
+ get_param: BondInterfaceOvsOptions
+ members:
+ - type: interface
+ name: nic2
+ primary: true
+ - type: interface
+ name: nic3
+ - type: vlan
+ device: bond1
+ vlan_id:
+ get_param: ExternalNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: ExternalInterfaceDefaultRoute
+ - type: vlan
+ device: bond1
+ vlan_id:
+ get_param: InternalApiNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ - type: vlan
+ device: bond1
+ vlan_id:
+ get_param: TenantNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: TenantIpSubnet
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # device: bond1
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
+
addresses:
- ip_netmask:
get_param: StorageIpSubnet
+ # Uncomment when including environments/hyperconverged-ceph.yaml
+ #- type: interface
+ # name: nic3
+ # use_dhcp: false
+ # addresses:
+ # - ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: interface
name: nic4
use_dhcp: false
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
- #-
- # type: interface
+ #- type: interface
# name: nic7
# use_dhcp: false
# addresses:
- # -
- # ip_netmask: {get_param: ManagementIpSubnet}
+ # - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
- # -
- # default: true
+ # - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
--- /dev/null
+heat_template_version: pike
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces for a dedicated Neutron networker role.
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: 10.0.0.1
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - /
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ - type: ovs_bridge
+ name: br-tenant
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: TenantIpSubnet
+ members:
+ - type: interface
+ name: nic5
+ use_dhcp: false
+ primary: true
+ - type: ovs_bridge
+ name: bridge_name
+ dns_servers:
+ get_param: DnsServers
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: ExternalInterfaceDefaultRoute
+ members:
+ - type: interface
+ name: nic6
+ primary: true
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: interface
+ # name: nic7
+ # use_dhcp: false
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
+
addresses:
- ip_netmask:
get_param: StorageIpSubnet
+ # Uncomment when including environments/hyperconverged-ceph.yaml
+ #- type: vlan
+ # vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ # device: bridge_name
+ # addresses:
+ # - ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: vlan
vlan_id:
get_param: TenantNetworkVlanID
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
- #-
- # type: vlan
+ #- type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# device: bridge_name
# addresses:
- # -
- # ip_netmask: {get_param: ManagementIpSubnet}
+ # - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
- # -
- # default: true
+ # - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
--- /dev/null
+heat_template_version: pike
+description: >
+ Software Config to drive os-net-config to configure VLANs for a dedicated Neutron networker role.
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: 10.0.0.1
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: linux_bridge
+ name: bridge_name
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - /
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - default: true
+ next_hop:
+ get_param: ControlPlaneDefaultRoute
+ members:
+ - type: interface
+ # NOTE: "interface_name" will be replaced by the value of NeutronPublicInterface,
+ # default is "nic1". Set this value via parameter_defaults in an environment file.
+ name: interface_name
+ primary: true
+ - type: vlan
+ vlan_id:
+ get_param: ExternalNetworkVlanID
+ device: bridge_name
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: ExternalInterfaceDefaultRoute
+ - type: vlan
+ vlan_id:
+ get_param: InternalApiNetworkVlanID
+ device: bridge_name
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: TenantNetworkVlanID
+ device: bridge_name
+ addresses:
+ - ip_netmask:
+ get_param: TenantIpSubnet
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: bridge_name
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
+
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
addresses:
- ip_netmask:
get_param: StorageIpSubnet
+ # Uncomment when including environments/hyperconverged-ceph.yaml
+ #- type: vlan
+ # vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ # addresses:
+ # - ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: vlan
vlan_id:
get_param: TenantNetworkVlanID
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
- #-
- # type: vlan
+ #- type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
- # -
- # ip_netmask: {get_param: ManagementIpSubnet}
+ # - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
- # -
- # default: true
+ # - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
--- /dev/null
+heat_template_version: pike
+description: >
+ Software Config to drive os-net-config to configure VLANs for a dedicated Neutron networker role.
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: 10.0.0.1
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: ovs_bridge
+ name: bridge_name
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - /
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ members:
+ - type: interface
+ name: nic1
+ # force the MAC address of the bridge to this interface
+ primary: true
+ - type: vlan
+ vlan_id:
+ get_param: ExternalNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: ExternalInterfaceDefaultRoute
+ - type: vlan
+ vlan_id:
+ get_param: InternalApiNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: TenantNetworkVlanID
+ addresses:
+ - ip_netmask:
+ get_param: TenantIpSubnet
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
+
type: json
ExternalNetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
ExternalNetEnableDHCP:
default: false
OS::stack_id:
description: Neutron external network
value: {get_resource: ExternalNetwork}
+ subnet_cidr:
+ value: {get_attr: ExternalSubnet, cidr}
type: json
ExternalNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
ExternalNetShared:
default: false
OS::stack_id:
description: Neutron external network
value: {get_resource: ExternalNetwork}
+ subnet_cidr:
+ value: {get_attr: ExternalSubnet, cidr}
type: json
InternalApiNetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
InternalApiNetEnableDHCP:
default: false
OS::stack_id:
description: Neutron internal network
value: {get_resource: InternalApiNetwork}
+ subnet_cidr:
+ value: {get_attr: InternalApiSubnet, cidr}
type: json
InternalApiNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
InternalApiNetShared:
default: false
OS::stack_id:
description: Neutron internal network
value: {get_resource: InternalApiNetwork}
+ subnet_cidr:
+ value: {get_attr: InternalApiSubnet, cidr}
OS::stack_id:
description: Neutron management network
value: {get_resource: ManagementNetwork}
-
+ subnet_cidr:
+ value: {get_attr: ManagementSubnet, cidr}
type: json
ManagementNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
ManagementNetShared:
default: false
OS::stack_id:
description: Neutron management network
value: {get_resource: ManagementNetwork}
+ subnet_cidr:
+ value: {get_attr: ManagementSubnet, cidr}
NetworkExtraConfig:
type: OS::TripleO::Network::ExtraConfig
+
+
+outputs:
+ net_cidr_map:
+ value:
+ # NOTE(gfidente): we need to replace the null value with a
+ # string to work around https://bugs.launchpad.net/heat/+bug/1700025
+ {%- for network in networks %}
+ {%- if network.name != 'InternalApi' %}
+ {{network.name_lower}}:
+ yaql:
+ data: {get_attr: [{{network.name}}Network, subnet_cidr]}
+ expression: str($.data).replace('null', 'disabled')
+ {%- else %}
+ {{network.name_lower}}:
+ yaql:
+ data: {get_attr: [InternalNetwork, subnet_cidr]}
+ expression: str($.data).replace('null', 'disabled')
+ {%- endif %}
+ {%- endfor %}
ManagementIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the management network
ManagementIpUri:
default: ''
type: string
type: json
StorageNetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
StorageNetEnableDHCP:
default: false
OS::stack_id:
description: Neutron storage network
value: {get_resource: StorageNetwork}
+ subnet_cidr:
+ value: {get_attr: StorageSubnet, cidr}
type: json
StorageMgmtNetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
StorageMgmtNetEnableDHCP:
default: false
OS::stack_id:
description: Neutron storage management network
value: {get_resource: StorageMgmtNetwork}
+ subnet_cidr:
+ value: {get_attr: StorageMgmtSubnet, cidr}
type: json
StorageMgmtNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
StorageMgmtNetShared:
default: false
OS::stack_id:
description: Neutron storage management network
value: {get_resource: StorageMgmtNetwork}
+ subnet_cidr:
+ value: {get_attr: StorageMgmtSubnet, cidr}
type: json
StorageNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
StorageNetShared:
default: false
OS::stack_id:
description: Neutron storage network
value: {get_resource: StorageNetwork}
+ subnet_cidr:
+ value: {get_attr: StorageSubnet, cidr}
type: json
TenantNetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
TenantNetEnableDHCP:
default: false
OS::stack_id:
description: Neutron tenant network
value: {get_resource: TenantNetwork}
+ subnet_cidr:
+ value: {get_attr: TenantSubnet, cidr}
type: json
TenantNetAdminStateUp:
default: false
- description: This admin state of of the network.
+ description: The admin state of the network.
type: boolean
TenantNetShared:
default: false
OS::stack_id:
description: Neutron tenant network
value: {get_resource: TenantNetwork}
+ subnet_cidr:
+ value: {get_attr: TenantSubnet, cidr}
#
- name: External
vip: true
+ name_lower: external
- name: InternalApi
name_lower: internal_api
vip: true
- name: Storage
vip: true
+ name_lower: storage
- name: StorageMgmt
name_lower: storage_mgmt
vip: true
- name: Tenant
vip: false # Tenant network does not use VIPs
+ name_lower: tenant
- name: Management
# Management network is disabled by default
enabled: false
vip: false # Management network does not use VIPs
+ name_lower: management
# Upgrade resources
OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml
+ OS::TripleO::DeployedServerEnvironment: OS::Heat::None
+
# services
- OS::TripleO::Services: services.yaml
+ OS::TripleO::Services: common/services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
OS::TripleO::Services::Snmp: puppet/services/snmp.yaml
OS::TripleO::Services::Tacker: OS::Heat::None
OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
- OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
+ OS::TripleO::Services::CeilometerApi: puppet/services/disabled/ceilometer-api-disabled.yaml
OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml
OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml
OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
OS::TripleO::Services::Iscsid: OS::Heat::None
+ OS::TripleO::Services::Clustercheck: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
Control the IP allocation for the ControlVirtualIP port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
+ ExtraConfig:
+ default: {}
+ description: |
+ Additional hiera configuration to inject into the cluster.
+ type: json
+{%- for role in roles %}
+ {{role.name}}ExtraConfig:
+ default: {}
+ description: |
+ Role specific additional hiera configuration to inject into the cluster.
+ type: json
+{%- endfor %}
+ controllerExtraConfig:
+ default: {}
+ description: |
+ DEPRECATED use ControllerExtraConfig instead
+ type: json
+ NovaComputeExtraConfig:
+ default: {}
+ description: |
+ DEPRECATED use ComputeExtraConfig instead
+ type: json
InternalApiVirtualFixedIPs:
default: []
description: >
{% else %}
default: "%stackname%-{{role.name.lower()}}-%index%"
{% endif %}
-
{{role.name}}RemovalPolicies:
default: []
type: json
description: >
List of server hostnames to blacklist from any triggered deployments.
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - controllerExtraConfig
+ - NovaComputeExtraConfig
+
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
properties:
length: 10
+ NetCidrMapValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_merge:
+ - {get_attr: [Networks, net_cidr_map]}
+ - ctlplane: {get_attr: [ControlVirtualIP, subnets, 0, cidr]}
+ - keys:
+ ctlplane: {get_param: NeutronControlPlaneID}
+ values:
+ disabled: {get_attr: [ControlVirtualIP, subnets, 0, cidr]}
+
ServiceNetMap:
type: OS::TripleO::ServiceNetMap
Services:
get_param: {{role.name}}Services
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
+ ServiceData:
+ net_cidr_map: {get_attr: [NetCidrMapValue, value]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
RoleName: {{role.name}}
type: json
value: {get_attr: [{{role.name}}ServiceChain, role_data]}
+ {{role.name}}ServiceConfigSettings:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_merge:
+ - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings]
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChainRoleData, value, global_config_settings]
+ {% endfor %}
+ # This next step combines two yaql passes:
+ # - The inner one does a deep merge on the service_config_settings for all roles
+ # - The outer one filters the map based on the services enabled for the role
+ # then merges the result into one map.
+ - yaql:
+ expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ map:
+ yaql:
+ expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
+ data:
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChainRoleData, value, service_config_settings]
+ {% endfor %}
+ services: {get_attr: [{{role.name}}ServiceNames, value]}
+
+ {{role.name}}MergedConfigSettings:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ config_settings: {}
+ global_config_settings: {}
+ service_config_settings: {}
+ merged_config_settings:
+ map_merge:
+ - get_attr: [{{role.name}}ServiceConfigSettings, value]
+ - get_param: ExtraConfig
+ {%- if role.name == 'Controller' %}
+ - map_merge:
+ - get_param: controllerExtraConfig
+ - get_param: {{role.name}}ExtraConfig
+ {%- elif role.name == 'Compute' %}
+ - map_merge:
+ - get_param: NovaComputeExtraConfig
+ - get_param: {{role.name}}ExtraConfig
+ {%- else %}
+ - get_param: {{role.name}}ExtraConfig
+ {%- endif %}
+
# Filter any null/None service_names which may be present due to mapping
# of services to OS::Heat::None
{{role.name}}ServiceNames:
{% else %}
NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints}
{% endif %}
- ServiceConfigSettings:
- map_merge:
- - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings]
- {% for r in roles %}
- - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
- {% endfor %}
- # This next step combines two yaql passes:
- # - The inner one does a deep merge on the service_config_settings for all roles
- # - The outer one filters the map based on the services enabled for the role
- # then merges the result into one map.
- - yaql:
- expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {})
- data:
- map:
- yaql:
- expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
- data:
- {% for r in roles %}
- - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
- {% endfor %}
- services: {get_attr: [{{role.name}}ServiceNames, value]}
+ ServiceConfigSettings: {get_attr: [{{role.name}}ServiceConfigSettings, value]}
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
+ # This is a different format to *Servers, as it creates a map of lists
+ # whereas *Servers creates a map of maps with keys of the nested resource names
+ ServerIdMap:
+ type: OS::Heat::Value
+ properties:
+ value:
+ server_ids:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}, nova_server_resource]}
+{% endfor %}
+ bootstrap_server_id:
+ yaql:
+ expression: coalesce($.data, []).first(null)
+ data: {get_attr: [{{primary_role_name}}, nova_server_resource]}
+
# This resource just creates a dict out of the DeploymentServerBlacklist,
# which is a list. The dict is used in the role templates to set a condition
# on whether to create the deployment resources. We can't use the list
{% for role in roles %}
- {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]}
{% endfor %}
- # FIXME(shardy): These require further work to move into service_ips
- memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
NetVipMap: {get_attr: [VipMap, net_ip_map]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]}
StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]}
# No tenant or management VIP required
+ # Because of nested get_attr functions in the KeystoneAdminVip output, we
+ # can't determine which attributes of VipMap are used until after
+ # ServiceNetMap's attribute values are available.
+ depends_on: ServiceNetMap
# All Nodes Validations
AllNodesValidationConfig:
{% endfor %}
role_data:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
+ {{role.name}}:
+ map_merge:
+ - {get_attr: [{{role.name}}ServiceChainRoleData, value]}
+ - {get_attr: [{{role.name}}MergedConfigSettings, value]}
{% endfor %}
ServerOsCollectConfigData:
{{role.name}}: {get_attr: [{{role.name}}, attributes, os_collect_config]}
{% endfor %}
+ DeployedServerEnvironment:
+ type: OS::TripleO::DeployedServerEnvironment
+ properties:
+ RoleCounts:
+{% for role in roles %}
+ {{role.name}}DeployedServerCount: {get_param: {{role.name}}Count}
+{% endfor %}
+ VipMap:
+ map_merge:
+ - {get_attr: [VipMap, net_ip_map]}
+ - redis: {get_attr: [RedisVirtualIP, ip_address]}
+ DeployedServerPortMap:
+ map_merge:
+ list_concat:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}, deployed_server_port_map]}
+{% endfor %}
+ DeployedServerDeploymentSwiftDataMap:
+ map_merge:
+ list_concat:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}, deployed_server_deployment_swift_data_map]}
+{% endfor %}
+ DefaultRouteIp:
+ str_split:
+ - ':'
+ - str_split:
+ - '/'
+ - {get_attr: [ServerOsCollectConfigData, value, {{primary_role_name}}, '0', request, metadata_url]}
+ - 2
+ - 0
+
outputs:
ManagedEndpoints:
description: Asserts that the keystone endpoints have been provisioned.
value: {get_attr: [EndpointMapData, value, KeystonePublic, uri]}
KeystoneAdminVip:
description: Keystone Admin VIP endpoint
+ # Note that these nested get_attr functions require a dependency
+ # relationship between VipMap and ServiceNetMap, since we can't determine
+ # which attributes of VipMap are used until after ServiceNetMap's attribute
+ # values are available. If this is ever reworked to not use nested
+ # get_attr, that dependency can be removed.
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
EndpointMap:
description: |
description: The configuration data associated with each role
value:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
+ {{role.name}}:
+ map_merge:
+ - {get_attr: [{{role.name}}ServiceChainRoleData, value]}
+ - {get_attr: [{{role.name}}MergedConfigSettings, value]}
{% endfor %}
RoleNetIpMap:
description: Mapping of each network to a list of IPs for each role
{% endfor %}
ServerOsCollectConfigData:
description: The os-collect-config configuration associated with each server resource
- value:
-{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, os_collect_config]}
-{% endfor %}
+ value: {get_attr: [ServerOsCollectConfigData, value]}
VipMap:
description: Mapping of each network to VIP addresses. Also includes the Redis VIP.
value:
map_merge:
- {get_attr: [VipMap, net_ip_map]}
- redis: {get_attr: [RedisVirtualIP, ip_address]}
+ ServerIdData:
+ description: Mapping of each role to a list of nova server IDs and the bootstrap ID
+ value: {get_attr: [ServerIdMap, value]}
+ DeployedServerEnvironment:
+ description:
+ Environment data that can be used as input into the services stack when
+ using split-stack.
+ value: {get_attr: [DeployedServerEnvironment, deployed_server_environment]}
workflow_parameters:
tripleo.derive_params.v1.derive_parameters:
# DPDK Parameters
- number_of_pmd_cpu_threads_per_numa_node: 2
+ num_phy_cores_per_numa_node_for_pmd: 2
All the parameters specified under the workflow name will be passed as
-``user_input`` to the workflow, while invoking from the tripleoclient.
\ No newline at end of file
+``user_input`` to the workflow, while invoking from the tripleoclient.
workflow_parameters:
tripleo.derive_params.v1.derive_parameters:
######### DPDK Parameters #########
- # Specifices the minimum number of CPU threads to be allocated for DPDK
+ # Specifices the minimum number of CPU physical cores to be allocated for DPDK
# PMD threads. The actual allocation will be based on network config, if
# the a DPDK port is associated with a numa node, then this configuration
- # will be used, else 0.
- number_of_pmd_cpu_threads_per_numa_node: 4
+ # will be used, else 1.
+ num_phy_cores_per_numa_node_for_pmd: 2
# Amount of memory to be configured as huge pages in percentage. Ouf the
# total available memory (excluding the NovaReservedHostMemory), the
# specified percentage of the remaining is configured as huge pages.
type: json
controller_names:
type: comma_delimited_list
- memcache_node_ips:
- type: comma_delimited_list
NetVipMap:
type: json
RedisVirtualIP:
list_join:
- ','
- {get_param: controller_names}
- memcached_node_ips_v6:
- repeat:
- template: "inet6:[NAME]"
- for_each:
- NAME: {get_param: memcache_node_ips}
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
stack_action: {get_param: StackAction}
RoleParameters:
type: json
description: Role Specific Parameters
+ default: {}
DeploymentSwiftDataMap:
type: json
description: |
server: {get_resource: BlockStorage}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: BlockStorage}
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: BlockStorageDeployment
properties:
server: {get_resource: BlockStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
value: {get_attr: [BlockStorage, os_collect_config]}
RoleParameters:
type: json
description: Role Specific Parameters
+ default: {}
DeploymentSwiftDataMap:
type: json
description: |
server: {get_resource: CephStorage}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
CephStorageExtraConfigPre:
depends_on: CephStorageDeployment
type: OS::TripleO::CephStorageExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
NodeExtraConfig:
depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: CephStorageDeployment
properties:
server: {get_resource: CephStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
value: {get_attr: [CephStorage, os_collect_config]}
RoleParameters:
type: json
description: Role Specific Parameters
+ default: {}
DeploymentSwiftDataMap:
type: json
description: |
server: {get_resource: NovaCompute}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
ComputeExtraConfigPre:
depends_on: NovaComputeDeployment
type: OS::TripleO::ComputeExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
NodeExtraConfig:
depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: NovaComputeDeployment
properties:
server: {get_resource: NovaCompute}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
hostname:
description: Hostname of the server
value: {get_attr: [NovaCompute, name]}
default: ''
description: Set to True to enable debugging on all services.
type: string
- EnableLoadBalancer:
- default: true
- description: Whether to deploy a LoadBalancer on the Controller
- type: boolean
ExtraConfig:
default: {}
description: |
RoleParameters:
type: json
description: Role Specific Parameters
+ default: {}
DeploymentSwiftDataMap:
type: json
description: |
server: {get_resource: Controller}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
- bootstack_nodeid: {get_attr: [Controller, name]}
- enable_load_balancer: {get_param: EnableLoadBalancer}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Map heat metadata into hiera datafiles
- {get_param: ControllerExtraConfig}
extraconfig: {get_param: ExtraConfig}
controller:
- # data supplied directly to this deployment configuration, etc
- bootstack_nodeid: {get_input: bootstack_nodeid}
- # Pacemaker
- enable_load_balancer: {get_input: enable_load_balancer}
-
# Misc
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: ControllerDeployment
properties:
server: {get_resource: Controller}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description:
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [Controller, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [Controller, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [Controller, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
parameters:
servers:
type: json
-
+ stack_name:
+ type: string
+ description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
-
+ ctlplane_service_ips:
+ type: json
UpdateIdentifier:
type: string
description: >
{%- endfor %}
properties:
servers: {get_param: servers}
+ stack_name: {get_param: stack_name}
role_data: {get_param: role_data}
+ ctlplane_service_ips: {get_param: ctlplane_service_ips}
outputs:
# Output the config for each role, just use Step1 as the config should be
server: {get_resource: SwiftStorage}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: SwiftStorage}
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: SwiftStorageHieraDeploy
properties:
server: {get_resource: SwiftStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
value: {get_attr: [SwiftStorage, os_collect_config]}
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
-
+ stack_name:
+ type: string
+ description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
-
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
+ ctlplane_service_ips:
+ type: json
resources:
# Note the include here is the same as post.j2.yaml but the data used at
{% set deploy_steps_max = 6 %}
-
conditions:
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
- {% for role in roles %}
+ {%- for role in roles %}
- not:
equals:
- get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
- ''
- False
- {% endfor %}
+ {%- endfor %}
{% endfor %}
resources:
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- {% if step == 1 %}
- {% for dep in roles %}
+ {%- if step == 1 %}
+ {%- for dep in roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
- {% endfor %}
- {% else %}
- {% for dep in roles %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
properties:
name: {{role.name}}Deployment_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
- {% for dep in roles %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step5
- {% endfor %}
+ {%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
- {% for dep in roles %}
+ {%- for dep in roles %}
- {{dep.name}}ExtraConfigPost
- {% endfor %}
+ {%- endfor %}
properties:
servers: {get_param: servers}
input_values:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
- {% if step == 1 %}
- {% for dep in roles %}
+ {%- if step == 1 %}
+ {%- for dep in roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
- {% endfor %}
- {% else %}
- {% for dep in roles %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in roles %}
- {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
type: direct
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
- {% for role in roles %}
+ {%- for role in roles %}
- get_param: [role_data, {{role.name}}, service_workflow_tasks]
- {% endfor %}
+ {%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
type: OS::Mistral::ExternalResource
params:
env:
service_ips: { get_param: ctlplane_service_ips }
+ role_merged_configs:
+ {%- for r in roles %}
+ {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
+ {%- endfor %}
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
+ role_merged_configs:
+ {%- for r in roles %}
+ {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
+ {%- endfor %}
always_update: true
{% endfor %}
# END service_workflow_tasks handling
+{# ## Some variables are set to enable rendering backwards compatible templates #}
+{# ## where a few parameter/resource names don't match the expected pattern #}
+{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- if role.name == 'Controller' -%}
+ {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
+{% endif %}
heat_template_version: pike
-description: 'OpenStack {{role}} node configured by Puppet'
+description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
- Overcloud{{role}}Flavor:
- description: Flavor for the {{role}} node.
+ Overcloud{{role.name}}Flavor:
+ description: Flavor for the {{role.name}} node.
default: baremetal
type: string
-{% if disable_constraints is not defined %}
+{% if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.flavor
{% endif %}
- {{role}}Image:
+ {{role.name}}Image:
type: string
default: overcloud-full
-{% if disable_constraints is not defined %}
+{% if role.disable_constraints is not defined %}
constraints:
- custom_constraint: glance.image
{% endif %}
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
default: default
-{% if disable_constraints is not defined %}
+{% if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.keypair
{% endif %}
default: {}
description: |
Additional hiera configuration to inject into the cluster. Note
- that {{role}}ExtraConfig takes precedence over ExtraConfig.
+ that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
type: json
- {{role}}ExtraConfig:
+ {{role.name}}ExtraConfig:
default: {}
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
- {{role}}IPs:
+{%- if deprecated_extraconfig_param is defined %}
+ {{deprecated_extraconfig_param}}:
+ default: {}
+ description: |
+ DEPRECATED use {{role.name}}ExtraConfig instead
+ type: json
+{%- endif %}
+ {{role.name}}IPs:
default: {}
type: json
NetworkDeploymentActions:
description: >
The DNS domain used for the hosts. This must match the
overcloud_domain_name configured on the undercloud.
- {{role}}ServerMetadata:
+ {{role.name}}ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API. This applies to
all roles and is merged with a role-specific metadata parameter.
type: json
- {{role}}SchedulerHints:
+ {{role.name}}SchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
RoleParameters:
type: json
description: Role Specific Parameters
+ default: {}
DeploymentSwiftDataMap:
type: json
description: |
object: 0
default: {}
+{% if deprecated_extraconfig_param is defined %}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - {{deprecated_extraconfig_param}}
+{%- endif %}
+
conditions:
server_not_blacklisted:
not:
- ""
resources:
- {{role}}:
- type: OS::TripleO::{{role}}Server
+ {{role.name}}:
+ type: OS::TripleO::{{role.name}}Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
splay: {get_param: ConfigCollectSplay}
properties:
- image: {get_param: {{role}}Image}
+ image: {get_param: {{role.name}}Image}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Overcloud{{role}}Flavor}
+ flavor: {get_param: Overcloud{{role.name}}Flavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
metadata:
map_merge:
- {get_param: ServerMetadata}
- - {get_param: {{role}}ServerMetadata}
+ - {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: {{role}}SchedulerHints}
+ scheduler_hints: {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
# For optional operator role-specific userdata
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
RoleUserData:
- type: OS::TripleO::{{role}}::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::{{role}}::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::{{role}}::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::{{role}}::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::{{role}}::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
- NodeIndex: {get_param: NodeIndex}
+ type: OS::TripleO::{{role.name}}::NodeUserData
- TenantPort:
- type: OS::TripleO::{{role}}::Ports::TenantPort
+ {%- for network in networks %}
+ {{network.name}}Port:
+ type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::{{role}}::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role}}IPs}
+ ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role.name}}IPs}
NodeIndex: {get_param: NodeIndex}
+ {%- endfor %}
NetworkConfig:
- type: OS::TripleO::{{role}}::Net::SoftwareConfig
+ type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
properties:
- ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
+ ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ {%- for network in networks %}
+ {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
+ {%- endfor %}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
- ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
+ ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ {%- for network in networks %}
+ {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
+ {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
+ {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
+ {%- endfor %}
NetHostMap:
type: OS::Heat::Value
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- external
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- external
internal_api:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- internalapi
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- internalapi
storage:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- storage
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- storage
storage_mgmt:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- storagemgmt
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- storagemgmt
tenant:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- tenant
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- tenant
management:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- management
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- management
ctlplane:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- ctlplane
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role}}, name]}
+ - - {get_attr: [{{role.name}}, name]}
- ctlplane
PreNetworkConfig:
- type: OS::TripleO::{{role}}::PreNetworkConfig
+ type: OS::TripleO::{{role.name}}::PreNetworkConfig
properties:
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
- {get_param: NetworkDeploymentActions}
- []
- {{role}}UpgradeInitConfig:
+ {{role.name}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
# Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- {{role}}UpgradeInitDeployment:
+ {{role.name}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
properties:
- name: {{role}}UpgradeInitDeployment
- server: {get_resource: {{role}}}
- config: {get_resource: {{role}}UpgradeInitConfig}
+ name: {{role.name}}UpgradeInitDeployment
+ server: {get_resource: {{role.name}}}
+ config: {get_resource: {{role.name}}UpgradeInitConfig}
actions:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
- {{role}}Deployment:
+ {{role.name}}Deployment:
type: OS::Heat::StructuredDeployment
- depends_on: {{role}}UpgradeInitDeployment
+ depends_on: {{role.name}}UpgradeInitDeployment
properties:
- name: {{role}}Deployment
- config: {get_resource: {{role}}Config}
- server: {get_resource: {{role}}}
+ name: {{role.name}}Deployment
+ config: {get_resource: {{role.name}}Config}
+ server: {get_resource: {{role.name}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
actions:
- ['CREATE', 'UPDATE']
- []
- {{role}}Config:
+ {{role.name}}Config:
type: OS::Heat::StructuredConfig
properties:
group: hiera
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- config_step
- - {{role.lower()}}_extraconfig
+ - {{role.name.lower()}}_extraconfig
- extraconfig
- service_names
- service_configs
- - {{role.lower()}}
+ - {{role.name.lower()}}
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig}
+ {{role.name.lower()}}_extraconfig:
+ map_merge:
+{%- if deprecated_extraconfig_param is defined %}
+ - {get_param: {{deprecated_extraconfig_param}}}
+{%- endif %}
+ - {get_param: {{role.name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
- {{role.lower()}}:
+ {{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
- depends_on: {{role}}Deployment
+ depends_on: {{role.name}}Deployment
type: OS::TripleO::NodeTLSCAData
properties:
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
- {{role}}ExtraConfigPre:
- depends_on: {{role}}Deployment
- type: OS::TripleO::{{role}}ExtraConfigPre
+ {{role.name}}ExtraConfigPre:
+ depends_on: {{role.name}}Deployment
+ type: OS::TripleO::{{role.name}}ExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
- depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
+ depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
input_values:
update_identifier:
get_param: UpdateIdentifier
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
- depends_on: {{role}}Deployment
+ depends_on: {{role.name}}Deployment
properties:
- server: {get_resource: {{role}}}
+ server: {get_resource: {{role.name}}}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
- value: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
hostname:
description: Hostname of the server
- value: {get_attr: [{{role}}, name]}
+ value: {get_attr: [{{role.name}}, name]}
hostname_map:
description: Mapping of network names to hostnames
value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
+ {%- for network in networks %}
+ {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
+ {%- endfor %}
ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
hosts_entry:
value:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ {%- for network in networks %}
+ {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
+ {%- endfor %}
CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role}}, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ {%- for network in networks %}
+ {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
+ {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
+ {%- endfor %}
+ CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
known_hosts_entry:
description: Entry for ssh known hosts
value:
str_replace:
template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
+ {%- for network in networks %}
+{{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
+ {%- endfor %}
CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role}}, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ {%- for network in networks %}
+ {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
+ {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
+ {%- endfor %}
+ CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
- description: Heat resource handle for {{role}} server
+ description: Heat resource handle for {{role.name}} server
value:
- {get_resource: {{role}}}
+ {get_resource: {{role.name}}}
condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [{{role}}, os_collect_config]}
+ value: {get_attr: [{{role.name}}, os_collect_config]}
+ {%- for network in networks %}
+ {{network.name_lower|default(network.name.lower())}}_ip_address:
+ description: IP address of the server in the {{network.name}} network
+ value: {get_attr: [{{network.name}}Port, ip_address]}
+ {%- endfor %}
OpenStack Aodh API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Aodh service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
- {get_param: Debug }
- {get_param: AodhDebug }
aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ aodh::notification_driver: {get_param: NotificationDriver}
aodh::rabbit_userid: {get_param: RabbitUserName}
aodh::rabbit_password: {get_param: RabbitPassword}
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
OpenStack Aodh Evaluator service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Aodh Listener service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Aodh Notifier service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
default: 256
description: Maximum number of Apache processes.
type: number
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
AuditD configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Barbican API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
e.g. { barbican-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
- service_debug_unset
- {get_param: Debug }
- {get_param: BarbicanDebug }
+ barbican::api::notification_driver: {get_param: NotificationDriver}
barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
barbican::api::rabbit_userid: {get_param: RabbitUserName}
barbican::api::rabbit_password: {get_param: RabbitPassword}
HAproxy service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Ceilometer Central Agent service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ceilometer Compute Agent service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ceilometer Ipmi Agent service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ceilometer Notification Agent service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ceilometer API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ceilometer service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
+ ceilometer::notification_driver: {get_param: NotificationDriver}
ceilometer::rabbit_userid: {get_param: RabbitUserName}
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
This service is deprecated and will be removed in future releases.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
MongoDbBase:
type: ./database/mongodb-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
future releases.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
GlanceRbdPoolName:
default: images
type: string
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GnocchiRbdPoolName:
default: metrics
type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
NovaRbdPoolName:
default: vms
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
parameters:
- ControllerEnableCephStorage
-conditions:
- glance_multiple_locations:
- and:
- - equals:
- - get_param: GlanceBackend
- - rbd
- - equals:
- - get_param: NovaEnableRbdBackend
- - true
-
outputs:
role_data:
description: Role data for the Ceph base service.
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
- service_config_settings:
- glance_api:
- glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
Ceph Client service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephBase:
type: ./ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
GlanceRbdPoolName:
default: images
type: string
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GnocchiRbdPoolName:
default: metrics
type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
NovaRbdPoolName:
default: vms
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
clients using older Ceph servers.
type: string
-conditions:
- glance_multiple_locations:
- and:
- - equals:
- - get_param: GlanceBackend
- - rbd
- - equals:
- - get_param: NovaEnableRbdBackend
- - true
-
outputs:
role_data:
description: Role data for the Ceph External service.
- ceph-base
- ceph-mon
- ceph-osd
- service_config_settings:
- glance_api:
- glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
step_config: |
include ::tripleo::profile::base::ceph::client
Ceph MDS service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephBase:
type: ./ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Ceph Monitor service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
CephValidationRetries:
type: number
- default: 5
+ default: 40
description: Number of retry attempts for Ceph validation
CephValidationDelay:
type: number
- default: 10
+ default: 30
description: Interval (in seconds) in between validation checks
MonitoringSubscriptionCephMon:
default: 'overcloud-ceph-mon'
CephBase:
type: ./ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
until: ceph_quorum_nodecheck.rc == 0
retries: {get_param: CephValidationRetries}
delay: {get_param: CephValidationDelay}
- - name: ceph osd crush tunables default
+ - name: set crush tunables
tags: step0
- shell: ceph osd crush tunables default
+ shell: ceph osd crush tunables optimal
Ceph OSD service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephBase:
type: ./ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Ceph RadosGW service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephBase:
type: ./ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Requests certificates using certmonger through Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: The password for the cinder service account, used by cinder-api.
type: string
hidden: true
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
cinder::keystone::authtoken::user_domain_name: 'Default'
cinder::keystone::authtoken::project_domain_name: 'Default'
cinder::policy::policies: {get_param: CinderApiPolicies}
+ cinder::ceilometer::notification_driver: {get_param: NotificationDriver}
cinder::api::enable_proxy_headers_parsing: true
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
CinderDellPsUseChap:
type: boolean
default: false
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderDellScExcludedDomainIp:
type: string
default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Openstack Cinder Netapp backend
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Openstack Cinder Pure Storage FlashArray backend
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderScaleIOSanThinProvision:
type: boolean
default: true
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephClientUserName:
default: openstack
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
default: ''
description: Set to True to enable debugging on Cinder services.
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderHPELeftHandDebug:
type: boolean
default: false
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Cinder Scheduler service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
CephClientUserName:
default: openstack
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Congress service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
e.g. { congress-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: CongressDebug}, '']}
- {get_param: Debug }
- {get_param: CongressDebug }
congress::rpc_backend: rabbit
+ congress::notification_driver: {get_param: NotificationDriver}
congress::rabbit_userid: {get_param: RabbitUserName}
congress::rabbit_password: {get_param: RabbitPassword}
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
MongoDbReplset:
type: string
default: "tripleo"
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
mongodb::server::journal: false
mongodb::server::ipv6: {get_param: MongoDbIPv6}
mongodb::server::replset: {get_param: MongoDbReplset}
+ # for now, we don't want to manage these services which are enabled
+ # by default with recent changes in puppet-systemd.
+ systemd::manage_networkd: false
+ systemd::manage_resolved: false
parameters:
#Parameters not used EndpointMap
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
MongoDbBase:
type: ./mongodb-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Mysql client settings
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
parameters:
#Parameters not used EndpointMap
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
+ # for now, we don't want to manage these services which are enabled
+ # by default with recent changes in puppet-systemd.
+ systemd::manage_networkd: false
+ systemd::manage_resolved: false
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
description: Configure Redis FD limit
type: string
default: 10240
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Redis service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
RedisBase:
type: ./redis-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Ceilometer API service, disabled since pike
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the disabled Ceilometer API role.
+ value:
+ service_name: ceilometer_api_disabled
+ upgrade_tasks:
+ - name: Purge Ceilometer apache config files
+ tags: step1
+ file: path=/etc/httpd/conf.d/10-ceilometer_wsgi.conf state=absent
+ - name: Clean up ceilometer port from ports.conf
+ tags: step1
+ lineinfile: dest=/etc/httpd/conf/ports.conf state=absent regexp="8777$"
OpenStack Ceilometer Collector service, disabled since pike
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Ceilometer Expirer service, disabled since pike
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
- name: Remove ceilometer expirer cron tab on upgrade
tags: step1
shell: '/usr/bin/crontab -u ceilometer -r'
+ register: remove_ceilometer_expirer_crontab
+ failed_when: remove_ceilometer_expirer_crontab.rc != 0 and remove_ceilometer_expirer_crontab.stderr != "no crontab for ceilometer"
+ changed_when: remove_ceilometer_expirer_crontab.stderr != "no crontab for ceilometer"
OpenStack Glance Registry service, disabled since ocata
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Mongodb service, disabled by default since pike
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack EC2-API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Etcd service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
External Swift Proxy endpoint configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Glance API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
GlanceRbdPoolName:
default: images
type: string
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
RabbitPassword:
description: The password for RabbitMQ
type: string
e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
+ glance_multiple_locations:
+ and:
+ - equals:
+ - get_param: GlanceBackend
+ - rbd
+ - equals:
+ - get_param: NovaEnableRbdBackend
+ - true
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
glance::keystone::authtoken::project_domain_name: 'Default'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
+ glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
+ glance::api::os_region_name: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::notify::rabbitmq::notification_driver: messagingv2
+ glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver}
tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
Gnocchi service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Gnocchi service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Gnocchi service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Gnocchi service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HAProxy deployment with TLS enabled, powered by certmonger
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
HAProxy deployment with TLS enabled, powered by certmonger
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
HAproxy service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableLoadBalancer:
+ default: true
+ description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
+ type: boolean
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
hidden: true
HAProxyPublicTLS:
type: OS::TripleO::Services::HAProxyPublicTLS
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HAProxyInternalTLS:
type: OS::TripleO::Services::HAProxyInternalTLS
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
+ enable_load_balancer: {get_param: EnableLoadBalancer}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
Openstack Heat CloudFormation API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HeatBase:
type: ./heat-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Openstack Heat CloudWatch API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HeatBase:
type: ./heat-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Openstack Heat API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HeatBase:
type: ./heat-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: 1048576
description: Maximum raw byte size of the Heat API JSON request body.
type: number
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
value:
service_name: heat_base
config_settings:
+ heat::notification_driver: {get_param: NotificationDriver}
heat::rabbit_userid: {get_param: RabbitUserName}
heat::rabbit_password: {get_param: RabbitPassword}
heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
Openstack Heat Engine service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
HeatBase:
type: ./heat-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Horizon service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Ironic API configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
IronicBase:
type: ./ironic-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ironic services configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Ironic conductor configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
IronicBase:
type: ./ironic-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Keepalived service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Load kernel modules with kmod and configure kernel options with sysctl.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
default: {}
hidden: true
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
parameter_groups:
- label: deprecated
parameters:
- KeystoneFernetKey0
- KeystoneFernetKey1
+ - KeystoneNotificationDriver
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
keystone::rabbit_port: {get_param: RabbitClientPort}
- keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_driver: {get_param: NotificationDriver}
keystone::notification_format: {get_param: KeystoneNotificationFormat}
keystone::roles::admin::email: {get_param: AdminEmail}
keystone::roles::admin::password: {get_param: AdminPassword}
description: Fluentd base service
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Fluentd client configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
description: Fluentd logging configuration
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Manila-api service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Openstack Manila Cephfs backend
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaServiceNetworkCidr:
type: string
default: '172.16.0.0/16'
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaNetappSnapmirrorQuiesceTimeout:
type: number
default: 3600
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Openstack Manila base service. Shared by manila-api/scheduler/share services
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: The password for the manila service account.
type: string
hidden: true
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: ManilaDebug}, '']}
value:
service_name: manila_base
config_settings:
+ manila::notification_driver: {get_param: NotificationDriver}
manila::rabbit_userid: {get_param: RabbitUserName}
manila::rabbit_password: {get_param: RabbitPassword}
manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
Manila-scheduler service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Manila-share service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Memcached service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Collectd client service
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Openstack Mistral API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
MistralBase:
type: ./mistral-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Openstack Mistral base service. Shared for all Mistral services.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
+ mistral::notification_driver: {get_param: NotificationDriver}
mistral::rabbit_userid: {get_param: RabbitUserName}
mistral::rabbit_password: {get_param: RabbitPassword}
mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
Openstack Mistral Engine service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
MistralBase:
type: ./mistral-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Openstack Mistral API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
MistralBase:
type: ./mistral-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
description: Sensu base service
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Sensu client configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
SensuBase:
type: ./sensu-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
and configures Contrail Analytics Database.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
and configures Contrail Analytics.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Base parameters for all Contrail Services.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
and configures Contrail Config.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
and configures Contrail Control.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
and configures Contrail Database.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
to orchestrate Contrail
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Opencontrail plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Provision Contrail services after deployment
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Contrail TSN Service
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Compute OpenContrail plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
and configures Contrail WebUI.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ContrailBase:
type: ./contrail-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Server configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
networks, neutron uses this value without modification. For overlay
networks such as VXLAN, neutron automatically subtracts the overlay
protocol overhead from this value.
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
neutron::rabbit_user: {get_param: RabbitUserName}
neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
neutron::rabbit_port: {get_param: RabbitClientPort}
+ neutron::notification_driver: {get_param: NotificationDriver}
neutron::core_plugin: {get_param: NeutronCorePlugin}
neutron::service_plugins: {get_param: NeutronServicePlugins}
neutron::debug:
BGPVPN API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Installs bigswitch agent and enables the services
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron Compute Midonet plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron Compute Nuage plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: {}
description: Parameters specific to the role
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron Compute Plumgrid plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron DHCP agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
description: >
L2 Gateway agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
L2 Gateway service plugin configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron L3 agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Neutron LBaaS service configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronLbaasInterfaceDriver:
+ default: 'neutron.agent.linux.interface.OVSInterfaceDriver'
+ type: string
+ NeutronLbaasDeviceDriver:
+ default: 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver'
+ type: string
+ NeutronServiceProviders:
+ default: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
+ description: Global list of service providers used by neutron. This
+ list should be passed in to ensure all service
+ providers desired by the user are included. The
+ provided default value only set the provider for the LBaaSv2
+ subsystem.This is currently incompatible with enabling
+ octavia-api as one service or the other will break because the defaults are different.
+ type: comma_delimited_list
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron LBaaS role.
+ value:
+ service_name: neutron_lbaas
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::lbaas::interface_driver: {get_param: NeutronLbaasInterfaceDriver}
+ neutron::agents::lbaas::device_driver: {get_param: NeutronLbaasDeviceDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::lbaas
+ service_config_settings:
+ neutron_api:
+ neutron::server::service_providers: {get_param: NeutronServiceProviders}
OpenStack Neutron Linuxbridge agent configured with Puppet.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Metadata agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Midonet plugin and services
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron OVS agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: comma_delimited_list
NeutronEnableDVR:
default: False
- description: |
- Enable support for distributed routing in the OVS Agent.
+ description: Enable Neutron DVR.
type: boolean
NeutronEnableARPResponder:
default: false
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronOvsAgent:
type: ./neutron-ovs-agent.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Configure hieradata for Fujitsu C-Fabric plugin configuration
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
description: Configure hieradata for Fujitsu fossw plugin configuration
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron ML2/OVN plugin configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron ML2 Plugin configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron NSX
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron Nuage plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron Plumgrid plugin
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Neutron SR-IOV nic agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: >
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Neutron ML2/VPP agent configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: >
NeutronBase:
type: ./neutron-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Nova API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
NovaWorkers:
default: 0
- description: Number of workers for Nova API service.
+ description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
- # Temporarily disable Nova API deployed in WSGI
- # https://bugs.launchpad.net/nova/+bug/1661360
- # ApacheServiceBase:
- # type: ./apache.yaml
- # properties:
- # ServiceNetMap: {get_param: ServiceNetMap}
- # DefaultPasswords: {get_param: DefaultPasswords}
- # EndpointMap: {get_param: EndpointMap}
- # RoleName: {get_param: RoleName}
- # RoleParameters: {get_param: RoleParameters}
- # EnableInternalTLS: {get_param: EnableInternalTLS}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- # Temporarily disable Nova API deployed in WSGI
- # https://bugs.launchpad.net/nova/+bug/1661360
- # - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo.nova_api.firewall_rules:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
- # Temporarily disable Nova API deployed in WSGI
- # https://bugs.launchpad.net/nova/+bug/1661360
- nova_wsgi_enabled: false
- # nova::api::service_name: 'httpd'
- # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+ nova_wsgi_enabled: true
+ nova::api::service_name: 'httpd'
+ nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
- # nova::wsgi::apache_api::servername:
- # str_replace:
- # template:
- # "%{hiera('fqdn_$NETWORK')}"
- # params:
- # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache_api::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_workers_zero
- {}
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
- # Temporarily disable Nova API deployed in WSGI
- # https://bugs.launchpad.net/nova/+bug/1661360
- # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
+ nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
step_config: |
include tripleo::profile::base::nova::api
service_config_settings:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
- # Temporarily disable Nova API deployed in WSGI
- # https://bugs.launchpad.net/nova/+bug/1661360
- # metadata_settings:
- # get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: get bootstrap nodeid
- tags: common
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - name: set is_bootstrap_node fact
- tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- - name: Extra migration for nova tripleo/+bug/1656791
- tags: step0,pre-upgrade
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
- - name: Stop and disable nova_api service (pre-upgrade not under httpd)
- tags: step2
- service: name=openstack-nova-api state=stopped enabled=no
- - name: Create puppet manifest to set transport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- copy:
- dest: /root/nova-api_upgrade_manifest.pp
- mode: 0600
- content: >
- $transport_url = os_transport_url({
- 'transport' => hiera('messaging_service_name', 'rabbit'),
- 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
- 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
- 'username' => hiera('nova::rabbit_userid', 'guest'),
- 'password' => hiera('nova::rabbit_password'),
- 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
- })
- oslo::messaging::default { 'nova_config':
- transport_url => $transport_url
- }
- - name: Run puppet apply to set tranport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
- register: puppet_apply_nova_api_upgrade
- failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
- changed_when: puppet_apply_nova_api_upgrade.rc == 2
- - name: Setup cell_v2 (map cell0)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
- - name: Setup cell_v2 (create default cell)
- tags: step5
- when: is_bootstrap_node
- # (owalsh) puppet-nova expects the cell name 'default'
- # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
- shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
- register: nova_api_create_cell
- failed_when: nova_api_create_cell.rc not in [0,2]
- changed_when: nova_api_create_cell.rc == 0
- - name: Setup cell_v2 (sync nova/cell DB)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db sync
- async: {get_param: NovaDbSyncTimeout}
- poll: 10
- - name: Setup cell_v2 (get cell uuid)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
- register: nova_api_cell_uuid
- - name: Setup cell_v2 (migrate hosts)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- - name: Setup cell_v2 (migrate instances)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- - name: Sync nova_api DB
- tags: step5
- command: nova-manage api_db sync
- when: is_bootstrap_node
- - name: Online data migration for nova
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
+ yaql:
+ expression: $.data.apache_upgrade + $.data.nova_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ nova_api_upgrade:
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Extra migration for nova tripleo/+bug/1656791
+ tags: step0,pre-upgrade
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
+ - name: Stop and disable nova_api service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
+ - name: Create puppet manifest to set transport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ copy:
+ dest: /root/nova-api_upgrade_manifest.pp
+ mode: 0600
+ content: >
+ $transport_url = os_transport_url({
+ 'transport' => hiera('messaging_service_name', 'rabbit'),
+ 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
+ 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
+ 'username' => hiera('nova::rabbit_userid', 'guest'),
+ 'password' => hiera('nova::rabbit_password'),
+ 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
+ })
+ oslo::messaging::default { 'nova_config':
+ transport_url => $transport_url
+ }
+ - name: Run puppet apply to set tranport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+ register: puppet_apply_nova_api_upgrade
+ failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
+ changed_when: puppet_apply_nova_api_upgrade.rc == 2
+ - name: Setup cell_v2 (map cell0)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
+ - name: Setup cell_v2 (create default cell)
+ tags: step5
+ when: is_bootstrap_node
+ # (owalsh) puppet-nova expects the cell name 'default'
+ # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
+ shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
+ register: nova_api_create_cell
+ failed_when: nova_api_create_cell.rc not in [0,2]
+ changed_when: nova_api_create_cell.rc == 0
+ - name: Setup cell_v2 (sync nova/cell DB)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db sync
+ async: {get_param: NovaDbSyncTimeout}
+ poll: 10
+ - name: Setup cell_v2 (get cell uuid)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
+ register: nova_api_cell_uuid
+ - name: Setup cell_v2 (migrate hosts)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
+ - name: Setup cell_v2 (migrate instances)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
+ - name: Sync nova_api DB
+ tags: step5
+ command: nova-manage api_db sync
+ when: is_bootstrap_node
+ - name: Online data migration for nova
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
OpenStack Nova base service. Shared for all Nova services.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
nova::host: '%{::fqdn}'
nova::notify_on_state_change: 'vm_and_task_state'
- nova::notification_driver: messagingv2
+ nova::notification_driver: {get_param: NotificationDriver}
nova::network::neutron::neutron_auth_type: 'v3password'
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
OpenStack Nova Compute service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephClientUserName:
default: openstack
type: string
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
- nova::compute::rbd::rbd_keyring:
- list_join:
- - '.'
- - - 'client'
- - {get_param: CephClientUserName}
- nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
+ nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
OpenStack Nova Conductor service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
NovaWorkers:
default: 0
- description: Number of workers for Nova Conductor service.
+ description: Number of workers for Nova services.
type: number
MonitoringSubscriptionNovaConductor:
default: 'overcloud-nova-conductor'
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Nova Consoleauth service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Nova Compute service configured with Puppet and using Ironic
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Libvirt service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
NovaComputeLibvirtType:
type: string
default: kvm
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
OpenStack Nova API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
NovaWorkers:
default: 0
- description: Number of workers for Nova API service.
+ description: Number of workers for Nova services.
type: number
conditions:
OpenStack Nova Placement API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
NovaWorkers:
default: 0
- description: Number of workers for Nova Placement API service.
+ description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account, used by nova-placement.
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Nova Scheduler service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Nova Vncproxy service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Octavia API service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OctaviaBase:
type: ./octavia-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Octavia base service. Shared for all Octavia services
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
- {get_param: Debug }
- {get_param: OctaviaDebug }
octavia::purge_config: {get_param: EnableConfigPurge}
+ octavia::notification_driver: {get_param: NotificationDriver}
octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
octavia::rabbit_userid: {get_param: RabbitUserName}
octavia::rabbit_password: {get_param: RabbitPassword}
OpenStack Octavia Health Manager service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OctaviaBase:
type: ./octavia-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Octavia Housekeeping service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OctaviaBase:
type: ./octavia-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Octavia Worker service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OctaviaBase:
type: ./octavia-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Ovs:
type: ./openvswitch.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
- opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
+ neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
+ neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
Open vSwitch Configuration
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
owner: root
group: root
mode: 0750
+ - name: Make yum cache.
+ command: yum makecache
- name: Download OVS packages.
command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch
- name: Get rpm list for manual upgrade of OVS.
OVN databases configured with puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Pacemaker service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Ceph RBD mirror service.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CephBase:
type: ../ceph-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
CephClientUserName:
default: openstack
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderBackupBase:
type: ../cinder-backup.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Cinder Volume service with Pacemaker configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
CinderVolumeBase:
type: ../cinder-volume.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
parameters:
#Parameters not used EndpointMap
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
MysqlBase:
type: ../../database/mysql.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Redis service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
RedisBase:
type: ../../database/redis.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
HAproxy service with Pacemaker configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
LoadbalancerServiceBase:
type: ../haproxy.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
The manila-share service with Pacemaker configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ManilaShareBase:
type: ../manila-share.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OVN databases configured with puppet in HA mode
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OVNDBsBase:
type: ../ovn-dbs.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RabbitMQ service with Pacemaker configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
RabbitMQServiceBase:
type: ../rabbitmq.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Pacemaker remote service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
be disabled in future releases.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
PankoBase:
type: ./panko-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Panko service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Qpid dispatch router service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: json
RabbitUserName:
default: guest
- description: The username for Qdr
+ description: The username for RabbitMQ
type: string
RabbitPassword:
- description: The password for Qdr
+ description: The password for RabbitMQ
type: string
hidden: true
RabbitClientPort:
- description: Listening port for Qdr
+ description: Set rabbit subscriber port, change this if using SSL
default: 5672
type: number
MonitoringSubscriptionQdr:
RabbitMQ service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Sahara API service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
SaharaBase:
type: ./sahara-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Sahara base service. Shared for all Sahara services.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
default: ["ambari","cdh","mapr","vanilla","spark","storm"]
description: Sahara enabled plugin list
type: comma_delimited_list
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
+ sahara::notify::notification_driver: {get_param: NotificationDriver}
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
OpenStack Sahara Engine service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
SaharaBase:
type: ./sahara-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
Configure securetty values
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
monitoring.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Configure sshd_config
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Swift Proxy service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Swift Proxy service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
type: string
SwiftCeilometerPipelineEnabled:
description: Set to False to disable the swift proxy ceilometer pipeline.
- default: True
+ default: false
type: boolean
SwiftCeilometerIgnoreProjects:
- default: ['services']
+ default: ['service']
description: Comma-seperated list of project names to ignore.
type: comma_delimited_list
RabbitClientPort:
conditions:
- ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
+ ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
- swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
- swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
- swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- swift::proxy::ceilometer::password: {get_param: SwiftPassword}
- swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
- swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
- swift::proxy::ceilometer::nonblocking_notify: true
+ -
+ if:
+ - ceilometer_pipeline_enabled
+ -
+ swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
+ swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+ swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ swift::proxy::ceilometer::password: {get_param: SwiftPassword}
+ swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
+ swift::proxy::ceilometer::nonblocking_notify: true
+ swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ - {}
+ - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
- ''
- 'proxy-logging'
- 'proxy-server'
- swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
OpenStack Swift Ringbuilder
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
OpenStack Swift Storage service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
SwiftBase:
type: ./swift-base.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
OpenStack Tacker service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
e.g. { tacker-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ NotificationDriver:
+ type: string
+ default: 'messagingv2'
+ description: Driver or drivers to handle sending notifications.
+ constraints:
+ - allowed_values: [ 'messagingv2', 'noop' ]
conditions:
service_debug_unset: {equals : [{get_param: TackerDebug}, '']}
- {get_param: Debug }
- {get_param: TackerDebug }
tacker::rpc_backend: rabbit
+ tacker::notification_driver: {get_param: NotificationDriver}
tacker::rabbit_userid: {get_param: RabbitUserName}
tacker::rabbit_password: {get_param: RabbitPassword}
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
and configure NTP.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Composable Timezone service
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
TripleO Firewall settings
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
TripleO Package installation settings
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Vpp service configured with Puppet
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Openstack Zaqar service. Shared for all Heat services.
parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ApacheServiceBase:
type: ./apache.yaml
properties:
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
--- /dev/null
+---
+features:
+ - Add a new output, DeployedServerEnvironment, that can be used as
+ the contents of an environment file. This environment file can then be used
+ as input into a services only stack when using split-stack. The parameter
+ simplifies the manual steps needed to deploy split-stack.
--- /dev/null
+---
+fixes:
+ - Disable ceilometer in the swift proxy middleware pipeline out of the box.
+ This generates a lot of events with gnocchi and swift backend and causes
+ heavy load. It should be easy to enable if needed.
--- /dev/null
+---
+features:
+ - Allows the configuration of the Neutron LBaaS
+ agent.
\ No newline at end of file
--- /dev/null
+---
+features:
+ - Allows the configuration of the Neutron LBaaS
+ agent.
--- /dev/null
+---
+features:
+ - |
+ There is now a tool in tripleo-heat-templates, similar to the
+ oslo-config-generator, that can be used to programmatically generate
+ sample environment files based directly on the contents of the templates
+ themselves. This ensures consistency in the sample environments, as well
+ as making it easier to update environments to reflect changes to the
+ templates.
+upgrade:
+ - |
+ Some sample environment files will be moving as part of the work to
+ generate them programmatically. The old versions will be left in place for
+ one cycle to allow a smooth upgrade process. When upgrading, if any of the
+ environment files in use for the deployment have been deprecated they
+ should be replaced with the new generated verions.
+deprecations:
+ - |
+ Where a generated sample environment replaces an existing one, the existing
+ environment is deprecated. This will be noted in a comment at the top of
+ the file.
--- /dev/null
+---
+features:
+ - |
+ Allow to configure the Message Queue notification driver.
+ By default, we'll configure 'messagingv2' but we can now
+ override NotificationDriver parameter and set 'noop' when
+ we don't want notifications, which is the case when
+ we disable Telemetry services.
+deprecations:
+ - KeystoneNotificationDriver is deprecated in favor of NotificationDriver.
--- /dev/null
+---
+fixes:
+ - Fixing an issue where a custom password for the
+ OpenDaylight controller caused the TripleO deployment
+ to fail
--- /dev/null
+---
+fixes:
+ - Fixed the openvswitch permission to allow ovs to access vhost
+ sockets created by qemu. This is a workaround until openvswitch
+ provides the actual solution.
+
--- /dev/null
+---
+features:
+ - |
+ The roles_data.yaml and roles_data_undercloud.yaml can be generated with
+ tox using ``tox -e genrolesdata``.
+ - |
+ pep8 now checks that the roles_data.yaml and roles_data_undercloud.yaml
+ matches data generated from the roles/ files.
--- /dev/null
+---
+other:
+ - |
+ Adds the ability to resolve network subnets from within
+ the service templates. The new ServiceData structure contains
+ a mapping like {network_name: cidr} in net_cidr_map.
\ No newline at end of file
--- /dev/null
+---
+fixes:
+ - |
+ Latest commits in puppet-systemd enabled by default systemd-networkd and
+ systemd-resolved but we don't want to manage them for now in TripleO.
+ MySQL and MongoDB services were managing some systemd resources so now
+ we ensure that these 2 systemd services are disabled. In the future, we
+ might want and activate these services and revert that patch but for now
+ we want to disable them.
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
- 'oslosphinx',
+ 'openstackdocstheme',
'reno.sphinxext',
]
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'default'
+html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']
+
+# openstackdocstheme options
+repository_name = 'openstack/tripleo-heat-templates'
+bug_project = 'tripleo'
+bug_tag = 'documentation'
pbr!=2.1.0,>=2.0.0 # Apache-2.0
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
+tripleo-common>=7.1.0 # Apache-2.0
--- /dev/null
+###############################################################################
+# Role: ComputeHCI #
+###############################################################################
+- name: ComputeHCI
+ description: |
+ Compute Node role hosting Ceph OSD too
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
+ - StorageMgmt
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Docker
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronBgpvpnApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicInspector
- OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::UndercloudAodhListener
- OS::TripleO::Services::UndercloudAodhNotifier
- OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentIpmi
- OS::TripleO::Services::UndercloudCeilometerAgentNotification
- OS::TripleO::Services::UndercloudGnocchiApi
- OS::TripleO::Services::UndercloudGnocchiMetricd
###############################################################################
-# File generated by tripleoclient
+# File generated by TripleO
###############################################################################
###############################################################################
# Role: Controller #
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Docker
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
+
###############################################################################
-# File generated by tripleoclient
+# File generated by TripleO
###############################################################################
###############################################################################
# Role: Undercloud #
- OS::TripleO::Services::UndercloudGnocchiStatsd
- OS::TripleO::Services::UndercloudPankoApi
- OS::TripleO::Services::Zaqar
+
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
+openstackdocstheme>=1.11.0 # Apache-2.0
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
-sphinx!=1.6.1,>=1.5.1 # BSD
-oslosphinx>=4.7.0 # Apache-2.0
+sphinx>=1.6.2 # BSD
reno!=2.3.1,>=1.8.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
print("jinja2 rendering roles %s" % ","
.join(role_names))
for role in role_names:
- j2_data = {'role': role}
- # (dprince) For the undercloud installer we don't
- # want to have heat check nova/glance API's
- if r_map[role].get('disable_constraints', False):
- j2_data['disable_constraints'] = True
+ j2_data = {'role': r_map[role]}
out_f = "-".join(
[role.lower(),
os.path.basename(f).replace('.role.j2.yaml',
'.yaml')])
out_f_path = os.path.join(out_dir, out_f)
if not (out_f_path in excl_templates):
- _j2_render_to_file(template_data, j2_data,
- out_f_path, overwrite)
+ if '{{role.name}}' in template_data:
+ j2_data = {'role': r_map[role],
+ 'networks': network_data}
+ _j2_render_to_file(template_data, j2_data,
+ out_f_path, overwrite)
+ else:
+ # Backwards compatibility with templates
+ # that specify {{role}} vs {{role.name}}
+ j2_data = {'role': role,
+ 'networks': network_data}
+ # (dprince) For the undercloud installer we
+ # don'twant to have heat check nova/glance
+ # API's
+ if r_map[role].get('disable_constraints',
+ False):
+ j2_data['disable_constraints'] = True
+ _j2_render_to_file(
+ template_data,j2_data,
+ out_f_path, overwrite)
+
else:
print('skipping rendering of %s' % out_f_path)
elif f.endswith('.j2.yaml'):
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+set -e
+
+SCRIPT_DIR=$(cd `dirname $0` && pwd -P)
+OUTPUT_DIR=${OUTPUT_DIR:-$(cd "${SCRIPT_DIR}/../" && pwd -P)}
+
+echo "Generating ${OUTPUT_DIR}/roles_data.yaml"
+$SCRIPT_DIR/roles-data-generate.py Controller Compute BlockStorage ObjectStorage CephStorage > $OUTPUT_DIR/roles_data.yaml
+
+echo "Generating ${OUTPUT_DIR}/roles_data_undercloud.yaml"
+$SCRIPT_DIR/roles-data-generate.py Undercloud > $OUTPUT_DIR/roles_data_undercloud.yaml
--- /dev/null
+#!/usr/bin/env python
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+import argparse
+import collections
+import os
+import sys
+
+from tripleo_common.utils import roles as rolesutils
+
+__tht_root_dir = os.path.dirname(os.path.dirname(__file__))
+__tht_roles_dir = os.path.join(__tht_root_dir, 'roles')
+
+
+def parse_opts(argv):
+ parser = argparse.ArgumentParser(
+ description='Generate roles_data.yaml for requested roles. NOTE: '
+ 'This is a stripped down version of what is provided by '
+ 'the tripleoclient. The tripleoclient should be used for '
+ 'additional functionality.')
+ parser.add_argument('--roles-path', metavar='<roles directory>',
+ help="Filesystem path containing the roles yaml files",
+ default=__tht_roles_dir)
+ parser.add_argument('roles', nargs="+", metavar='<role>',
+ help='List of roles to use to generate the '
+ 'roles_data.yaml file')
+ opts = parser.parse_args(argv[1:])
+
+ return opts
+
+opts = parse_opts(sys.argv)
+
+roles = collections.OrderedDict.fromkeys(opts.roles)
+print(rolesutils.generate_roles_data_from_directory(opts.roles_path,
+ roles.keys()))
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+set -e
+
+SCRIPT_DIR=$(cd `dirname $0` && pwd -P)
+THT_DIR=${OUTPUT_DIR:-$(cd "${SCRIPT_DIR}/../" && pwd -P)}
+TMPDIR=$(mktemp -d)
+
+function do_cleanup {
+ rm -rf $TMPDIR
+}
+trap do_cleanup EXIT
+
+function check_diff {
+ local thtfile=$1
+ local genfile=$2
+ echo -n "Performing diff on $thtfile $genfile... "
+ diff $thtfile $genfile > $TMPDIR/diff_results
+ if [ $? = 1 ]; then
+ echo "ERROR: Generated roles file not match the current ${thtfile}"
+ echo "Please make sure to update the appropriate roles/* files."
+ echo "Here is the diff ${thtfile} ${genfile}"
+ cat $TMPDIR/diff_results
+ exit 1
+ fi
+ echo "OK!"
+}
+
+OUTPUT_DIR=$TMPDIR
+source $SCRIPT_DIR/roles-data-generate-samples.sh
+
+set +e
+check_diff $THT_DIR/roles_data.yaml $TMPDIR/roles_data.yaml
+check_diff $THT_DIR/roles_data_undercloud.yaml $TMPDIR/roles_data_undercloud.yaml
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
- 'RoleName', 'RoleParameters']
+ 'RoleName', 'RoleParameters', 'ServiceData']
# NOTE(bnemec): The duplication in this list is intentional. For the
# transition to generated environments we have two copies of these files,
'metadata_settings', 'kolla_config']
REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',
'config_image']
-OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags' ]
+OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
+# Mapping of parameter names to a list of the fields we should _not_ enforce
+# consistency across files on. This should only contain parameters whose
+# definition we cannot change for backwards compatibility reasons. New
+# parameters to the templates should not be added to this list.
+PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'],
+ 'ManagementAllocationPools': ['default'],
+ 'ExternalNetCidr': ['default'],
+ 'ExternalAllocationPools': ['default'],
+ 'StorageNetCidr': ['default'],
+ 'StorageAllocationPools': ['default'],
+ 'StorageMgmtNetCidr': ['default'],
+ 'StorageMgmtAllocationPools': ['default'],
+ }
+
+PREFERRED_CAMEL_CASE = {
+ 'ec2api': 'Ec2Api',
+ 'haproxy': 'HAProxy',
+}
def exit_usage():
sys.exit(1)
+def to_camel_case(string):
+ return PREFERRED_CAMEL_CASE.get(string, ''.join(s.capitalize() or '_' for
+ s in string.split('_')))
+
+
def get_base_endpoint_map(filename):
try:
tpl = yaml.load(open(filename).read())
env_services_list = env_tpl['parameter_defaults']['ComputeServices']
env_services_list.remove('OS::TripleO::Services::CephOSD')
roles_filename = os.path.join(os.path.dirname(env_filename),
- '../roles_data.yaml')
+ '../roles/Compute.yaml')
roles_tpl = yaml.load(open(roles_filename).read())
for role in roles_tpl:
if role['name'] == 'Compute':
roles_services_list = role['ServicesDefault']
if sorted(env_services_list) != sorted(roles_services_list):
- print('ERROR: ComputeServices in %s is different '
- 'from ServicesDefault in roles_data.yaml' % env_filename)
+ print('ERROR: ComputeServices in %s is different from '
+ 'ServicesDefault in roles/Compute.yaml' % env_filename)
+ return 1
+ return 0
+
+
+def validate_hci_computehci_role(hci_role_filename, hci_role_tpl):
+ compute_role_filename = os.path.join(os.path.dirname(hci_role_filename),
+ './Compute.yaml')
+ compute_role_tpl = yaml.load(open(compute_role_filename).read())
+ compute_role_services = compute_role_tpl[0]['ServicesDefault']
+ for role in hci_role_tpl:
+ if role['name'] == 'ComputeHCI':
+ hci_role_services = role['ServicesDefault']
+ hci_role_services.remove('OS::TripleO::Services::CephOSD')
+ if sorted(hci_role_services) != sorted(compute_role_services):
+ print('ERROR: ServicesDefault in %s is different from'
+ 'ServicesDefault in roles/Compute.yaml' % hci_role_filename)
return 1
return 0
% (key, filename))
return 1
+ config_volume = puppet_config.get('config_volume')
+ expected_config_image_parameter = "Docker%sConfigImage" % to_camel_case(config_volume)
+ if config_volume and not expected_config_image_parameter in tpl.get('parameters', []):
+ print('ERROR: Missing %s heat parameter for %s config_volume.'
+ % (expected_config_image_parameter, config_volume))
+ return 1
+
+ if 'docker_config' in role_data:
+ docker_config = role_data['docker_config']
+ for _, step in docker_config.items():
+ for _, container in step.items():
+ if not isinstance(container, dict):
+ # NOTE(mandre) this skips everything that is not a dict
+ # so we may ignore some containers definitions if they
+ # are in a map_merge for example
+ continue
+ command = container.get('command', '')
+ if isinstance(command, list):
+ command = ' '.join(map(str, command))
+ if 'bootstrap_host_exec' in command \
+ and container.get('user') != 'root':
+ print('ERROR: bootstrap_host_exec needs to run as the root user.')
+ return 1
+
if 'parameters' in tpl:
for param in required_params:
if param not in tpl['parameters']:
return 0
-def validate(filename):
+def validate(filename, param_map):
+ """Validate a Heat template
+
+ :param filename: The path to the file to validate
+ :param param_map: A dict which will be populated with the details of the
+ parameters in the template. The dict will have the
+ following structure:
+
+ {'ParameterName': [
+ {'filename': ./file1.yaml,
+ 'data': {'description': '',
+ 'type': string,
+ 'default': '',
+ ...}
+ },
+ {'filename': ./file2.yaml,
+ 'data': {'description': '',
+ 'type': string,
+ 'default': '',
+ ...}
+ },
+ ...
+ ]}
+ """
print('Validating %s' % filename)
retval = 0
try:
if filename.endswith('hyperconverged-ceph.yaml'):
retval = validate_hci_compute_services_default(filename, tpl)
+ if filename.startswith('./roles/ComputeHCI.yaml'):
+ retval = validate_hci_computehci_role(filename, tpl)
+
except Exception:
print(traceback.format_exc())
return 1
# yaml is OK, now walk the parameters and output a warning for unused ones
if 'heat_template_version' in tpl:
- for p in tpl.get('parameters', {}):
+ for p, data in tpl.get('parameters', {}).items():
+ definition = {'data': data, 'filename': filename}
+ param_map.setdefault(p, []).append(definition)
if p in required_params:
continue
str_p = '\'%s\'' % p
failed_files = []
base_endpoint_map = None
env_endpoint_maps = list()
+param_map = {}
for base_path in path_args:
if os.path.isdir(base_path):
for subdir, dirs, files in os.walk(base_path):
+ if '.tox' in dirs:
+ dirs.remove('.tox')
for f in files:
if f.endswith('.yaml') and not f.endswith('.j2.yaml'):
file_path = os.path.join(subdir, f)
- failed = validate(file_path)
+ failed = validate(file_path, param_map)
if failed:
failed_files.append(file_path)
exit_val |= failed
if env_endpoint_map:
env_endpoint_maps.append(env_endpoint_map)
elif os.path.isfile(base_path) and base_path.endswith('.yaml'):
- failed = validate(base_path)
+ failed = validate(base_path, param_map)
if failed:
failed_files.append(base_path)
exit_val |= failed
failed_files.extend(set(envs_containing_endpoint_map) - matched_files)
exit_val |= 1
+# Validate that duplicate parameters defined in multiple files all have the
+# same definition.
+mismatch_count = 0
+for p, defs in param_map.items():
+ # Nothing to validate if the parameter is only defined once
+ if len(defs) == 1:
+ continue
+ check_data = [d['data'] for d in defs]
+ # Override excluded fields so they don't affect the result
+ exclusions = PARAMETER_DEFINITION_EXCLUSIONS.get(p, [])
+ ex_dict = {}
+ for field in exclusions:
+ ex_dict[field] = 'IGNORED'
+ for d in check_data:
+ d.update(ex_dict)
+ # If all items in the list are not == the first, then the check fails
+ if check_data.count(check_data[0]) != len(check_data):
+ mismatch_count += 1
+ # TODO(bnemec): Make this a hard failure once all the templates have
+ # been fixed.
+ #exit_val |= 1
+ #failed_files.extend([d['filename'] for d in defs])
+ print('Mismatched parameter definitions found for "%s"' % p)
+ print('Definitions found:')
+ for d in defs:
+ print(' %s:\n %s' % (d['filename'], d['data']))
+print('Mismatched parameter definitions: %d' % mismatch_count)
+
if failed_files:
print('Validation failed on:')
for f in failed_files:
commands = {posargs}
[testenv:pep8]
+whielist_externals =
+ bash
commands =
python ./tools/process-templates.py
python ./network/endpoints/build_endpoint_map.py --check
python ./tools/yaml-validate.py .
+ bash -c ./tools/roles-data-validation.sh
[testenv:templates]
commands = python ./tools/process-templates.py
commands =
python ./tools/process-templates.py
python ./tripleo_heat_templates/environment_generator.py sample-env-generator/
+
+[testenv:genroledata]
+whielist_externals =
+ bash
+commands =
+ bash -c tools/roles-data-generate-samples.sh
PING_CMD=ping6
fi
until [ $COUNT -ge $TIMES ]; do
- if $PING_CMD -w 300 -c 1 $IP_ADDR &> /dev/null; then
+ if $PING_CMD -w 10 -c 1 $IP_ADDR &> /dev/null; then
echo "Ping to $IP_ADDR succeeded."
return 0
fi
echo "Ping to $IP_ADDR failed. Retrying..."
COUNT=$(($COUNT + 1))
+ sleep 60
done
return 1
}