+----------------+-------------+-------------+-------------+-------------+-----------------+
| neutron-bgpvpn | | | | X | |
+----------------+-------------+-------------+-------------+-------------+-----------------+
+| neutron-l2gw | | | | X | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
| rabbitmq | X | X | X | X | X |
+----------------+-------------+-------------+-------------+-------------+-----------------+
| mongodb | X | X | | | |
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive validations that occur on all nodes.
-heat_template_version: ocata
+heat_template_version: pike
description: 'Bootstrap Config'
parameters:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-l2gw.yaml
title: Neutron L2 gateway Service Plugin
- description: Enables Neutron L2 gateway Service Plugin
+ description: Enables Neutron L2 gateway Service Plugin and Agent
requires:
- overcloud-resource-registry-puppet.yaml
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured
--- /dev/null
+# NOTE: This is an environment specific for containers upgrade
+# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
+# being containerization of services managed by pacemaker is not
+# complete, so we deploy and upgrade the non-HA services for now.
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+
+ # NOTE: This is needed because of upgrades from Ocata to Pike. We
+ # deploy the initial environment with Ocata templates, and
+ # overcloud-resource-registry.yaml there doesn't have this Docker
+ # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+ # remove this.
+ OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Sshd
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # Required for Centos 7.3 and Qemu 2.6.0
+ nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
+ SwiftCeilometerPipelineEnabled: False
+ Debug: True
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Core Service
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ CephPoolDefaultSize: 1
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
+ OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+ OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
+ OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
# These enable Pacemaker
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
- OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronL2gwApi
+ - OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
- NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+ NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+ L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
-heat_template_version: ocata
+heat_template_version: pike
description: >
HOT template to created resources deployed by scenario001.
-heat_template_version: ocata
+heat_template_version: pike
description: >
HOT template to created resources deployed by scenario002.
-heat_template_version: ocata
+heat_template_version: pike
description: >
HOT template to created resources deployed by scenario003.
-heat_template_version: ocata
+heat_template_version: pike
description: >
HOT template to created resources deployed by scenario004.
manila_share:
type: OS::Manila::Share
properties:
+ name: pingtest
+ share_type: { get_resource: manila_share_type }
share_protocol: CEPHFS
size: 1
-heat_template_version: ocata
+heat_template_version: pike
description: >
This template resides in tripleo-ci for Mitaka CI jobs only.
-heat_template_version: ocata
+heat_template_version: pike
description: Passwords we manage at the top level
-heat_template_version: ocata
+heat_template_version: pike
parameters:
network:
-heat_template_version: ocata
+heat_template_version: pike
description: "
A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on
-heat_template_version: ocata
+heat_template_version: pike
description: 'Deployed Server Bootstrap Config'
-heat_template_version: ocata
+heat_template_version: pike
description: 'Deployed Server Bootstrap Config'
-heat_template_version: ocata
+heat_template_version: pike
parameters:
image:
type: string
+++ /dev/null
-#!/bin/bash
-# This is where we stack puppet configuration (for now)...
-mkdir -p /var/lib/config-data
-
-# This is the docker-puppet configs end in
-mkdir -p /var/lib/docker-puppet
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
-heat_template_version: ocata
+heat_template_version: pike
description: >
Post-deploy configuration steps via puppet for all roles,
# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
{% for step in range(1, deploy_steps_max) %}
- {{primary_role_name}}DockerPuppetJsonConfig{{step}}:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json:
- {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']}
-
- {{primary_role_name}}DockerPuppetJsonDeployment{{step}}:
- type: OS::Heat::SoftwareDeployment
- properties:
- server: {get_param: [servers, {{primary_role_name}}, '0']}
- config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}}
-
{{primary_role_name}}DockerPuppetTasksConfig{{step}}:
type: OS::Heat::SoftwareConfig
properties:
- {{dep.name}}Deployment_Step{{step}}
- {{dep.name}}ContainersDeployment_Step{{step}}
{% endfor %}
- - {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
properties:
- name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
+ name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}}
server: {get_param: [servers, {{primary_role_name}}, '0']}
config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
input_values:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}ArtifactsConfig}
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}CreateConfigDir:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: create-config-dir.sh}
-
- {{role.name}}CreateConfigDirDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}CreateConfigDir}
-
- {{role.name}}HostPrepAnsible:
- type: OS::Heat::Value
- properties:
- value:
- str_replace:
- template: CONFIG
- params:
- CONFIG:
- - hosts: localhost
- connection: local
- tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
-
{{role.name}}HostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
- config: {get_attr: [{{role.name}}HostPrepAnsible, value]}
+ config:
+ str_replace:
+ template: _PLAYBOOK
+ params:
+ _PLAYBOOK:
+ - hosts: localhost
+ connection: local
+ vars:
+ puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
+ docker_puppet_script: {get_file: docker-puppet.py}
+ docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
+ docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
+ kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
+ bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+ tasks:
+ # Join host_prep_tasks with the other per-host configuration
+ yaql:
+ expression: $.data.host_prep_tasks + $.data.template_tasks
+ data:
+ host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
+ template_tasks:
+{%- raw %}
+ # This is where we stack puppet configuration (for now)...
+ - name: Create /var/lib/config-data
+ file: path=/var/lib/config-data state=directory
+ # This is the docker-puppet configs end in
+ - name: Create /var/lib/docker-puppet
+ file: path=/var/lib/docker-puppet state=directory
+ # this creates a JSON config file for our docker-puppet.py script
+ - name: Write docker-puppet-tasks json files
+ copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
+ # FIXME: can we move docker-puppet somewhere so it's installed via a package?
+ - name: Write docker-puppet.py
+ copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes
+ # Here we are dumping all the docker container startup configuration data
+ # so that we can have access to how they are started outside of heat
+ # and docker-cmd. This lets us create command line tools to test containers.
+ - name: Write docker-container-startup-configs
+ copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
+ - name: Create /var/lib/kolla/config_files directory
+ file: path=/var/lib/kolla/config_files state=directory
+ - name: Write kolla config json files
+ copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
+ with_dict: "{{kolla_config}}"
+ ########################################################
+ # Bootstrap tasks, only performed on bootstrap_server_id
+ ########################################################
+ - name: Write docker-puppet-tasks json files
+ copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
+ with_dict: "{{docker_puppet_tasks}}"
+ when: deploy_server_id == bootstrap_server_id
+{%- endraw %}
{{role.name}}HostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
- # this creates a JSON config file for our docker-puppet.py script
- {{role.name}}GenPuppetConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-puppet/docker-puppet.json:
- {get_param: [role_data, {{role.name}}, puppet_config]}
-
- {{role.name}}GenPuppetDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}GenPuppetConfig}
-
{{role.name}}GenerateConfig:
type: OS::Heat::SoftwareConfig
properties:
{{role.name}}GenerateConfigDeployment:
type: OS::Heat::SoftwareDeploymentGroup
- depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment, {{role.name}}HostPrepDeployment]
+ depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment]
properties:
name: {{role.name}}GenerateConfigDeployment
servers: {get_param: [servers, {{role.name}}]}
service_names: {get_param: [role_data, {{role.name}}, service_names]}
docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
- # Here we are dumping all the docker container startup configuration data
- # so that we can have access to how they are started outside of heat
- # and docker-cmd. This lets us create command line tools to start and
- # test these containers.
- {{role.name}}DockerConfigJsonStartupData:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- /var/lib/docker-container-startup-configs.json:
- {get_attr: [{{role.name}}DockerConfig, value]}
-
- {{role.name}}DockerConfigJsonStartupDataDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: {{role.name}}DockerConfigJsonStartupData}
- servers: {get_param: [servers, {{role.name}}]}
-
- {{role.name}}KollaJsonConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: json-file
- config:
- {get_param: [role_data, {{role.name}}, kolla_config]}
-
- {{role.name}}KollaJsonDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- name: {{role.name}}KollaJsonDeployment
- config: {get_resource: {{role.name}}KollaJsonConfig}
- servers: {get_param: [servers, {{role.name}}]}
-
# BEGIN BAREMETAL CONFIG STEPS
{{role.name}}PreConfig:
type: OS::Heat::StructuredDeploymentGroup
{% if step == 1 %}
depends_on:
- - {{role.name}}KollaJsonDeployment
- - {{role.name}}GenPuppetDeployment
- - {{role.name}}GenerateConfigDeployment
{%- for dep in roles %}
- {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
{%- endfor %}
+ - {{role.name}}PreConfig
+ - {{role.name}}HostPrepDeployment
+ - {{role.name}}GenerateConfigDeployment
{% else %}
depends_on:
{% for dep in roles %}
-heat_template_version: ocata
+heat_template_version: pike
parameters:
DockerNamespace:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
- command: /usr/bin/aodh-dbsync
+ command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
step_4:
aodh_api:
image: *aodh_image
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contains a static list of common things necessary for containers
value:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ # required for bootstrap_host_exec
+ - /etc/puppet:/etc/puppet:ro
# OpenSSL trusted CAs
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
-heat_template_version: ocata
+heat_template_version: pike
description: >
MongoDB service deployment using puppet and docker
-heat_template_version: ocata
+heat_template_version: pike
description: >
MySQL service deployment using puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized Redis services
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized etcd services
net: host
privileged: false
detach: false
+ user: root
volumes: &glance_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
step_4:
map_merge:
- glance_api:
- name: Stop and disable glance_api service
tags: step2
service: name=openstack-glance-api state=stopped enabled=no
+ metadata_settings:
+ get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
+ command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
step_4:
gnocchi_api:
image: *gnocchi_image
- name: Stop and disable heat_api_cfn service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HeatBase, role_data, metadata_settings]
- name: Stop and disable heat_api service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HeatBase, role_data, metadata_settings]
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /var/log/containers/heat:/var/log/heat
- command: ['heat-manage', 'db_sync']
+ command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
step_4:
heat_engine:
image: *heat_engine_image
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic/etc/:/etc/:ro
- /var/log/containers/ironic:/var/log/ironic
- command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+ command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
start_order: 10
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
keystone:
- start_order: 1
+ start_order: 2
image: *keystone_image
net: host
privileged: false
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
keystone_bootstrap:
- start_order: 2
+ start_order: 3
action: exec
command:
- [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/:/etc/:ro
- /var/log/containers/mistral:/var/log/mistral
- command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+ command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
start_order: 2
image: *mistral_image
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
- command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+ command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
step_4:
mistral_api:
start_order: 15
net: host
privileged: false
detach: false
- # FIXME: we should make config file permissions right
- # and run as neutron user
user: root
volumes:
list_concat:
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
- command: ['neutron-db-manage', 'upgrade', 'heads']
+ command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
+ # FIXME: we should make config file permissions right
+ # and run as neutron user
+ #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
step_4:
map_merge:
- neutron_api:
- name: Stop and disable neutron_api service
tags: step2
service: name=neutron-server state=stopped enabled=no
+ metadata_settings:
+ get_attr: [NeutronBase, role_data, metadata_settings]
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Neutron Metadata agent
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNeutronMetadataImage:
+ description: image
+ default: 'centos-binary-neutron-metadata-agent:latest'
+ type: string
+ # we configure all neutron services in the same neutron
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-server:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NeutronMetadataBase:
+ type: ../../puppet/services/neutron-metadata.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for Neutron Metadata agent
+ value:
+ service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]}
+ config_settings: {get_attr: [NeutronMetadataBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NeutronMetadataBase, role_data, step_config]
+ puppet_config:
+ puppet_tags: neutron_config,neutron_metadata_agent_config
+ config_volume: neutron
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/neutron-metadata-agent.json:
+ command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
+ permissions:
+ - path: /var/log/neutron
+ owner: neutron:neutron
+ recurse: true
+ docker_config:
+ step_4:
+ neutron_metadata_agent:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ]
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ - /var/log/containers/neutron:/var/log/neutron
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/neutron
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable neutron_metadata service
+ tags: step2
+ service: name=neutron-metadata-agent state=stopped enabled=no
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized Neutron ML2 Plugin configured with Puppet
image: *nova_api_image
net: host
detach: false
+ user: root
volumes: &nova_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
# FIXME: we probably want to wait on the 'cell_v2 update' in order for this
# to be capable of upgrading a baremetal setup. This is to ensure the name
# of the cell is 'default'
image: *nova_api_image
net: host
detach: false
+ user: root
volumes: *nova_api_volumes
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'map_cell0'
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
start_order: 3
image: *nova_api_image
# this idempotent (if the resource already exists a conflict
# is raised)
exit_codes: [0,2]
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'create_cell'
- - '--name="default"'
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
nova_db_sync:
start_order: 4
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_volumes
- command: ['/usr/bin/nova-manage', 'db', 'sync']
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
net: host
detach: false
volumes: *nova_api_volumes
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'discover_hosts'
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
host_prep_tasks:
- name: create persistent logs directory
file:
description: image
default: 'centos-binary-nova-compute:latest'
type: string
+ EnablePackageInstall:
+ default: 'false'
+ description: Set to true to enable package installation
+ type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu
+ - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ - name: set enable_package_install fact
+ set_fact:
+ enable_package_install: {get_param: EnablePackageInstall}
+ # We use virtlogd on host, so when using Deployed Server
+ # feature, we need to ensure libvirt is installed.
+ - name: install libvirt-daemon
+ package:
+ name: libvirt-daemon
+ state: present
+ when: enable_package_install
+ - name: start virtlogd socket
+ service:
+ name: virtlogd.socket
+ state: started
+ enabled: yes
+ when: enable_package_install
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized Nova Metadata service
--- /dev/null
+heat_template_version: pike
+
+description: >
+ MySQL service deployment with pacemaker bundle
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ../../containers-common.yaml
+
+ MysqlPuppetBase:
+ type: ../../../../puppet/services/pacemaker/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Containerized service MySQL using composable services.
+ value:
+ service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerMysqlImage}
+ step_config: ""
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: mysql
+ puppet_tags: file # set this even though file is the default
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+ - "exec {'wait-for-settle': command => '/bin/true' }"
+ - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
+ config_image: *mysql_image
+ kolla_config:
+ /var/lib/kolla/config_files/mysql.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - dest: /etc/my.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/my.cnf.d/galera.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/sysconfig/clustercheck
+ source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+ owner: root
+ perm: '0600'
+ docker_config:
+ step_1:
+ mysql_data_ownership:
+ start_order: 0
+ detach: false
+ image: *mysql_image
+ net: host
+ user: root
+ # Kolla does only non-recursive chown
+ command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
+ volumes:
+ - /var/lib/mysql:/var/lib/mysql
+ mysql_bootstrap:
+ start_order: 1
+ detach: false
+ image: *mysql_image
+ net: host
+ # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
+ command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+ volumes: &mysql_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/mysql:/var/lib/mysql
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ # NOTE(mandre) skip wsrep cluster status check
+ - KOLLA_KUBERNETES=True
+ -
+ list_join:
+ - '='
+ - - 'DB_ROOT_PASSWORD'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ step_2:
+ mysql_init_bundle:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
+ image: *mysql_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+ - /var/lib/mysql:/var/lib/mysql:rw
+ host_prep_tasks:
+ - name: create /var/lib/mysql
+ file:
+ path: /var/lib/mysql
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable mysql service
+ tags: step2
+ service: name=mariadb state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized HAproxy service for pacemaker
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHAProxyImage:
+ description: image
+ default: 'centos-binary-haproxy:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ HAProxyBase:
+ type: ../../../puppet/services/pacemaker/haproxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy role.
+ value:
+ service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HAProxyBase, role_data, config_settings]
+ - tripleo::haproxy::haproxy_daemon: false
+ haproxy_docker: true
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ step_config:
+ list_join:
+ - "\n"
+ - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: haproxy
+ puppet_tags: haproxy_config
+ step_config:
+ list_join:
+ - "\n"
+ - - "exec {'wait-for-settle': command => '/bin/true' }"
+ - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+ - *noop_pcmk
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ config_image: *haproxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/haproxy.json:
+ command: haproxy -f /etc/haproxy/haproxy.cfg
+ docker_config:
+ step_2:
+ haproxy_init_bundle:
+ start_order: 3
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG:
+ list_join:
+ - ';'
+ - - *noop_firewall
+ - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+ image: *haproxy_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ metadata_settings:
+ get_attr: [HAProxyBase, role_data, metadata_settings]
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Rabbitmq service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRabbitmqImage:
+ description: image
+ default: 'centos-binary-rabbitmq:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ RabbitmqBase:
+ type: ../../../puppet/services/rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Rabbitmq API role.
+ value:
+ service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RabbitmqBase, role_data, config_settings]}
+ - rabbitmq::service_manage: false
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerRabbitmqImage}
+ step_config: &step_config
+ get_attr: [RabbitmqBase, role_data, step_config]
+ service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: rabbitmq
+ puppet_tags: file
+ step_config: *step_config
+ config_image: *rabbitmq_image
+ kolla_config:
+ /var/lib/kolla/config_files/rabbitmq.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ permissions:
+ - path: /var/lib/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ - path: /var/log/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ # When using pacemaker we don't launch the container, instead that is done by pacemaker
+ # itself.
+ docker_config:
+ step_1:
+ rabbitmq_bootstrap:
+ start_order: 0
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/lib/rabbitmq:/var/lib/rabbitmq
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ -
+ list_join:
+ - '='
+ - - 'RABBITMQ_CLUSTER_COOKIE'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ step_2:
+ rabbitmq_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
+ image: *rabbitmq_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create /var/lib/rabbitmq
+ file:
+ path: /var/lib/rabbitmq
+ state: directory
+ - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
+ shell: |
+ echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
+ echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
+ for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ upgrade_tasks:
+ - name: Stop and disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server state=stopped enabled=no
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
- command: /usr/bin/panko-dbsync
+ command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
step_4:
panko_api:
start_order: 2
-heat_template_version: ocata
+heat_template_version: pike
description: >
Utility stack to convert an array of services into a set of combined
- name: Stop and disable swift_proxy service
tags: step2
service: name=openstack-swift-proxy state=stopped enabled=no
+ metadata_settings:
+ get_attr: [SwiftProxyBase, role_data, metadata_settings]
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Swift Ringbuilder
CinderDellScSanIp: ''
CinderDellScSanLogin: 'Admin'
CinderDellScSanPassword: ''
- CinderDellScSsn: '64702'
+ CinderDellScSsn: 64702
CinderDellScIscsiIpAddress: ''
- CinderDellScIscsiPort: '3260'
- CinderDellScApiPort: '3033'
+ CinderDellScIscsiPort: 3260
+ CinderDellScApiPort: 3033
CinderDellScServerFolder: 'dellsc_server'
CinderDellScVolumeFolder: 'dellsc_volume'
+ CinderDellScSecondarySanIp: ''
+ CinderDellScSecondarySanLogin: 'Admin'
+ CinderDellScSecondarySanPassword: ''
+ CinderDellScSecondaryScApiPort: 3033
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces
--- /dev/null
+# This heat environment can be used to disable all of the telemetry services.
+# It is most useful in a resource constrained environment or one in which
+# telemetry is not needed.
+
+resource_registry:
+ OS::TripleO::Services::CeilometerApi: OS::Heat::None
+ OS::TripleO::Services::CeilometerCollector: OS::Heat::None
+ OS::TripleO::Services::CeilometerExpirer: OS::Heat::None
+ OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
+ OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
+ OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
+ OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
+ OS::TripleO::Services::GnocchiApi: OS::Heat::None
+ OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
+ OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
+ OS::TripleO::Services::AodhApi: OS::Heat::None
+ OS::TripleO::Services::AodhEvaluator: OS::Heat::None
+ OS::TripleO::Services::AodhNotifier: OS::Heat::None
+ OS::TripleO::Services::AodhListener: OS::Heat::None
+ OS::TripleO::Services::PankoApi: OS::Heat::None
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Sshd
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
OS::TripleO::Services: ../docker/services/services.yaml
parameter_defaults:
- # Defaults to 'tripleoupstream'. Specify a local docker registry
- # Example: 192.168.24.1:8787/tripleoupstream
- DockerNamespace: tripleoupstream
- DockerNamespaceIsRegistry: false
+ # To specify a local docker registry, enable these
+ # where 192.168.24.1 is the host running docker-distribution
+ #DockerNamespace: 192.168.24.1:8787/tripleoupstream
+ #DockerNamespaceIsRegistry: true
ComputeServices:
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::CeilometerAgentCompute
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
ControllerExtraConfig:
'nova::network::neutron::neutron_url_timeout': '60'
+
+ DatabaseSyncTimeout: 900
--- /dev/null
+# A Heat environment file that can be used to deploy Neutron L2 Gateway service
+#
+# Currently there are only two service provider for Neutron L2 Gateway
+# This file enables L2GW service with OpenDaylight as driver.
+#
+# - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+resource_registry:
+ OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
+ L2gwServiceProvider: ['L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default']
+
+ # Optional
+ # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+ # L2gwServiceDefaultDeviceName: "Switch1"
+ # L2gwServiceQuotaL2Gateway: 10
+ # L2gwServicePeriodicMonitoringInterval: 5
# - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
resource_registry:
OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+ OS::TripleO::Services::NeutronL2gwAgent: ../puppet/services/neutron-l2gw-agent.yaml
parameter_defaults:
NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
- L2gwServiceProvider: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+ L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
# Optional
- # L2gwServiceDefaultInterfaceName:
- # L2gwServiceDefaultDeviceName:
- # L2gwServiceQuotaL2Gateway:
- # L2gwServicePeriodicMonitoringInterval:
+ # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+ # L2gwServiceDefaultDeviceName: "Switch1"
+ # L2gwServiceQuotaL2Gateway: 10
+ # L2gwServicePeriodicMonitoringInterval: 5
+ # L2gwAgentOvsdbHosts: ["ovsdb1:127.0.0.1:6632"]
+ # L2gwAgentEnableManager: False
+ # L2gwAgentManagerTableListeningPort: "6633"
+ # L2gwAgentPeriodicInterval: 20
+ # L2gwAgentMaxConnectionRetries: 10
+ # L2gwAgentSocketTimeout: 30
--- /dev/null
+## A Heat environment that can be used to deploy linuxbridge
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronLinuxbridgeAgent: ../puppet/services/neutron-linuxbridge-agent.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ['linuxbridge']
#NeutronDpdkMemoryChannels: ""
NeutronDatapathType: "netdev"
- NeutronVhostuserSocketDir: "/var/run/openvswitch"
+ NeutronVhostuserSocketDir: "/var/lib/vhost_sockets"
#NeutronDpdkSocketMemory: ""
#NeutronDpdkDriverType: "vfio-pci"
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
+ CephPoolDefaultSite: 1
+
resource_registry:
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
+ OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
resource_registry:
OS::TripleO::Services::CeilometerCollector: ../../puppet/services/ceilometer-collector.yaml
+ OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
resource_registry:
OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
+ OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml
OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
resource_registry:
OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+ OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
-heat_template_version: ocata
+heat_template_version: pike
description: >
Example extra config for cluster config
-heat_template_version: ocata
+heat_template_version: pike
description: >
Example extra config for cluster config
-heat_template_version: ocata
+heat_template_version: pike
description: Template file to add a swap partition to a node.
-heat_template_version: ocata
+heat_template_version: pike
description: Template file to add a swap file to a node.
-heat_template_version: ocata
+heat_template_version: pike
description: 'Generates the relevant service principals for a server'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: 'Extra Post Deployment Config'
parameters:
servers:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Example extra config for post-deployment
-heat_template_version: ocata
+heat_template_version: pike
description: >
Example extra config for post-deployment, this re-runs every update
-heat_template_version: ocata
+heat_template_version: pike
description: >
RHEL Registration and unregistration software deployments.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Do some configuration, then reboot - sometimes needed for early-boot
-heat_template_version: ocata
+heat_template_version: pike
description: >
Do some configuration, then reboot - sometimes needed for early-boot
-heat_template_version: ocata
+heat_template_version: pike
description: 'Post-Puppet Config for Pacemaker deployments'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: 'Post-Puppet restart config for Pacemaker deployments'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: 'Pre-Puppet Config for Pacemaker deployments'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
This is a template which will fetch the ssh host public key.
-heat_template_version: ocata
+heat_template_version: pike
description: 'SSH Known Hosts Config'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software-config for performing package updates using yum
-heat_template_version: ocata
+heat_template_version: pike
description: 'No-op yum update task'
resources:
-heat_template_version: ocata
+heat_template_version: pike
parameters:
ContrailRepo:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configure os-net-config mappings for specific nodes
-heat_template_version: ocata
+heat_template_version: pike
description: >
This is a default no-op template which provides empty user-data
-heat_template_version: ocata
+heat_template_version: pike
description: >
This is first boot configuration for development purposes. It allows
-heat_template_version: ocata
+heat_template_version: pike
# NOTE: You don't need to pass the parameter explicitly from the
# parent template, it can be specified via the parameter_defaults
-heat_template_version: ocata
+heat_template_version: pike
parameters:
# Can be overridden via parameter_defaults in the environment
-heat_template_version: ocata
+heat_template_version: pike
description: >
Uses cloud-init to enable root logins and set the root password.
-heat_template_version: ocata
+heat_template_version: pike
description: 'All Hosts Config'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to no-op for os-net-config. Using this will allow you
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6
on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the
compute role with external bridge for DVR.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the compute role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External
network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the controller role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure multiple interfaces for the swift storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the ceph storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the cinder storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the compute role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the controller role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the swift storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the ceph storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the cinder storage role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the compute role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the controller role.
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to drive os-net-config to configure VLANs for the swift storage role.
parameters:
def generate_endpoint_map_template(config):
return collections.OrderedDict([
- ('heat_template_version', 'ocata'),
+ ('heat_template_version', 'pike'),
('description', 'A map of OpenStack endpoints. Since the endpoints '
'are URLs, we need to have brackets around IPv6 IP addresses. The '
'inputs to these parameters come from net_ip_uri_map, which will '
'': /v1
port: 6385
+IronicInspector:
+ Internal:
+ net_param: IronicInspector
+ Public:
+ net_param: Public
+ Admin:
+ net_param: IronicInspector
+ port: 5050
+
Zaqar:
Internal:
net_param: ZaqarApi
### This file is automatically generated from endpoint_data.yaml
### by the script build_endpoint_map.py
-heat_template_version: ocata
+heat_template_version: pike
description: A map of OpenStack endpoints. Since the endpoints are URLs,
we need to have brackets around IPv6 IP addresses. The inputs to these
parameters come from net_ip_uri_map, which will include these brackets
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
+ IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
+ IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
+ IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, IronicPublic, port]
+ IronicInspectorAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ port:
+ get_param: [EndpointMap, IronicInspectorAdmin, port]
+ protocol:
+ get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorAdmin, port]
+ IronicInspectorInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ port:
+ get_param: [EndpointMap, IronicInspectorInternal, port]
+ protocol:
+ get_param: [EndpointMap, IronicInspectorInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicInspectorNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicInspectorNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorInternal, port]
+ IronicInspectorPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, IronicInspectorPublic, port]
+ protocol:
+ get_param: [EndpointMap, IronicInspectorPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInspectorPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInspectorPublic, port]
KeystoneAdmin:
host:
str_replace:
-heat_template_version: ocata
+heat_template_version: pike
description: >
External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
-heat_template_version: ocata
+heat_template_version: pike
description: >
External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Internal API network. Used for most APIs, Database, RPC.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Internal API network. Used for most APIs, Database, RPC.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Management network. System administration, SSH, DNS, NTP, etc. This network
-heat_template_version: ocata
+heat_template_version: pike
description: >
Management network. System administration, SSH, DNS, NTP, etc. This network
-heat_template_version: ocata
+heat_template_version: pike
description: Create networks to split out Overcloud traffic
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port for a VIP on the undercloud ctlplane network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the external network. The IP address will be chosen
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs. This version is for IPv6
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the external network. The IP address will be chosen
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a service mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a service mapped list of IPv6 IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the internal_api network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs. This version is for IPv6
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the internal_api network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the management network. The IP address will be chosen
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs. This version is for IPv6
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the management network. The IP address will be chosen
-heat_template_version: ocata
+heat_template_version: pike
parameters:
ControlPlaneIpList:
-heat_template_version: ocata
+heat_template_version: pike
parameters:
ControlPlaneIp:
-heat_template_version: ocata
+heat_template_version: pike
parameters:
# Set these via parameter defaults to configure external VIPs
-heat_template_version: ocata
+heat_template_version: pike
parameters:
# Set these via parameter defaults to configure external VIPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns the control plane port (provisioning network) as the ip_address.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the storage network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs. This version is for IPv6
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the storage_mgmt API network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs This version is for IPv6
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the storage_mgmt API network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the storage network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the tenant network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Returns an IP from a network mapped list of IPs
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port on the tenant network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port for a VIP on the isolated network NetworkName.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Creates a port for a VIP on the isolated network NetworkName.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Mapping of service_name_network -> network name
GlanceApiNetwork: storage
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
+ IronicInspectorNetwork: ctlplane
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
KeystonePublicApiNetwork: internal_api
ManilaApiNetwork: internal_api
-heat_template_version: ocata
+heat_template_version: pike
description: >
Storage network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Storage management network. Storage replication, etc.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Storage management network. Storage replication, etc.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Storage network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Tenant network.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Tenant IPv6 network.
OS::TripleO::Services::Congress: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
+ OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
+ OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
- OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
+ OS::TripleO::Services::MongoDb: puppet/services/disabled/mongodb-disabled.yaml
OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml
OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml
OS::TripleO::Services::Tacker: OS::Heat::None
OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
- OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector.yaml
- OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer.yaml
+ OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml
+ OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml
OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
{%- endfor -%}
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
-heat_template_version: ocata
+heat_template_version: pike
description: >
Deploy an OpenStack environment, consisting of several node types (roles),
description: >
Set to true to append per network Vips to /etc/hosts on each node.
+ DeploymentServerBlacklist:
+ default: []
+ type: comma_delimited_list
+ description: >
+ List of server hostnames to blacklist from any triggered deployments.
+
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
RoleName: {{role.name}}
RoleParameters: {get_param: {{role.name}}Parameters}
+ # Lookup of role_data via heat outputs is slow, so workaround this by caching
+ # the value in an OS::Heat::Value resource
+ {{role.name}}ServiceChainRoleData:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value: {get_attr: [{{role.name}}ServiceChain, role_data]}
+
# Filter any null/None service_names which may be present due to mapping
# of services to OS::Heat::None
{{role.name}}ServiceNames:
value:
yaql:
expression: coalesce($.data, []).where($ != null)
- data: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+ data: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_names]}
{{role.name}}HostsDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}HostsDeployment
config: {get_attr: [hostsConfig, config_id]}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}SshKnownHostsDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}SshKnownHostsDeployment
config: {get_resource: SshKnownHostsConfig}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}AllNodesDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}AllNodesDeployment
config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
input_values:
# Note we have to use yaql to look up the first hostname/ip in the
# list because heat path based attributes operate on the attribute
properties:
name: {{role.name}}AllNodesValidationDeployment
config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}IpListMap:
type: OS::TripleO::Network::Ports::NetIpListMap
EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
- NetworkHostnameMap:
+ NetworkHostnameMap: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
+
+ {{role.name}}NetworkHostnameMap:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
# Note (shardy) this somewhat complex yaql may be replaced
# with a map_deep_merge function in ocata. It merges the
# list of maps, but appends to colliding lists so we can
{% endif %}
ServiceConfigSettings:
map_merge:
- - get_attr: [{{role.name}}ServiceChain, role_data, config_settings]
+ - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings]
{% for r in roles %}
- get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
{% endfor %}
{% endfor %}
services: {get_attr: [{{role.name}}ServiceNames, value]}
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
- MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
- ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]}
+ MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
+ ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
+ DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
+{% endfor %}
+
+{% for role in roles %}
+ {{role.name}}Servers:
+ type: OS::Heat::Value
+ depends_on: {{role.name}}
+ properties:
+ type: json
+ value:
+ yaql:
+ expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
+ data:
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
+ # This resource just creates a dict out of the DeploymentServerBlacklist,
+ # which is a list. The dict is used in the role templates to set a condition
+ # on whether to create the deployment resources. We can't use the list
+ # directly because there is no way to ask Heat if a list contains a specific
+ # value.
+ DeploymentServerBlacklistDict:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_merge:
+ repeat:
+ template:
+ hostname: 1
+ for_each:
+ hostname: {get_param: DeploymentServerBlacklist}
+
hostsConfig:
type: OS::TripleO::Hosts::SoftwareConfig
properties:
data:
groups:
{% for role in roles %}
- - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
+ - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]}
{% endfor %}
logging_sources:
yaql:
data:
sources:
{% for role in roles %}
- - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
+ - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]}
{% endfor %}
controller_ips: {get_attr: [{{primary_role_name}}, ip_address]}
controller_names: {get_attr: [{{primary_role_name}}, hostname]}
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
input_values:
deploy_identifier: {get_param: DeployIdentifier}
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
# Post deployment steps for all roles
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
role_data:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+ {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
{% endfor %}
outputs:
description: The configuration data associated with each role
value:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+ {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
{% endfor %}
RoleNetIpMap:
description: Mapping of each network to a list of IPs for each role
value:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}IpListMap, net_ip_map]}
+{% endfor %}
+ RoleNetHostnameMap:
+ description: Mapping of each network to a list of hostnames for each role
+ value:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
{% endfor %}
-heat_template_version: ocata
+heat_template_version: pike
description: 'All Nodes Config for Puppet'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: 'OpenStack cinder storage configured by Puppet'
parameters:
BlockStorageImage:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
UpgradeInitCommand:
type: string
description: |
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
BlockStorage:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image:
{get_param: BlockStorageImage}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
BlockStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: BlockStorageUpgradeInitDeployment
server: {get_resource: BlockStorage}
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: BlockStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: BlockStorageDeployment
server: {get_resource: BlockStorage}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
description: Heat resource handle for the block storage server
value:
{get_resource: BlockStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
-heat_template_version: ocata
+heat_template_version: pike
description: 'OpenStack ceph storage node configured by Puppet'
parameters:
OvercloudCephStorageFlavor:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
UpgradeInitCommand:
type: string
description: |
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
CephStorage:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image: {get_param: CephStorageImage}
image_update_policy: {get_param: ImageUpdatePolicy}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
CephStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: CephStorageUpgradeInitDeployment
server: {get_resource: CephStorage}
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: CephStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: CephStorageDeployment
config: {get_resource: CephStorageConfig}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: CephStorage}
description: Heat resource handle for the ceph storage server
value:
{get_resource: CephStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack hypervisor node configured via Puppet.
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
UpgradeInitCommand:
type: string
description: |
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image: {get_param: NovaImage}
image_update_policy:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
NovaComputeUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: NovaComputeUpgradeInitDeployment
server: {get_resource: NovaCompute}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NovaComputeUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: NovaComputeDeployment
config: {get_resource: NovaComputeConfig}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
- {get_resource: NovaCompute}
\ No newline at end of file
+ {get_resource: NovaCompute}
+ condition: server_not_blacklisted
-heat_template_version: ocata
+heat_template_version: pike
description: >
A software config which runs puppet on the {{role}} role
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack controller node configured by Puppet.
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
UpgradeInitCommand:
type: string
description: |
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
parameter_groups:
- label: deprecated
parameters:
- controllerExtraConfig
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
+
+
resources:
Controller:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image: {get_param: controllerImage}
image_update_policy: {get_param: ImageUpdatePolicy}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: PreNetworkConfig
properties:
name: NetworkDeployment
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
ControllerUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: ControllerUpgradeInitDeployment
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
+ condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
+ condition: server_not_blacklisted
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
-heat_template_version: ocata
+heat_template_version: pike
description: >
Software Config to install deployment artifacts (tarball's and/or
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for all MidoNet nodes
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Network Cisco configuration
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Big Switch agents on compute node
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Nuage configuration on the Compute
-heat_template_version: ocata
+heat_template_version: pike
description: 'Extra Pre-Deployment Config, multiple'
parameters:
server:
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Neutron Big Switch configuration
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Cisco N1KV configuration
-heat_template_version: ocata
+heat_template_version: pike
description: 'Noop Extra Pre-Deployment Config'
parameters:
server:
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata overrides for specific nodes
-heat_template_version: ocata
+heat_template_version: pike
description: >
This is a template which will inject the trusted anchor.
-heat_template_version: ocata
+heat_template_version: pike
description: Enroll nodes to FreeIPA
-heat_template_version: ocata
+heat_template_version: pike
description: >
This is a template which will build the TLS Certificates necessary
{% set batch_upgrade_steps_max = 3 -%}
{% set upgrade_steps_max = 6 -%}
{% set deliver_script = {'deliver': False} -%}
-heat_template_version: ocata
+heat_template_version: pike
description: 'Upgrade steps for all roles'
parameters:
-heat_template_version: ocata
+heat_template_version: pike
description: 'OpenStack swift storage node configured by Puppet'
parameters:
OvercloudSwiftStorageFlavor:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
UpgradeInitCommand:
type: string
description: |
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image: {get_param: SwiftStorageImage}
flavor: {get_param: OvercloudSwiftStorageFlavor}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
SwiftStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: SwiftStorageUpgradeInitDeployment
server: {get_resource: SwiftStorage}
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
depends_on: SwiftStorageUpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: SwiftStorageHieraDeploy
server: {get_resource: SwiftStorage}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: SwiftStorage}
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
-heat_template_version: ocata
+heat_template_version: pike
description: >
Post-upgrade configuration steps via puppet for all roles
-heat_template_version: ocata
+heat_template_version: pike
description: >
Post-deploy configuration steps via puppet for all roles,
-heat_template_version: ocata
+heat_template_version: pike
description: 'OpenStack {{role}} node configured by Puppet'
parameters:
Overcloud{{role}}Flavor:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ ConfigCollectSplay:
+ type: number
+ default: 30
+ description: |
+ Maximum amount of time to possibly to delay configuation collection
+ polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+ the configuration collection to occur as soon as the collection process
+ starts. This setting is used to prevent the configuration collection
+ processes from polling all at the exact same time.
LoggingSources:
type: json
default: []
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
{{role}}:
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
+ splay: {get_param: ConfigCollectSplay}
properties:
image: {get_param: {{role}}Image}
image_update_policy: {get_param: ImageUpdatePolicy}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
+ condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
{{role}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: {{role}}UpgradeInitDeployment
server: {get_resource: {{role}}}
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
depends_on: {{role}}UpgradeInitDeployment
+ condition: server_not_blacklisted
properties:
name: {{role}}Deployment
config: {get_resource: {{role}}Config}
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
+ condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
description: Heat resource handle for {{role}} server
value:
{get_resource: {{role}}}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Aodh API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Aodh Evaluator service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Aodh Listener service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Aodh Notifier service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Apache service configured with Puppet. Note this is typically included
-heat_template_version: ocata
+heat_template_version: pike
description: >
AuditD configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
HAproxy service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer Central Agent service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer Compute Agent service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer Ipmi Agent service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer Notification Agent service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ceilometer Expirer service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph base service. Shared by all Ceph services.
service_name: ceph_base
config_settings:
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
- ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::osds: {/srv/data: {}}
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph Client service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph External service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph MDS service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph Monitor service.
MonitoringSubscriptionCephMon:
default: 'overcloud-ceph-mon'
type: string
+ CephPoolDefaultSize:
+ description: default minimum replication for RBD copies
+ type: number
+ default: 3
resources:
CephBase:
ceph::profile::params::mon_key: {get_param: CephMonKey}
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
- ceph::profile::params::osd_pool_default_size: 3
+ ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize}
# repeat returns items in a list, so we need to map_merge twice
tripleo::profile::base::ceph::mon::ceph_pools:
map_merge:
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph OSD service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph RadosGW service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Requests certificates using certmonger through Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder API service configured with Puppet
# See the License for the specific language governing permissions and
# limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Cinder Dell EMC PS Series backend
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Cinder Dell EMC Storage Center backend
CinderDellScVolumeFolder:
type: string
default: 'dellsc_volume'
+ CinderDellScSecondarySanIp:
+ type: string
+ default: ''
+ CinderDellScSecondarySanLogin:
+ type: string
+ default: 'Admin'
+ CinderDellScSecondarySanPassword:
+ type: string
+ hidden: true
+ CinderDellScSecondaryScApiPort:
+ type: number
+ default: 3033
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort}
cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder}
cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder}
+ cinder::backend::dellsc_iscsi::secondary_san_ip: {get_param: CinderDellScSecondarySanIp}
+ cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin}
+ cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword}
+ cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort}
step_config: |
include ::tripleo::profile::base::cinder::volume
-heat_template_version: ocata
+heat_template_version: pike
description: Openstack Cinder Netapp backend
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Cinder Pure Storage FlashArray backend
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Cinder Dell EMC ScaleIO backend
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder Backup service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configure Cinder HPELeftHandISCSIDriver
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder Scheduler service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder Volume service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configuration details for MongoDB service using composable roles
-heat_template_version: ocata
+heat_template_version: pike
description: >
MongoDb service deployment using puppet
format: >-
/(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
(?<message>.*)$/
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
MongoDbBase:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+ -
+ if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ mongodb::server::ssl: true
+ mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb_certificate_specs:
+ service_pem: '/etc/pki/tls/certs/mongodb.pem'
+ service_certificate: '/etc/pki/tls/certs/mongodb.crt'
+ service_key: '/etc/pki/tls/private/mongodb.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+ principal:
+ str_replace:
+ template: "mongodb/%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::database::mongodb
upgrade_tasks:
- name: Start mongodb service
tags: step4
service: name=mongod state=started
+ metadata_settings:
+ if:
+ - internal_tls_enabled
+ -
+ - service: mongodb
+ network: {get_param: [ServiceNetMap, MongodbNetwork]}
+ type: node
+ - null
-heat_template_version: ocata
+heat_template_version: pike
description: >
Mysql client settings
-heat_template_version: ocata
+heat_template_version: pike
description: >
MySQL service deployment using puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Redis service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Redis service configured with Puppet
role_data:
description: Role data for the disabled Ceilometer Collector role.
value:
- service_name: ceilometer_collector
+ service_name: ceilometer_collector_disabled
upgrade_tasks:
- name: Stop and disable ceilometer_collector service on upgrade
tags: step1
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Ceilometer Expirer service, disabled since pike
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the disabling Ceilometer Expirer role.
+ value:
+ service_name: ceilometer_expirer_disabled
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::expirer::enable_cron: false
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::expirer
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Glance Registry service, disabled since ocata
role_data:
description: Role data for the disabled Glance Registry role.
value:
- service_name: glance_registry
+ service_name: glance_registry_disabled
upgrade_tasks:
- name: Stop and disable glance_registry service on upgrade
tags: step1
heat_template_version: pike
description: >
- OpenStack Ceilometer Expirer service, disabled since pike
+ Mongodb service, disabled by default since pike
parameters:
ServiceNetMap:
DefaultPasswords:
default: {}
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
RoleName:
default: ''
description: Role name on which the service is applied
default: {}
description: Parameters specific to the role
type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
outputs:
role_data:
- description: Role data for the disabled Ceilometer Expirer role.
+ description: Role data for the disabled MongoDB role.
value:
- service_name: ceilometer_expirer
+ service_name: mongodb_disabled
upgrade_tasks:
- - name: Stop and disable ceilometer_expirer service on upgrade
+ - name: Stop and disable mongodb service on upgrade
tags: step1
- service: name=openstack-ceilometer-expirer state=stopped enabled=no
+ service: name=mongod state=stopped enabled=no
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configures docker on the host
-heat_template_version: ocata
+heat_template_version: pike
description: >
Etcd service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
External Swift Proxy endpoint configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Gnocchi service configured with Puppet
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- gnocchi::db::sync::extra_opts: '--skip-storage'
+ gnocchi::db::sync::extra_opts: ''
gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 3
-heat_template_version: ocata
+heat_template_version: pike
description: >
Gnocchi service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Gnocchi service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
HAProxy deployment with TLS enabled, powered by certmonger
-heat_template_version: ocata
+heat_template_version: pike
description: >
HAProxy deployment with TLS enabled, powered by certmonger
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Heat CloudFormation API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Heat CloudWatch API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Heat API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Heat base service. Shared for all Heat services.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Horizon service configured with Puppet
tags: step1
when: httpd_enabled.rc == 0
service: name=httpd state=stopped
+ service_config_settings:
+ haproxy:
+ tripleo.horizon.firewall_rules:
+ '127 horizon':
+ dport:
+ - 80
+ - 443
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ironic API configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Ironic conductor configured with Puppet
description: Enabled Ironic drivers
type: comma_delimited_list
IronicEnabledHardwareTypes:
- default: ['ipmi']
+ default: ['ipmi', 'redfish']
description: Enabled Ironic hardware types
type: comma_delimited_list
+ IronicEnabledManagementInterfaces:
+ default: ['ipmitool', 'redfish']
+ description: Enabled management interface implementations. Each hardware
+ type must have at least one valid implementation enabled.
+ type: comma_delimited_list
+ IronicEnabledPowerInterfaces:
+ default: ['ipmitool', 'redfish']
+ description: Enabled power interface implementations. Each hardware
+ type must have at least one valid implementation enabled.
+ type: comma_delimited_list
IronicIPXEEnabled:
default: true
description: Whether to use iPXE instead of PXE for deployment.
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
+ ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
+ ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
tripleo.ironic_conductor.firewall_rules:
'134 ironic conductor TFTP':
-heat_template_version: ocata
+heat_template_version: pike
description: >
Keepalived service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Load kernel modules with kmod and configure kernel options with sysctl.
value: 0
net.ipv4.conf.all.send_redirects:
value: 0
+ net.ipv4.conf.all.arp_accept:
+ value: 1
net.ipv4.conf.default.accept_redirects:
value: 0
net.ipv4.conf.default.secure_redirects:
-heat_template_version: ocata
+heat_template_version: pike
description: Fluentd base service
-heat_template_version: ocata
+heat_template_version: pike
description: Fluentd client configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: Fluentd logging configuration
-heat_template_version: ocata
+heat_template_version: pike
description: >
Manila-api service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Manila Cephfs backend
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Manila generic backend.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Manila netapp backend.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Manila-scheduler service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Manila-share service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Memcached service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: Collectd client service
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Mistral API service configured with Puppet
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
MistralBase:
type: ./mistral-base.yaml
properties:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
+ mistral::api::service_name: 'httpd'
+ mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::wsgi::apache::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ - if:
+ - mistral_workers_zero
+ - {}
+ - mistral::wsgi::apache::workers: {get_param: MistralWorkers}
service_config_settings:
get_attr: [MistralBase, role_data, service_config_settings]
step_config: |
grep '\bactive\b'
when: mistral_api_enabled.rc == 0
tags: step0,validation
- - name: Stop mistral_api service
+ - name: check for mistral_api running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi"
+ register: mistral_api_apache
+ ignore_errors: true
+ - name: Stop mistral_api service (running under httpd)
tags: step1
- service: name=openstack-mistral-api state=stopped
- - name: Install openstack-mistral-api package if it was disabled
- tags: step3
- yum: name=openstack-mistral-api state=latest
- when: mistral_api_enabled.rc != 0
+ service: name=httpd state=stopped
+ when: mistral_api_apache.rc == 0
+ - name: Stop and disable mistral_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: mistral_api_enabled.rc == 0
+ service: name=openstack-mistral-api state=stopped enabled=no
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Mistral Engine service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Mistral API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: Sensu base service
-heat_template_version: ocata
+heat_template_version: pike
description: Sensu client configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Analytics Database service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Analytics service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Base parameters for all Contrail Services.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Config service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Control service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Database service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail Heat plugin adds Contrail specific heat resources enabling heat
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Opencontrail plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
Provision Contrail services after deployment
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail TSN Service
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Compute OpenContrail plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
Contrail WebUI service deployment using puppet, this YAML file
- 9696
- 13696
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+ neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron base service. Shared for all Neutron agents.
-heat_template_version: ocata
+heat_template_version: pike
description: >
BGPVPN API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Installs bigswitch agent and enables the services
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Compute Midonet plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Compute Nuage plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Compute OVN agent
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Compute Plumgrid plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron DHCP agent configured with Puppet
--- /dev/null
+heat_template_version: pike
+
+description: >
+ L2 Gateway agent configured with Puppet
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ L2gwAgentOvsdbHosts:
+ default: ''
+ description: L2 gateway agent OVSDB server list.
+ type: comma_delimited_list
+ L2gwAgentEnableManager:
+ default: false
+ description: Connection can be initiated by the ovsdb server.
+ type: boolean
+ L2gwAgentManagerTableListeningPort:
+ default: 6632
+ description: port number for L2 gateway agent, so that it can listen
+ type: number
+ L2gwAgentPeriodicInterval:
+ default: 20
+ description: The L2 gateway agent checks connection state with the OVSDB
+ servers. The interval is number of seconds between attempts.
+ type: number
+ L2gwAgentMaxConnectionRetries:
+ default: 10
+ description: The L2 gateway agent retries to connect to the OVSDB server
+ type: number
+ L2gwAgentSocketTimeout:
+ default: 30
+ description: socket timeout
+ type: number
+ MonitoringSubscriptionNeutronL2gwAgent:
+ default: 'overcloud-neutron-l2gw-agent'
+ type: string
+ NeutronL2gwAgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.l2gw
+ path: /var/log/neutron/l2gw-agent.log
+
+conditions:
+ internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]}
+
+outputs:
+ role_data:
+ description: Role data for the L2 Gateway role.
+ value:
+ service_name: neutron_l2gw_agent
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent}
+ logging_source: {get_param: NeutronL2gwAgentLoggingSource}
+ logging_groups:
+ - neutron
+ config_settings:
+ map_merge:
+ - neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts}
+ neutron::agents::l2gw::enable_manager: {get_param: L2gwAgentEnableManager}
+ neutron::agents::l2gw::manager_table_listening_port: {get_param: L2gwAgentManagerTableListeningPort}
+ neutron::agents::l2gw::periodic_interval: {get_param: L2gwAgentPeriodicInterval}
+ neutron::agents::l2gw::max_connection_retries: {get_param: L2gwAgentMaxConnectionRetries}
+ neutron::agents::l2gw::socket_timeout: {get_param: L2gwAgentSocketTimeout}
+ -
+ if:
+ - internal_manager_enabled
+ - tripleo.neutron_l2gw_agent.firewall_rules:
+ '142 neutron l2gw agent input':
+ proto: 'tcp'
+ dport: {get_param: L2gwAgentManagerTableListeningPort}
+ - null
+
+ step_config: |
+ include tripleo::profile::base::neutron::agents::l2gw
+ upgrade_tasks:
+ - name: Check if neutron_l2gw_agent is deployed
+ command: systemctl is-enabled neutron-l2gw-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_l2gw_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-l2gw-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-l2gw-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_l2gw_agent_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop neutron_l2gw_agent service
+ tags: step1
+ when: neutron_l2gw_agent_enabled.rc == 0
+ service: name=neutron-l2gw-agent state=stopped
-heat_template_version: ocata
+heat_template_version: pike
description: >
L2 Gateway service plugin configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron L3 agent for DVR enabled compute nodes
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron L3 agent configured with Puppet
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron Linuxbridge agent configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ PhysicalInterfaceMapping:
+ description: List of <physical_network>:<physical_interface> tuples
+ mapping physical network names to agent's node-specific
+ physical network interfaces. Defaults to empty list.
+ type: comma_delimited_list
+ default: ''
+ NeutronLinuxbridgeFirewallDriver:
+ default: ''
+ description: Configure the classname of the firewall driver to use for
+ implementing security groups. Possible values depend on
+ system configuration. The default value of an empty string
+ will result in a default supported configuration.
+ type: string
+ NeutronEnableL2Pop:
+ type: string
+ description: Enable/disable the L2 population feature in the Neutron agents.
+ default: 'False'
+ NeutronTunnelTypes:
+ default: 'vxlan'
+ description: The tunnel types for the Neutron tenant network.
+ type: comma_delimited_list
+
+conditions:
+ no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Linuxbridge agent service.
+ value:
+ service_name: neutron_linuxbridge_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
+ neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
+ neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
+ neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+ neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
+ neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
+ -
+ if:
+ - no_firewall_driver
+ - {}
+ - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::linuxbridge
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Metadata agent configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Midonet plugin and services
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron OVS agent configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
via parameter_defaults in the resource registry.
type: json
HostCpusList:
+ default: "'0'"
description: List of cores to be used for host process
type: string
constraints:
- allowed_pattern: "'[0-9,-]+'"
NeutronDpdkCoreList:
+ default: "''"
description: List of cores to be used for DPDK Poll Mode Driver
type: string
constraints:
- - allowed_pattern: "'[0-9,-]+'"
+ - allowed_pattern: "'[0-9,-]*'"
NeutronDpdkMemoryChannels:
+ default: ""
description: Number of memory channels to be used for DPDK
type: string
constraints:
- - allowed_pattern: "[0-9]+"
+ - allowed_pattern: "[0-9]*"
NeutronDpdkSocketMemory:
default: ""
description: Memory allocated for each socket
OpenVswitchUpgrade:
type: ./openvswitch-upgrade.yaml
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType
+ neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir
+ vswitch::dpdk::driver_type: NeutronDpdkDriverType
+ vswitch::dpdk::host_core_list: HostCpusList
+ vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList
+ vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels
+ vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NeutronDatapathType: {get_param: NeutronDatapathType}
+ NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
+ NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType}
+ HostCpusList: {get_param: HostCpusList}
+ NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList}
+ NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels}
+ NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory}
+
outputs:
role_data:
description: Role data for the Neutron OVS DPDK Agent service.
- keys:
tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules
- neutron::agents::ml2::ovs::enable_dpdk: true
- neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
- neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
- vswitch::dpdk::host_core_list: {get_param: HostCpusList}
- vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList}
- vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
- vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
- vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+ - get_attr: [RoleParametersValue, value]
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
upgrade_tasks:
get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configure hieradata for Fujitsu C-Fabric plugin configuration
-heat_template_version: ocata
+heat_template_version: pike
description: Configure hieradata for Fujitsu fossw plugin configuration
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron ML2/OVN plugin configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron ML2 Plugin configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron NSX
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron Nuage plugin
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron SR-IOV nic agent configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Neutron ML2/VPP agent configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Compute service configured with Puppet
description: >
Reserved RAM for host processes.
type: number
- default: 2048
+ default: 4096
constraints:
- range: { min: 512 }
MonitoringSubscriptionNovaCompute:
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Conductor service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Consoleauth service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Compute service configured with Puppet and using Ironic
-heat_template_version: ocata
+heat_template_version: pike
description: >
Libvirt service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Placement API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Scheduler service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Nova Vncproxy service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Octavia base service. Shared for all Octavia services
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Octavia Health Manager service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Octavia Housekeeping service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Octavia Worker service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenDaylight SDN Controller.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenDaylight OVS Configuration.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openvswitch package special handling for upgrade.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OVN databases configured with puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Pacemaker service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Ceph RBD mirror service.
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder Backup service with Pacemaker configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Cinder Volume service with Pacemaker configured with Puppet
cinder::host: hostgroup
step_config:
include ::tripleo::profile::pacemaker::cinder::volume
+ upgrade_tasks:
+ - name: Stop cinder_volume service (pacemaker)
+ tags: step1
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: disable
+ wait_for_resource: true
+ - name: Sync cinder DB
+ tags: step5
+ command: cinder-manage db sync
+ - name: Start cinder_volume service (pacemaker)
+ tags: step5
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
-heat_template_version: ocata
+heat_template_version: pike
description: >
MySQL with Pacemaker service deployment using puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Redis service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
HAproxy service with Pacemaker configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
The manila-share service with Pacemaker configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
RabbitMQ service with Pacemaker configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Pacemaker remote service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Panko API service configured with Puppet.
-heat_template_version: ocata
+heat_template_version: pike
description: >
Qpid dispatch router service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
RabbitMQ service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Sahara API service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Sahara Engine service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configure securetty values
-heat_template_version: ocata
+heat_template_version: pike
description: >
Utility stack to convert an array of services into a set of combined
-heat_template_version: ocata
+heat_template_version: pike
description: >
SNMP client configured with Puppet, to facilitate Ceilometer Hardware
-heat_template_version: ocata
+heat_template_version: pike
description: >
Configure sshd_config
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Swift Proxy service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Swift Proxy service configured with Puppet
description: Set to False to disable the swift proxy ceilometer pipeline.
default: True
type: boolean
+ SwiftCeilometerIgnoreProjects:
+ default: ['services']
+ description: Comma-seperated list of project names to ignore.
+ type: comma_delimited_list
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
swift::proxy::workers: {get_param: SwiftWorkers}
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+ swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ swift::proxy::ceilometer::password: {get_param: SwiftPassword}
+ swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
swift::proxy::ceilometer::nonblocking_notify: true
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Swift Ringbuilder
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack Swift Storage service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
NTP service deployment using puppet, this YAML file
-heat_template_version: ocata
+heat_template_version: pike
description: >
Composable Timezone service
-heat_template_version: ocata
+heat_template_version: pike
description: >
TripleO Firewall settings
-heat_template_version: ocata
+heat_template_version: pike
description: >
TripleO Package installation settings
-heat_template_version: ocata
+heat_template_version: pike
description: >
Vpp service configured with Puppet
-heat_template_version: ocata
+heat_template_version: pike
description: >
Openstack Zaqar service. Shared for all Heat services.
-heat_template_version: ocata
+heat_template_version: pike
description: 'Upgrade for via ansible by applying a step related tag'
parameters:
--- /dev/null
+---
+upgrade:
+ - Mongodb is no longer used by default, so now one has to enable it
+ explicitly if there's a need for using it.
+other:
+ - Mongodb is not used by any service we enable by default, so it has been
+ removed from the default services. It has subsequently been added to the
+ services that use it (zaqar and ceilometer-collector).
--- /dev/null
+---
+features:
+ - Add new cadf.yaml environment, that will configure
+ Keystone to emit CADF notifications. This standard
+ provides auditing capabilities for compliance with
+ security, and is intented to be used for deploying
+ TripleO with hardened security.
--- /dev/null
+---
+features:
+ - Add support for L2 Gateway Neutron agent
--- /dev/null
+---
+fixes:
+ - |
+ During a deployment on lower spec systems, the "db sync" can take longer
+ than five minutes. value of DatabaseSyncTimeout has change from 300
+ to 900 at the environment file "low-memory-usage.yaml".
--- /dev/null
+---
+other:
+ - |
+ All nodes now enable ``arp_accept`` sysctl setting to help with honoring
+ gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP
+ packets are diverse, this comes especially useful for Neutron floating IP
+ addresses that roam between devices, and for which Neutron L3 agent sends
+ gratuitous ARP packets to update all network nodes about IP address new
+ locations.
--- /dev/null
+---
+other:
+ - Increased the default of NovaReservedHostMemory for
+ Compute nodes to 4096 MB.
--- /dev/null
+---
+upgrade:
+ - |
+ Neutron API controller no longer advertises ``dvr`` extension if the
+ cloud is not configured for DVR. This is achieved by setting ``enable_dvr``
+ to match ``NeutronEnableDVR`` setting.
--- /dev/null
+---
+features:
+ - Move Mistral API to use mod_wsgi under Apache.
+upgrade:
+ - Mistral API systemd service will be stopped and
+ disabled.
+
--- /dev/null
+---
+features:
+ - |
+ Support for Redfish hardware is enabled by default for overcloud Ironic
+ via the ``redfish`` hardware type.
+ - |
+ Support changing enabled management and power interfaces for hardware types
+ in overcloud Ironic.
--- /dev/null
+---
+features:
+ - Added the ability to blacklist servers by name from being
+ associated with any Heat triggered SoftwareDeployment
+ resources. The servers are specified in the new
+ DeploymentServerBlacklist parameter.
--- /dev/null
+---
+fixes:
+ - |
+ Removed the hard coding of osd_pool_default_min_size. Setting this value
+ to 1 can result in data loss in operating production deployments. Not
+ setting this value (or setting it to 0) will allow ceph to calculate the
+ value based on the current setting of osd_pool_default_size. If the
+ replication count is 3, then the calculated min_size is 2. If the
+ replication count is 1, then the calcualted min_size is 1. For a POC
+ deployments using a single OSD, set osd_pool_default_size = 1. See
+ description at http://docs.ceph.com/docs/master/rados/configuration/pool-pg-config-ref/
+ Added CephPoolDefaultSize to set default replication size. Default value is 3.
--- /dev/null
+---
+issues:
+ - Modify ``NeutronVhostuserSocketDir`` to a seprate directory in the DPDK
+ environment file. A different set of permission is required for creating
+ vhost sockets when the vhost type is dpdkvhostuserclient (which is default
+ from ocata).
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
-sphinx>=1.5.1 # BSD
+sphinx!=1.6.1,>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
reno>=1.8.0 # Apache-2.0