title: Cinder Dell EMC Unity backend
description: >
Enables a Cinder Dell EMC Unity backend,
+ - file: environments/cinder-dellemc-vmax-iscsi-config.yaml
+ title: Cinder Dell EMC VMAX ISCSI backend
+ description: >
+ Enables a Cinder Dell EMC VMAX ISCSI backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/manila-vnx-config.yaml
title: Deploys Manila with VNX driver
description: Deploys Manila and configures VNX as its default backend.
+ - title: Manila with VMAX
+ description: >
+ Deploys Manila and configures it with the VMAX driver.
+ environments:
+ - file: environments/manila-vmax-config.yaml
+ title: Deploys Manila with VMAX driver
+ description: Deploys Manila and configures VMAX as its default backend.
+ - title: Manila with Isilon
+ description: >
+ Deploys Manila and configures it with the Isilon driver.
+ environments:
+ - file: environments/manila-isilon-config.yaml
+ title: Deploys Manila with Isilon driver
+ description: Deploys Manila and configures Isilon as its default backend.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Glance backends
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
- OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
# TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- - OS::TripleO::Services::Tacker
- OS::TripleO::Services::Congress
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
+ # This makes the job twice as fast
+ ceilometer::agent::polling::polling_interval: 15
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
- /dev/loop3
journal_size: 512
journal_collocation: true
+ osd_scenario: collocated
CephAnsibleExtraConfig:
ceph_conf_overrides:
global:
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
+ DockerCephDaemonImage: ceph/daemon:tag-build-master-jewel-centos-7
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
+ GnocchiArchivePolicy: 'high'
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
+ # This makes the job twice as fast
+ ceilometer::agent::polling::polling_interval: 15
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
+ GnocchiArchivePolicy: 'high'
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
+ OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml
- OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml
+ OS::TripleO::Services::ManilaShare: ../../docker/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
- # TODO: containerize NeutronBgpVpnApi
- OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
+ # TODO: in Queens, re-add bgp-vpn and l2gw services when
+ # containerized.
+ # https://bugs.launchpad.net/bugs/1713612
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
- NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
- BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
NotificationDriver: 'noop'
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
# Per step puppet configuration of the baremetal host
#####################################################
- name: Write the config_step hieradata
- copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+ copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
- name: Run puppet host configuration for step {{step}}
command: >-
puppet apply
# certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed
-{%- set primary_role = [roles[0]] -%}
-{%- for role in roles -%}
+{%- if enabled_roles is not defined -%}
+ # On upgrade certain roles can be disabled for operator driven upgrades
+ # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
+ {%- set enabled_roles = roles -%}
+{%- endif -%}
+{%- set primary_role = [enabled_roles[0]] -%}
+{%- for role in enabled_roles -%}
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
{%- set _ = primary_role.pop() -%}
{%- set _ = primary_role.append(role) -%}
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
- {%- for role in roles %}
+ {%- for role in enabled_roles %}
- not:
equals:
- - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
+ - get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}]
- ''
- False
{%- endfor %}
_TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
-# BEGIN service_workflow_tasks handling
+# BEGIN workflow_tasks handling
WorkflowTasks_Step{{step}}:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
{%- if step == 1 %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
- name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
+ name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
- {%- for role in roles %}
- - get_param: [role_data, {{role.name}}, service_workflow_tasks]
+ {%- for role in enabled_roles %}
+ - get_param: [role_data, {{role.name}}, workflow_tasks]
{%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
{%- endfor %}
evaluate_env: false
always_update: true
-# END service_workflow_tasks handling
+# END workflow_tasks handling
{% endfor %}
+# Artifacts config and HostPrepConfig is done on all roles, not only
+# enabled_roles, because on upgrade we need to write the json files
+# for the operator driven upgrade scripts (the ansible steps consume them)
{% for role in roles %}
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
- # {{role.name}} Role steps
+ # Prepare host tasks for {{role.name}}
{{role.name}}ArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]}
tasks:
# Join host_prep_tasks with the other per-host configuration
- yaql:
- expression: $.data.host_prep_tasks + $.data.template_tasks
- data:
- host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
- template_tasks:
+ list_concat:
+ - {get_param: [role_data, {{role.name}}, host_prep_tasks]}
+ -
{%- raw %}
- # Write the manifest for baremetal puppet configuration
- - name: Create /var/lib/tripleo-config directory
- file: path=/var/lib/tripleo-config state=directory
- - name: Write the puppet step_config manifest
- copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
- # this creates a JSON config file for our docker-puppet.py script
- - name: Create /var/lib/docker-puppet
- file: path=/var/lib/docker-puppet state=directory
- - name: Write docker-puppet-tasks json files
- copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
- # FIXME: can we move docker-puppet somewhere so it's installed via a package?
- - name: Write docker-puppet.py
- copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes
- # Here we are dumping all the docker container startup configuration data
- # so that we can have access to how they are started outside of heat
- # and docker-cmd. This lets us create command line tools to test containers.
- # FIXME do we need the docker-container-startup-configs.json or is the new per-step
- # data consumed by paunch enough?
- - name: Write docker-container-startup-configs
- copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
- - name: Write per-step docker-container-startup-configs
- copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes
- with_dict: "{{docker_startup_configs}}"
- - name: Create /var/lib/kolla/config_files directory
- file: path=/var/lib/kolla/config_files state=directory
- - name: Write kolla config json files
- copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
- with_dict: "{{kolla_config}}"
- ########################################################
- # Bootstrap tasks, only performed on bootstrap_server_id
- ########################################################
- - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
- file:
- path: "{{item}}"
- state: absent
- with_fileglob:
- - /var/lib/docker-puppet/docker-puppet-tasks*.json
- when: deploy_server_id == bootstrap_server_id
- - name: Write docker-puppet-tasks json files
- copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
- with_dict: "{{docker_puppet_tasks}}"
- when: deploy_server_id == bootstrap_server_id
+ # Write the manifest for baremetal puppet configuration
+ - name: Create /var/lib/tripleo-config directory
+ file: path=/var/lib/tripleo-config state=directory
+ - name: Write the puppet step_config manifest
+ copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
+ # this creates a JSON config file for our docker-puppet.py script
+ - name: Create /var/lib/docker-puppet
+ file: path=/var/lib/docker-puppet state=directory
+ - name: Write docker-puppet-tasks json files
+ copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
+ # FIXME: can we move docker-puppet somewhere so it's installed via a package?
+ - name: Write docker-puppet.py
+ copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
+ # Here we are dumping all the docker container startup configuration data
+ # so that we can have access to how they are started outside of heat
+ # and docker-cmd. This lets us create command line tools to test containers.
+ # FIXME do we need the docker-container-startup-configs.json or is the new per-step
+ # data consumed by paunch enough?
+ - name: Write docker-container-startup-configs
+ copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
+ - name: Write per-step docker-container-startup-configs
+ copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
+ with_dict: "{{docker_startup_configs}}"
+ - name: Create /var/lib/kolla/config_files directory
+ file: path=/var/lib/kolla/config_files state=directory
+ - name: Write kolla config json files
+ copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
+ with_dict: "{{kolla_config}}"
+ ########################################################
+ # Bootstrap tasks, only performed on bootstrap_server_id
+ ########################################################
+ - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
+ file:
+ path: "{{item}}"
+ state: absent
+ with_fileglob:
+ - /var/lib/docker-puppet/docker-puppet-tasks*.json
+ when: deploy_server_id == bootstrap_server_id
+ - name: Write docker-puppet-tasks json files
+ copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
+ with_dict: "{{docker_puppet_tasks}}"
+ when: deploy_server_id == bootstrap_server_id
{%- endraw %}
{{role.name}}HostPrepDeployment:
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
+{% endfor %}
- # BEGIN CONFIG STEPS
-
+ # BEGIN CONFIG STEPS, only on enabled_roles
+{%- for role in enabled_roles %}
{{role.name}}PreConfig:
type: OS::TripleO::Tasks::{{role.name}}PreConfig
depends_on: {{role.name}}HostPrepDeployment
input_values:
update_identifier: {get_param: DeployIdentifier}
+ # Deployment steps for {{role.name}}
+ # A single config is re-applied with an incrementing step number
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
type: OS::TripleO::DeploymentSteps
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
{%- if step == 1 %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step5
{%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}ExtraConfigPost
{%- endfor %}
properties:
with_sequence: start=0 end={{upgrade_steps_max-1}}
loop_control:
loop_var: step
- - include: deploy_steps_tasks.yaml
- with_sequence: start=0 end={{deploy_steps_max-1}}
- loop_control:
- loop_var: step
-
params:
ROLE_NAME: {{role.name}}
- get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
- - get_file: ../extraconfig/tasks/run_puppet.sh
- get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
{{role.name}}DeliverUpgradeScriptDeployment:
{%- endfor %}
{%- endfor %}
-# Dump the puppet manifests to be apply later when disable_upgrade_deployment
-# is to true
-{% for role in roles if role.disable_upgrade_deployment|default(false) %}
- {{role.name}}DeliverPuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - str_replace:
- template: |
- #!/bin/bash
- cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT
- PUPPET_CLASSES
- ENDOFCAT
- params:
- PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]}
-
- {{role.name}}DeliverPuppetDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}DeliverPuppetConfig}
-{% endfor %}
-
# Upgrade Steps for all roles
{%- for step in range(0, upgrade_steps_max) %}
# Config resources for step {{step}}
role_data: {get_param: role_data}
ctlplane_service_ips: {get_param: ctlplane_service_ips}
+{%- for step in range(0, upgrade_steps_max) %}
+ {%- for role in roles %}
+ {{role.name}}PostUpgradeConfig_Config{{step}}:
+ type: OS::TripleO::UpgradeConfig
+ depends_on:
+ {%- for role_inside in enabled_roles %}
+ {%- if step > 0 %}
+ - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
+ {%- else %}
+ - AllNodesPostUpgradeSteps
+ {%- endif %}
+ {%- endfor %}
+ properties:
+ UpgradeStepConfig: {get_param: [role_data, {{role.name}}, post_upgrade_tasks]}
+ step: {{step}}
+ {%- endfor %}
+
+ {%- for role in enabled_roles %}
+ {{role.name}}PostUpgradeConfig_Deployment{{step}}:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on:
+ {%- for role_inside in enabled_roles %}
+ {%- if step > 0 %}
+ - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
+ {%- else %}
+ - AllNodesPostUpgradeSteps
+ {%- endif %}
+ {%- endfor %}
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}PostUpgradeConfig_Config{{step}}}
+ input_values:
+ role: {{role.name}}
+ update_identifier: {get_param: UpdateIdentifier}
+ {%- endfor %}
+{%- endfor %}
+
outputs:
# Output the config for each role, just use Step1 as the config should be
# the same for all steps (only the tag provided differs)
{% for role in roles %}
{{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}
+ RoleConfig:
+ description: Mapping of config data for all roles
+ value: {get_attr: [AllNodesPostUpgradeSteps, RoleConfig]}
+
# Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
-{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% include 'deploy-steps.j2' %}
expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- ServiceWorkflowTasks:
+ WorkflowTasks:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
- expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
+ expression: coalesce($.data.role_data, []).where($ != null).select($.get('workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
UpgradeTasks:
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ PostUpgradeTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: coalesce($.data, []).where($ != null).select($.get('post_upgrade_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
UpdateTasks:
type: OS::Heat::Value
properties:
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
global_config_settings: {get_attr: [GlobalConfigSettings, value]}
service_config_settings: {get_attr: [ServiceConfigSettings, value]}
- service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
+ workflow_tasks: {get_attr: [WorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ post_upgrade_tasks: {get_attr: [PostUpgradeTasks, value]}
update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
import subprocess
import sys
import tempfile
+import time
import multiprocessing
logger = None
def pull_image(name):
log.info('Pulling image: %s' % name)
- subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name],
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- cmd_stdout, cmd_stderr = subproc.communicate()
+ retval = -1
+ count = 0
+ while retval != 0:
+ count += 1
+ subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+
+ cmd_stdout, cmd_stderr = subproc.communicate()
+ retval = subproc.returncode
+ if retval != 0:
+ time.sleep(3)
+ log.warning('docker pull failed: %s' % cmd_stderr)
+ log.warning('retrying pulling image: %s' % name)
+ if count >= 5:
+ log.error('Failed to pull image: %s' % name)
+ break
if cmd_stdout:
log.debug(cmd_stdout)
if cmd_stderr:
'--volume', '%s:/etc/config.pp:ro' % tmp_man.name,
'--volume', '/etc/puppet/:/tmp/puppet-etc/:ro',
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
- '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
+ '--volume', '%s:/var/lib/config-data/:rw' % os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data'),
'--volume', 'tripleo_logs:/var/log/tripleo/',
# Syslog socket for puppet logs
'--volume', '/dev/log:/dev/log',
outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
with open(outfile, 'w') as out_f:
+ os.chmod(out_f.name, 0600)
json.dump(infile_data, out_f)
if not success:
user: root
volumes:
- /var/log/containers/aodh:/var/log/aodh
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh']
+ - /var/log/containers/httpd/aodh-api:/var/log/httpd
+ command: ['/bin/bash', '-c', 'chown -R aodh:aodh /var/log/aodh']
step_3:
aodh_db_sync:
image: *aodh_api_image
- /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
+ - /var/log/containers/httpd/aodh-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
step_4:
aodh_api:
- /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
+ - /var/log/containers/httpd/aodh-api:/var/log/httpd
-
if:
- internal_tls_enabled
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/aodh
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/aodh
+ - /var/log/containers/httpd/aodh-api
upgrade_tasks:
- name: Stop and disable aodh service (running under httpd)
tags: step2
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_central.json:
- command: /usr/bin/ceilometer-polling --polling-namespaces central
+ command: /usr/bin/ceilometer-polling --polling-namespaces central --logfile /var/log/ceilometer/central.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'
- "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'"
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/ceilometer
+ state: directory
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_compute.json:
- command: /usr/bin/ceilometer-polling --polling-namespaces compute
+ command: /usr/bin/ceilometer-polling --polling-namespaces compute --logfile /var/log/ceilometer/compute.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
- /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/run/libvirt:/var/run/libvirt:ro
+ - /var/log/containers/ceilometer:/var/log/ceilometer
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/ceilometer
+ state: directory
upgrade_tasks:
- name: Check if openstack-ceilometer-compute is deployed
command: systemctl is-enabled openstack-ceilometer-compute
register: openstack_ceilometer_compute_enabled
- name: Check if openstack-ceilometer-polling is deployed
command: systemctl is-enabled openstack-ceilometer-polling
- tags: step2
+ tags: step2
ignore_errors: True
register: openstack_ceilometer_polling_enabled
- name: Stop and disable ceilometer compute agent
tags: step2
service: name=openstack-ceilometer-compute state=stopped enabled=no
- when: openstack_ceilometer_compute_enabled.rc == 0
+ when: openstack_ceilometer_compute_enabled.rc|default('') == 0
- name: Stop and disable ceilometer polling agent
tags: step2
service: name=openstack-ceilometer-polling state=stopped enabled=no
- when: openstack_ceilometer_polling_enabled.rc == 0
+ when: openstack_ceilometer_polling_enabled.rc|default('') == 0
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_notification.json:
- command: /usr/bin/ceilometer-agent-notification
+ command: /usr/bin/ceilometer-agent-notification --logfile /var/log/ceilometer/agent-notification.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-panko/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /etc/panko
+ owner: root:ceilometer
+ recurse: true
docker_config:
step_3:
ceilometer_init_log:
-
- /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src-panko:ro
+ - /var/log/containers/ceilometer:/var/log/ceilometer
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/ceilometer
+ state: directory
upgrade_tasks:
- name: Stop and disable ceilometer agent notification service
tags: step2
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
+ CephConfigOverrides:
+ type: json
+ description: Extra config settings to dump into ceph.conf
+ default: {}
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
- default: 32
+ default: 128
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
CephClientUserName:
default: openstack
type: string
+ CephRgwClientName:
+ default: radosgw
+ type: string
+ CephRgwKey:
+ description: The cephx key for the radosgw client. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
CephIPv6:
default: False
type: boolean
+ SwiftPassword:
+ description: The password for the swift service account
+ type: string
+ hidden: true
DockerCephDaemonImage:
description: image
type: string
- default: 'ceph/daemon:tag-build-master-jewel-centos-7'
conditions:
custom_registry_host:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks:
+ workflow_tasks:
step2:
- name: ceph_base_ansible_workflow
workflow: { get_param: CephAnsibleWorkflowName }
- - client
- {get_param: ManilaCephFSNativeCephFSAuthId}
key: {get_param: CephManilaClientKey}
- mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+ mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"'
mds_cap: "allow *"
osd_cap: "allow rw"
mode: "0644"
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: CephRgwClientName}
+ key: {get_param: CephRgwKey}
+ mon_cap: "allow rw"
+ osd_cap: "allow rwx"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
- global:
- osd_pool_default_size: {get_param: CephPoolDefaultSize}
- osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ map_merge:
+ - global:
+ osd_pool_default_size: {get_param: CephPoolDefaultSize}
+ osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
+ rgw_keystone_api_version: 3
+ rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ rgw_keystone_accepted_roles: 'Member, _member_, admin'
+ rgw_keystone_admin_domain: default
+ rgw_keystone_admin_project: service
+ rgw_keystone_admin_user: swift
+ rgw_keystone_admin_password: {get_param: SwiftPassword}
+ rgw_s3_auth_use_keystone: 'true'
+ - {get_param: CephConfigOverrides}
ntp_service_enabled: false
generate_fsid: false
ip_version:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings: {}
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Ceph External service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephExternalMonHost:
+ default: ''
+ type: string
+ description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph External service.
+ value:
+ service_name: ceph_client
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
+ config_settings:
+ ceph_client_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - external_cluster_mon_ips: {get_param: CephExternalMonHost}
\ No newline at end of file
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mds.firewall_rules:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mon.firewall_rules:
- /dev/vdb
journal_size: 512
journal_collocation: true
+ osd_scenario: collocated
resources:
CephBase:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_osd.firewall_rules:
- ceph_osd_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - osd_objectstore: filestore
- {get_param: CephAnsibleDisksConfig}
\ No newline at end of file
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Ceph RadosGW service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftPassword:
+ description: The password for the swift service account
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph RadosGW service.
+ value:
+ service_name: ceph_rgw
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_rgw.firewall_rules:
+ '122 ceph rgw':
+ dport: {get_param: [EndpointMap, CephRgwInternal, port]}
+ - ceph_rgw_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - radosgw_keystone: true
+ radosgw_keystone_ssl: false
+ radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
+ radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
+ service_config_settings:
+ keystone:
+ ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+ ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+ ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+ ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+ ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ]
+ ceph::rgw::keystone::auth::tenant: service
+ ceph::rgw::keystone::auth::user: swift
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
+ - /var/log/containers/httpd/cinder-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_3:
cinder_api_db_sync:
-
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder
+ - /var/log/containers/httpd/cinder-api:/var/log/httpd
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
+ - /var/log/containers/httpd/cinder-api:/var/log/httpd
-
if:
- internal_tls_enabled
user: root
privileged: false
restart: always
+ healthcheck:
+ test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
+ - /var/log/containers/httpd/cinder-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/cinder
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/cinder
+ - /var/log/containers/httpd/cinder-api
upgrade_tasks:
- name: Stop and disable cinder_api service
tags: step2
# Syslog socket
- /dev/log:/dev/log
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ - /sys/fs/selinux:/sys/fs/selinux
- if:
- internal_tls_enabled
- - list_join:
metadata_settings:
get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
+ - name: Check for mongodb service
+ stat: path=/usr/lib/systemd/system/mongod.service
+ tags: common
+ register: mongod_service
- name: Stop and disable mongodb service
tags: step2
service: name=mongod state=stopped enabled=no
+ when: mongod_service.stat.exists
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
+ ContainersCommon:
+ type: ../containers-common.yaml
+
RedisBase:
type: ../../../puppet/services/database/redis.yaml
properties:
map_merge:
- {get_attr: [RedisBase, role_data, config_settings]}
- redis::daemonize: false
+ tripleo::stunnel::manage_service: false
+ tripleo::stunnel::foreground: 'yes'
step_config: &step_config
get_attr: [RedisBase, role_data, step_config]
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
- path: /var/run/redis
owner: redis:redis
recurse: true
+ /var/lib/kolla/config_files/redis_tls_proxy.json:
+ command: stunnel /etc/stunnel/stunnel.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_1:
- redis_init_logs:
- start_order: 0
- detach: false
- image: &redis_image {get_param: DockerRedisImage}
- privileged: false
- user: root
- volumes:
- - /var/log/containers/redis:/var/log/redis
- command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
- redis:
- start_order: 1
- image: *redis_image
- net: host
- privileged: false
- restart: always
- volumes:
- - /run:/run
- - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/log/containers/redis:/var/log/redis
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ - redis_init_logs:
+ start_order: 0
+ detach: false
+ image: &redis_image {get_param: DockerRedisImage}
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/redis:/var/log/redis
+ command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
+ - redis:
+ start_order: 1
+ image: *redis_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ - /run:/run
+ - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/log/containers/redis:/var/log/redis
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - if:
+ - internal_tls_enabled
+ - redis_tls_proxy:
+ start_order: 2
+ image: *redis_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
+ - /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
+ - /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
+ metadata_settings:
+ get_attr: [RedisBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
user: root
volumes:
- /var/log/containers/glance:/var/log/glance
+ - /var/log/containers/httpd/glance-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
step_3:
glance_api_db_sync:
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
+ - /var/log/containers/httpd/glance-api:/var/log/httpd
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/glance
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/glance
+ - /var/log/containers/httpd/glance-api
- name: ensure ceph configurations exist
file:
path: /etc/ceph
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
+ - /var/log/containers/httpd/gnocchi-api:/var/log/httpd
+ command: ['/bin/bash', '-c', 'chown -R gnocchi:gnocchi /var/log/gnocchi']
step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
- /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /etc/ceph:/etc/ceph:ro
command:
str_replace:
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/gnocchi
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/gnocchi
+ - /var/log/containers/httpd/gnocchi-api
- name: ensure ceph configurations exist
file:
path: /etc/ceph
owner: gnocchi:gnocchi
recurse: true
docker_config:
- step_4:
+ step_5:
gnocchi_metricd:
image: {get_param: DockerGnocchiMetricdImage}
net: host
owner: gnocchi:gnocchi
recurse: true
docker_config:
- step_4:
+ step_5:
gnocchi_statsd:
image: {get_param: DockerGnocchiStatsdImage}
net: host
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- - tripleo::haproxy::haproxy_daemon: false
- tripleo::haproxy::haproxy_service_manage: false
+ - tripleo::haproxy::haproxy_service_manage: false
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
# when this is updated
tripleo::haproxy::crl_file: null
- null
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
- command: haproxy -f /etc/haproxy/haproxy.cfg
+ command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
+ - /var/log/containers/httpd/heat-api-cfn:/var/log/httpd
-
if:
- internal_tls_enabled
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/heat
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/heat
+ - /var/log/containers/httpd/heat-api-cfn
upgrade_tasks:
- name: Check if heat_api_cfn is deployed
command: systemctl is-enabled openstack-heat-api-cfn
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
+ - /var/log/containers/httpd/heat-api:/var/log/httpd
-
if:
- internal_tls_enabled
user: root
privileged: false
restart: always
+ healthcheck:
+ test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
+ - /var/log/containers/httpd/heat-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/heat
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/heat
+ - /var/log/containers/httpd/heat-api
upgrade_tasks:
- name: Check is heat_api is deployed
command: systemctl is-enabled openstack-heat-api
command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
volumes:
- /var/log/containers/horizon:/var/log/horizon
+ - /var/log/containers/httpd/horizon:/var/log/httpd
- /var/lib/config-data/horizon/etc/:/etc/
step_3:
horizon:
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
+ - /var/log/containers/httpd/horizon:/var/log/httpd
-
if:
- internal_tls_enabled
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/horizon
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/horizon
+ - /var/log/containers/httpd/horizon
upgrade_tasks:
- name: Stop and disable horizon service (running under httpd)
tags: step2
user: root
volumes:
- /var/log/containers/ironic:/var/log/ironic
+ - /var/log/containers/httpd/ironic-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
step_3:
ironic_db_sync:
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
+ - /var/log/containers/httpd/ironic-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic:/var/log/ironic
+ - /var/log/containers/httpd/ironic-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/ironic
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/ironic
+ - /var/log/containers/httpd/ironic-api
upgrade_tasks:
- name: Stop and disable ironic_api service
tags: step2
- /var/lib/ironic:/var/lib/ironic/
- /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic
+ - /var/log/containers/httpd/ironic-pxe:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_pxe_http:
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
+ - /var/log/containers/httpd/ironic-pxe:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
with_items:
- /var/lib/ironic
- /var/log/containers/ironic
+ - /var/log/containers/httpd/ironic-pxe
- name: Stop and disable iscsid service
tags: step2
service: name=iscsid state=stopped enabled=no
- when: stat_iscsid_service.stat.exists
+ when: (stat_iscsid_service.stat|default('')).exists|default(false)
- name: stat /lib/systemd/system/iscsid.socket
tags: step2
stat: path=/lib/systemd/system/iscsid.socket
- name: Stop and disable iscsid.socket service
tags: step2
service: name=iscsid.socket state=stopped enabled=no
- when: stat_iscsid_socket.stat.exists
+ when: (stat_iscsid_socket.stat|default('')).exists|default(false)
keystone_init_log:
image: &keystone_image {get_param: DockerKeystoneImage}
user: root
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
+ command: ['/bin/bash', '-c', 'chown -R keystone:keystone /var/log/keystone']
volumes:
- /var/log/containers/keystone:/var/log/keystone
+ - /var/log/containers/httpd/keystone:/var/log/httpd
step_3:
keystone_db_sync:
image: *keystone_image
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keystone:/var/log/keystone
+ - /var/log/containers/httpd/keystone:/var/log/httpd
-
if:
- internal_tls_enabled
privileged: false
restart: always
command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
+ healthcheck:
+ test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keystone:/var/log/keystone
+ - /var/log/containers/httpd/keystone:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/keystone
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/keystone
+ - /var/log/containers/httpd/keystone
upgrade_tasks:
- name: Stop and disable keystone service (running under httpd)
tags: step2
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila']
+ - /var/log/containers/httpd/manila-api:/var/log/httpd
+ command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_3:
manila_api_db_sync:
user: root
-
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila
+ - /var/log/containers/httpd/manila-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
step_4:
manila_api:
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
+ - /var/log/containers/httpd/manila-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: Create persistent manila logs directory
file:
- path: /var/log/containers/manila
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/manila
+ - /var/log/containers/httpd/manila-api
upgrade_tasks:
- name: Stop and disable manila_api service
tags: step2
user: root
volumes:
- /var/log/containers/neutron:/var/log/neutron
+ - /var/log/containers/httpd/neutron-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
step_3:
neutron_db_sync:
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
+ - /var/log/containers/httpd/neutron-api:/var/log/httpd
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/neutron:/var/log/neutron
+ - /var/log/containers/httpd/neutron-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/neutron
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/neutron
+ - /var/log/containers/httpd/neutron-api
upgrade_tasks:
- name: Check if neutron_server is deployed
command: systemctl is-enabled neutron-server
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron SR-IOV service
+
+parameters:
+ DockerNeutronSriovImage:
+ description: The container image to use for the Neutron SR-IOV agent
+ type: string
+ DockerNeutronConfigImage:
+ description: The container image to use for the neutron config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NeutronSriovAgentBase:
+ type: ../../puppet/services/neutron-sriov-agent.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for Neutron sriov service
+ value:
+ service_name: {get_attr: [NeutronSriovAgentBase, role_data, service_name]}
+ config_settings: {get_attr: [NeutronSriovAgentBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NeutronSriovAgentBase, role_data, step_config]
+ puppet_config:
+ config_volume: neutron
+ puppet_tags: neutron_config,neutron_agent_sriov_numvfs,neutron_sriov_agent_config
+ step_config: *step_config
+ config_image: {get_param: DockerNeutronConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/neutron_sriov_agent.json:
+ command: /usr/bin/neutron-sriov-nic-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini --config-dir /etc/neutron/conf.d/common
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/neutron
+ owner: neutron:neutron
+ recurse: true
+ docker_config:
+ step_4:
+ neutron_sriov_agent:
+ image: {get_param: DockerNeutronSriovImage}
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ - /var/log/containers/neutron:/var/log/neutron
+ - /sys/class/net:/sys/class/net:rw
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/neutron
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable neutron_sriov_agent service
+ tags: step2
+ service: name=neutron-sriov-nic-agent state=stopped enabled=no
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova']
+ - /var/log/containers/httpd/nova-api:/var/log/httpd
+ command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/log/containers/httpd/nova-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
# FIXME: we probably want to wait on the 'cell_v2 update' in order for this
# to be capable of upgrading a baremetal setup. This is to ensure the name
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/log/containers/httpd/nova-api:/var/log/httpd
-
if:
- internal_tls_enabled
user: root
privileged: false
restart: always
+ healthcheck:
+ test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/log/containers/httpd/nova-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
- command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts --verbose'"
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/nova
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/nova
+ - /var/log/containers/httpd/nova-api
upgrade_tasks:
- name: Stop and disable nova_api service
tags: step2
description: Port that dockerized nova migration target sshd service
binds to.
type: number
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
resources:
path: /etc/ceph
state: directory
upgrade_tasks:
+ - name: Set compute upgrade level to auto
+ tags: step1
+ ini_file:
+ str_replace:
+ template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
+ params:
+ LEVEL: {get_param: UpgradeLevelNovaCompute}
- name: Stop and disable nova-compute service
tags: step2
service: name=openstack-nova-compute state=stopped enabled=no
default: {}
description: Parameters specific to the role
type: json
-
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
resources:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
+ - name: Set compute upgrade level to auto
+ tags: step1
+ ini_file:
+ str_replace:
+ template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
+ params:
+ LEVEL: {get_param: UpgradeLevelNovaCompute}
- name: Stop and disable nova_conductor service
tags: step2
service: name=openstack-nova-conductor state=stopped enabled=no
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/lib/vhost_sockets:/var/lib/vhost_sockets
-
if:
- use_tls_for_live_migration
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ # qemu user on host will be cretaed by libvirt package install, ensure
+ # the qemu user created with same uid/gid as like libvirt package.
+ # These specific values are required since ovs is running on host.
+ # Once ovs with DPDK is containerized, we could modify this uid/gid
+ # to match with kolla config values.
+ - name: ensure qemu group is present on the host
+ group:
+ name: qemu
+ gid: 107
+ state: present
+ - name: ensure qemu user is present on the host
+ user:
+ name: qemu
+ uid: 107
+ group: qemu
+ state: present
+ shell: /sbin/nologin
+ comment: qemu user
+ - name: create directory for vhost-user sockets with qemu ownership
+ file:
+ path: /var/lib/vhost_sockets
+ state: directory
+ owner: qemu
+ group: qemu
- name: ensure ceph configurations exist
file:
path: /etc/ceph
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/log/containers/httpd/nova-placement:/var/log/httpd
-
if:
- internal_tls_enabled
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/nova
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/nova
+ - /var/log/containers/httpd/nova-placement
upgrade_tasks:
- name: Stop and disable nova_placement service (running under httpd)
tags: step2
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/log/containers/octavia:/var/log/octavia
+ - /var/log/containers/httpd/octavia-api:/var/log/httpd
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia']
step_3:
octavia_db_sync:
-
- /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro
- /var/log/containers/octavia:/var/log/octavia
+ - /var/log/containers/httpd/octavia-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'"
step_4:
map_merge:
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
+ - /var/log/containers/httpd/octavia-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/octavia
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/octavia
+ - /var/log/containers/httpd/octavia-api
upgrade_tasks:
- name: Stop and disable octavia_api service
tags: step2
-
- /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/opendaylight:/opt/opendaylight/data/log
+ - /var/lib/opendaylight/journal:/opt/opendaylight/journal
+ - /var/lib/opendaylight/snapshots:/opt/opendaylight/snapshots
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/opendaylight
+ - /var/lib/opendaylight/snapshots
+ - /var/lib/opendaylight/journal
upgrade_tasks:
- name: Stop and disable opendaylight_api service
tags: step2
- service: name=opendaylight state=stopped enabled=no
+ service: name=opendaylight state=stopped enabled=no
\ No newline at end of file
resource: openstack-cinder-backup
state: disable
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-backup cluster resource.
tags: step2
resource: openstack-cinder-backup
state: delete
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_backup service
tags: step2
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-volume cluster resource.
tags: step2
resource: openstack-cinder-volume
state: delete
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_volume service from boot
tags: step2
detach: false
image: {get_param: DockerMysqlImage}
net: host
+ user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- - '-ec'
+ - '-ecx'
-
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- - 'kolla_start'
+ - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
+ - 'sudo -u mysql -E kolla_start'
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: galera
+ state: master
+ check_mode: true
+ ignore_errors: true
+ register: galera_res
- name: Disable the galera cluster resource
tags: step2
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Delete the stopped galera cluster resource.
tags: step2
pacemaker_resource:
resource: galera
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
+ ContainersCommon:
+ type: ../../containers-common.yaml
+
RedisBase:
type: ../../../../puppet/services/database/redis.yaml
properties:
- 3124
- 6379
- 26379
+ tripleo::stunnel::manage_service: false
+ tripleo::stunnel::foreground: 'yes'
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
- path: /var/log/redis
owner: redis:redis
recurse: true
+ /var/lib/kolla/config_files/redis_tls_proxy.json:
+ command: stunnel /etc/stunnel/stunnel.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_1:
redis_image_tag:
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
- redis_init_bundle:
- start_order: 2
- detach: false
- net: host
- user: root
- config_volume: 'redis_init_bundle'
- command:
- - '/bin/bash'
- - '-c'
- - str_replace:
- template:
- list_join:
- - '; '
- - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
- params:
- TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
- CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
- image: *redis_config_image
- volumes:
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/puppet:/tmp/puppet-etc:ro
- - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- - /dev/shm:/dev/shm:rw
+ map_merge:
+ - redis_init_bundle:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ config_volume: 'redis_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+ image: *redis_config_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ - if:
+ - internal_tls_enabled
+ - redis_tls_proxy:
+ start_order: 3
+ image: *redis_image_pcmklatest
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
+ - /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
+ - /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
+ metadata_settings:
+ get_attr: [RedisBase, role_data, metadata_settings]
host_prep_tasks:
- name: create /var/run/redis
file:
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: master
+ check_mode: true
+ ignore_errors: true
+ register: redis_res
- name: Disable the redis cluster resource
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and redis_res|succeeded
- name: Delete the stopped redis cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and redis_res|succeeded
- name: Disable redis service
tags: step2
service: name=redis enabled=no
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- - tripleo::haproxy::haproxy_daemon: false
- haproxy_docker: true
+ - haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
# the list of directories that contain the certs to bind mount in the countainer
# bind-mounting the directories rather than all the cert, key and pem files ensures
- get_param: InternalTLSCAFile
- get_param: HAProxyInternalTLSKeysDirectory
- get_param: HAProxyInternalTLSCertsDirectory
+ - get_param: DeployedSSLCertificatePath
tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory}
tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
# disable the use CRL file until we can restart the container when the file expires
data: *tls_mapping
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
- command: haproxy -f /etc/haproxy/haproxy.cfg
+ command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: started
+ check_mode: true
+ ignore_errors: true
+ register: haproxy_res
- name: Disable the haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and haproxy_res|succeeded
- name: Delete the stopped haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and haproxy_res|succeeded
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized OVN DBs service managed by pacemaker
+
+parameters:
+ DockerOvnDbsImage:
+ description: image
+ type: string
+ DockerOvnDbsConfigImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
+
+resources:
+
+ ContainersCommon:
+ type: ./../containers-common.yaml
+
+ OVNDbsBase:
+ type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+ OVNNorthboundServerPort: {get_param: OVNNorthboundServerPort}
+ OVNSouthboundServerPort: {get_param: OVNSouthboundServerPort}
+
+outputs:
+ role_data:
+ description: Role data for the OVN Dbs HA role.
+ value:
+ service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDbsBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: {get_param: DockerOvnDbsImage}
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
+ step_config: ''
+ service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: 'ovn_dbs'
+ puppet_tags: 'exec'
+ step_config: ''
+ config_image: &ovn_dbs_config_image {get_param: DockerOvnDbsConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_dbs.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
+ docker_config:
+ step_3:
+ ovn_dbs_init_bundle:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ config_volume: 'ovn_dbs_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 3}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG:
+ list_join:
+ - ';'
+ - - 'include ::tripleo::profile::base::pacemaker'
+ - 'include ::tripleo::profile::pacemaker::ovn_dbs_bundle'
+ image: *ovn_dbs_config_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/openvswitch
+ - /var/lib/openvswitch/ovn
+ upgrade_tasks:
+ - name: Stop and disable ovn-northd service
+ tags: step2
+ service: name=ovn-northd state=stopped enabled=no
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: started
+ check_mode: true
+ ignore_errors: true
+ register: rabbitmq_res
- name: Disable the rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Delete the stopped rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Disable rabbitmq service
tags: step2
service: name=rabbitmq-server enabled=no
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
+ - /var/log/containers/httpd/panko-api:/var/log/httpd
+ command: ['/bin/bash', '-c', 'chown -R panko:panko /var/log/panko']
step_3:
panko_db_sync:
image: *panko_api_image
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
+ - /var/log/containers/httpd/panko-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
step_4:
panko_api:
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/panko:/var/log/panko
+ - /var/log/containers/httpd/panko-api:/var/log/httpd
-
if:
- internal_tls_enabled
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/panko
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/panko
+ - /var/log/containers/httpd/panko-api
metadata_settings:
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
+ - /var/log/containers/httpd/swift-proxy:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
state: directory
with_items:
- /var/log/containers/swift
+ - /var/log/containers/httpd/swift-proxy
- /srv/node
upgrade_tasks:
- name: Stop and disable swift_proxy service
DockerSwiftConfigImage:
description: The container image to use for the swift config_volume
type: string
+ DockerSwiftRingbuilderConfigImage:
+ description: Fake parameter to bypass config_volume yaml validation
+ type: string
+ default: ''
ServiceData:
default: {}
description: Dictionary packing service data
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: 'swift'
+ config_volume: 'swift_ringbuilder'
puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config: *step_config
- config_image: {get_param: DockerSwiftConfigImage}
+ config_image: &swift_ringbuilder_image {get_param: DockerSwiftConfigImage}
kolla_config: {}
- docker_config: {}
+ docker_config:
+ step_3:
+ swift_copy_rings:
+ image: *swift_ringbuilder_image
+ user: root
+ detach: false
+ command:
+ # Use bash to run the cp command so that wildcards can be used
+ - '/bin/bash'
+ - '-c'
+ - 'cp -v -a -t /etc/swift /swift_ringbuilder/etc/swift/*.gz /swift_ringbuilder/etc/swift/*.builder /swift_ringbuilder/etc/swift/backups'
+ volumes:
+ - /var/lib/config-data/puppet-generated/swift/etc/swift:/etc/swift:rw
+ - /var/lib/config-data/swift_ringbuilder:/swift_ringbuilder:ro
user: root
volumes:
- /var/log/containers/zaqar:/var/log/zaqar
+ - /var/log/containers/httpd/zaqar:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar']
step_3:
zaqar_db_sync:
-
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/log/containers/zaqar:/var/log/zaqar
- command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
+ - /var/log/containers/httpd/zaqar:/var/log/httpd
+ command: "/usr/bin/bootstrap_host_exec zaqar_api su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
- {}
- step_4:
zaqar:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
+ - /var/log/containers/httpd/zaqar:/var/log/httpd
-
if:
- internal_tls_enabled
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
+ - /var/log/containers/httpd/zaqar:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
- path: /var/log/containers/zaqar
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/zaqar
+ - /var/log/containers/httpd/zaqar
upgrade_tasks:
- name: Stop and disable zaqar service
tags: step2
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::CephExternal: ../../docker/services/ceph-ansible/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
+
+parameter_defaults:
+ # NOTE: These example parameters are required when using CephExternal
+ #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+ #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+ #CephExternalMonHost: '172.16.1.7, 172.16.1.8'
+
+ # the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova
+ NovaEnableRbdBackend: true
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ # If the Ceph pools which host VMs, Volumes and Images do not match these
+ # names OR the client keyring to use is not named 'openstack', edit the
+ # following as needed.
+ NovaRbdPoolName: vms
+ CinderRbdPoolName: volumes
+ CinderBackupRbdPoolName: backups
+ GlanceRbdPoolName: images
+ GnocchiRbdPoolName: metrics
+ CephClientUserName: openstack
+
+ # finally we disable the Cinder LVM backend
+ CinderEnableIscsiBackend: false
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
--- /dev/null
+# A Heat environment file which can be used to enable a
+# Cinder Dell EMC VMAX backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: ../puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml
+
+parameter_defaults:
+ CinderEnableDellEMCVMAXISCSIBackend: true
+ CinderDellEMCVMAXISCSIBackendName: 'tripleo_dellemc_vmax_iscsi'
+ CinderDellEMCVMAXISCSIConfigFile: ''
- OS::TripleO::Services::ManilaBackendGeneric
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
- OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
# OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
+ #
+ # If SR-IOV is enabled on the compute nodes, it will need the SR-IOV
+ # host configuration.
+ OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
+# instead.
+# ********************************************************************************
# A Heat environment file which can be used to enable a
# a TLS for in the internal network via certmonger
parameter_defaults:
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
--- /dev/null
+# EXPERIMENTAL: The configuration enabled by this environment
+# is not considered production-ready.
+#
+# A Heat environment file which can be used to enable a
+# a Manila CephFS Native driver backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
+
+
+parameter_defaults:
+ ManilaCephFSNativeBackendName: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers: false
+ ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
+ ManilaCephFSNativeCephFSAuthId: 'manila'
+ ManilaCephFSNativeCephFSClusterName: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots: false
--- /dev/null
+# This environment file enables Manila with the Isilon backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendIsilon: ../puppet/services/manila-backend-isilon.yaml
+
+parameter_defaults:
+ ManilaIsilonBackendName: tripleo_isilon
+ ManilaIsilonDriverHandlesShareServers: true
+ ManilaIsilonNasLogin: ''
+ ManilaIsilonNasPassword: ''
+ ManilaIsilonNasServer: ''
+ ManilaIsilonNasRootDir: ''
+ ManilaIsilonNasServerPort: 8080
+ ManilaIsilonNasServerSecure: ''
--- /dev/null
+# EXPERIMENTAL: The configuration enabled by this environment
+# is not considered production-ready.
+#
+# This environment file enables Manila with the Netapp backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml
+
+parameter_defaults:
+ ManilaNetappBackendName: tripleo_netapp
+ ManilaNetappDriverHandlesShareServers: true
+ ManilaNetappLogin: ''
+ ManilaNetappPassword: ''
+ ManilaNetappServerHostname: ''
+ ManilaNetappTransportType: 'http'
+ ManilaNetappStorageFamily: 'ontap_cluster'
+ ManilaNetappServerPort: 80
+ ManilaNetappVolumeNameTemplate: 'share_%(share_id)s'
+ ManilaNetappVserver: ''
+ ManilaNetappVserverNameTemplate: 'os_%s'
+ ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s'
+ ManilaNetappAggrNameSearchPattern: '(.*)'
+ ManilaNetappRootVolumeAggr: ''
+ ManilaNetappRootVolume: 'root'
+ ManilaNetappPortNameSearchPattern: '(.*)'
+ ManilaNetappTraceFlags: ''
+ ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0'
+ ManilaNetappVolumeSnapshotReservePercent: 5
+ ManilaNetappSnapmirrorQuiesceTimeout: 3600
--- /dev/null
+# This environment file enables Manila with the VMAX backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendVMAX: ../puppet/services/manila-backend-vmax.yaml
+
+parameter_defaults:
+ ManilaVMAXBackendName: tripleo_manila_vmax
+ ManilaVMAXDriverHandlesShareServers: true
+ ManilaVMAXNasLogin: ''
+ ManilaVMAXNasPassword: ''
+ ManilaVMAXNasServer: ''
+ ManilaVMAXServerContainer: ''
+ ManilaVMAXShareDataPools: ''
+ ManilaVMAXEthernetPorts: ''
+
+
--- /dev/null
+#This file is an example of an environment file for defining the isolated
+#networks and related parameters.
+resource_registry:
+ # Network Interface templates to use (these files must exist)
+ OS::TripleO::BlockStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/controller.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/ceph-storage.yaml
+
+parameter_defaults:
+ # This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.168.24.254
+ EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud
+ # Customize the IP subnets to match the local environment
+ InternalApiNetCidr: 'fd00:fd00:fd00:2000::/64'
+ StorageNetCidr: 'fd00:fd00:fd00:3000::/64'
+ StorageMgmtNetCidr: 'fd00:fd00:fd00:4000::/64'
+ # Tenant tunneling network is IPv4 until IPv6 is fully supported
+ TenantNetCidr: 172.16.0.0/24
+ ExternalNetCidr: '2001:db8:fd00:1000::/64'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
+ # Customize the IP ranges on each network to use for static IPs and VIPs
+ InternalApiAllocationPools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
+ StorageAllocationPools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}]
+ StorageMgmtAllocationPools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
+ TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}]
+ # Leave room if the external network is also used for floating IPs
+ ExternalAllocationPools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}]
+ # Gateway router for the external network
+ ExternalInterfaceDefaultRoute: '2001:db8:fd00:1000::1'
+ # Uncomment if using the Management Network (see network-management-v6.yaml)
+ # ManagementNetCidr: 'fd00:fd00:fd00:6000::/64'
+ # ManagementAllocationPools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 'fd00:fd00:fd00:6000::1'
+ # Define the DNS servers (maximum 2) for the overcloud nodes
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ # List of Neutron network types for tenant networks (will be used in order)
+ NeutronNetworkType: 'vxlan,vlan'
+ # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
+ NeutronTunnelTypes: 'vxlan'
+ # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000':
+ NeutronNetworkVLANRanges: 'datacentre:1:1000'
+ # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100"
+ # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup.
+ BondInterfaceOvsOptions: "bond_mode=active-backup"
--- /dev/null
+# ******************************************************************************
+# DEPRECATED: Modify networks used for custom roles by modifying the role file
+# in the roles/ directory, or disable the network entirely by setting network to
+# "enabled: false" in network_data.yaml.
+# ******************************************************************************
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks. This version of the environment
+# has no dedicated VLAN for tunneling, for deployments that use
+# VLAN mode, flat provider networks, etc.
+resource_registry:
+ # networks as defined in network_data.yaml, except for tenant net
+ {%- for network in networks if network.enabled|default(true) and network.name != 'Tenant' %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Tenant: OS::Heat::None
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip and network.name != 'Tenant' %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+ # Port assignments for each role are determined by the role definition.
+{%- for role in roles %}
+ # Port assignments for the {{role.name}} role.
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant'%}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- elif network.enabled|default(true) %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{% endfor %}
+++ /dev/null
-# Enable the creation of Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks. This version of the environment
-# has no dedicated VLAN for tunneling, for deployments that use
-# VLAN mode, flat provider networks, etc.
-resource_registry:
- OS::TripleO::Network::External: ../network/external.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
- OS::TripleO::Network::Storage: ../network/storage.yaml
- OS::TripleO::Network::Tenant: ../network/noop.yaml
- # Management network is optional and disabled by default.
- # To enable it, include environments/network-management.yaml
- #OS::TripleO::Network::Management: ../network/management.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
{%- endfor %}
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
-
{%- for role in roles %}
# Port assignments for the {{role.name}}
{%- for network in networks %}
NeutronTunnelIdRanges: ''
NeutronNetworkVLANRanges: ''
NeutronVniRanges: ''
+ NovaPatchConfigMonkeyPatch: false
+ NovaPatchConfigMonkeyPatchModules: ''
NovaOVSBridge: 'default_bridge'
NeutronMetadataProxySharedSecret: 'default'
InstanceNameTemplate: 'inst-%08x'
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: 'opendaylight_v2'
- NeutronServicePlugins: 'odl-router_v2'
+ NeutronServicePlugins: 'odl-router_v2,trunk'
NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter"
+ OpenDaylightSNATMechanism: 'controller'
ComputeOvsDpdkParameters:
OvsEnableDpdk: True
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2']
NeutronServicePlugins: 'odl-router_v2,trunk'
NeutronEnableForceMetadata: true
NeutronMechanismDrivers: 'opendaylight_v2'
NeutronServicePlugins: 'odl-router_v2,trunk'
+ NeutronPluginExtensions: 'port_security'
parameter_defaults:
NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch']
-
- # Add PciPassthroughFilter to the scheduler default filters
- #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
- #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
-
- #NeutronPhysicalDevMappings: "datacentre:ens20f2"
-
- # Number of VFs that needs to be configured for a physical interface
- #NeutronSriovNumVFs: "ens20f2:5"
-
- #NovaPCIPassthrough:
- # - devname: "ens20f2"
- # physical_network: "datacentre"
+ NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
# following as needed.
NovaRbdPoolName: vms
CinderRbdPoolName: volumes
+ CinderBackupRbdPoolName: backups
GlanceRbdPoolName: images
GnocchiRbdPoolName: metrics
CephClientUserName: openstack
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: 'opendaylight_v2'
NeutronServicePlugins: 'odl-router_v2,trunk'
- DockerNeutronApiImage: 'centos-binary-neutron-server-opendaylight:latest'
- DockerNeutronConfigImage: 'centos-binary-neutron-server-opendaylight:latest'
--- /dev/null
+# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
+resource_registry:
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
+ OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
+# Disabling Neutron services that overlap with OVN
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+
+
+parameter_defaults:
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
+ # TODO (numans) - This is temporary and needs to be handled in tripleo-common
+ DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
+ DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
--- /dev/null
+# EXPERIMENTAL: The configuration enabled by this environment is not considered
+# production-ready.
+#
+# A Heat environment that can be used to enable SR-IOV support in neutron.
+resource_registry:
+ OS::TripleO::Services::NeutronSriovAgent: ../../docker/services/neutron-sriov-agent.yaml
+ OS::TripleO::Services::NeutronSriovHostConfig: ../../puppet/services/neutron-sriov-host-config.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ['sriovnicswitch','openvswitch']
+ NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
# - OVS: neutron.agent.linux.interface.OVSInterfaceDriver
# - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver
resource_registry:
- OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml
+ OS::TripleO::Services::NeutronLbaasv2Agent: ../../puppet/services/neutron-lbaas.yaml
parameter_defaults:
NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver"
--- /dev/null
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Internal Endpoints
+# description: |
+# A Heat environment file which can be used to enable TLS for the internal
+# network via certmonger
+parameter_defaults:
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ #
+ # Type: boolean
+ EnableInternalTLS: True
+
+ # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host.
+ # Type: string
+ RabbitClientUseSSL: True
+
+ # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
+ # Type: json
+ ServerMetadata:
+ ipa_enroll: True
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
# must also be used.
parameter_defaults:
# The content of the SSL certificate (without Key) in PEM format.
- # Mandatory. This parameter must be set by the user.
# Type: string
SSLCertificate: |
The contents of your certificate go here
exit 1
fi
}
+
+# This function tries to resolve an RPM dependency issue that can arise when
+# updating ceph packages on nodes that do not run the ceph-osd service. These
+# nodes do not require the ceph-osd package, and updates will fail if the
+# ceph-osd package cannot be updated because it's not available in any enabled
+# repo. The dependency issue is resolved by removing the ceph-osd package from
+# nodes that don't require it.
+#
+# No change is made to nodes that use the ceph-osd service (e.g. ceph storage
+# nodes, and hyperconverged nodes running ceph-osd and compute services). The
+# ceph-osd package is left in place, and the currently enabled repos will be
+# used to update all ceph packages.
+function yum_pre_update {
+ echo "Checking for ceph-osd dependency issues"
+
+ # No need to proceed if the ceph-osd package isn't installed
+ if ! rpm -q ceph-osd >/dev/null 2>&1; then
+ echo "ceph-osd package is not installed"
+ return
+ fi
+
+ # Do not proceed if there's any sign that the ceph-osd package is in use:
+ # - Are there OSD entries in /var/lib/ceph/osd?
+ # - Are any ceph-osd processes running?
+ # - Are there any ceph data disks (as identified by 'ceph-disk')
+ if [ -n "$(ls -A /var/lib/ceph/osd 2>/dev/null)" ]; then
+ echo "ceph-osd package is required (there are OSD entries in /var/lib/ceph/osd)"
+ return
+ fi
+
+ if [ "$(pgrep -xc ceph-osd)" != "0" ]; then
+ echo "ceph-osd package is required (there are ceph-osd processes running)"
+ return
+ fi
+
+ if ceph-disk list |& grep -q "ceph data"; then
+ echo "ceph-osd package is required (ceph data disks detected)"
+ return
+ fi
+
+ # Get a list of all ceph packages available from the currently enabled
+ # repos. Use "--showduplicates" to ensure the list includes installed
+ # packages that happen to be up to date.
+ local ceph_pkgs="$(yum list available --showduplicates 'ceph-*' |& awk '/^ceph/ {print $1}' | sort -u)"
+
+ # No need to proceed if no ceph packages are available from the currently
+ # enabled repos.
+ if [ -z "$ceph_pkgs" ]; then
+ echo "ceph packages are not available from any enabled repo"
+ return
+ fi
+
+ # No need to proceed if the ceph-osd package *is* available
+ if [[ $ceph_pkgs =~ ceph-osd ]]; then
+ echo "ceph-osd package is available from an enabled repo"
+ return
+ fi
+
+ echo "ceph-osd package is not required, but is preventing updates to other ceph packages"
+ echo "Removing ceph-osd package to allow updates to other ceph packages"
+ yum -y remove ceph-osd
+}
DEBUG="true"
SCRIPT_NAME=$(basename $0)
$(declare -f log_debug)
-$(declare -f manage_systemd_service)
-$(declare -f systemctl_swift)
-$(declare -f special_case_ovs_upgrade_if_needed)
-# pin nova messaging +-1 for the nova-compute service
-if [[ -n \$NOVA_COMPUTE ]]; then
- crudini --set /etc/nova/nova.conf upgrade_levels compute auto
-fi
-
-special_case_ovs_upgrade_if_needed
-
-if [[ -n \$SWIFT_STORAGE ]]; then
- systemctl_swift stop
-fi
-
-yum -y update
-
-if [[ -n \$SWIFT_STORAGE ]]; then
- systemctl_swift start
-fi
-# Due to bug#1640177 we need to restart compute agent
-if [[ -n \$NOVA_COMPUTE ]]; then
- log_debug "Restarting openstack ceilometer agent compute"
- systemctl restart openstack-ceilometer-compute
- yum install -y openstack-nova-migration
- # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd
- log_debug "Stop and disable libvirtd service for upgrade to containers"
- systemctl stop libvirtd
- systemctl disable libvirtd
- log_debug "Stop and disable openstack-nova-compute for upgrade to containers"
- systemctl stop openstack-nova-compute
- systemctl disable openstack-nova-compute
-fi
-
-# Apply puppet manifest to converge just right after the ${ROLE} upgrade
-$(declare -f run_puppet)
-for step in 1 2 3 4 5 6; do
- log_debug "Running puppet step \$step for ${ROLE}"
- if ! run_puppet /root/${ROLE}_puppet_config.pp ${ROLE} \${step}; then
- log_debug "Puppet failure at step \${step}"
- exit 1
- fi
- log_debug "Completed puppet step \$step"
-done
-
-log_debug "TripleO upgrade run completed."
+log_debug "$UPGRADE_SCRIPT has completed - moving onto ansible playbooks"
ENDOFCAT
# special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714
special_case_ovs_upgrade_if_needed
+# Resolve any RPM dependency issues before attempting the update
+yum_pre_update
+
if [[ "$pacemaker_status" == "active" ]] ; then
echo "Pacemaker running, stopping cluster node and doing full package update"
node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*")
# name:
# - puppet/cephstorage-role.yaml
name:
- - network/internal_api_v6.yaml
- - network/external_v6.yaml
- - network/storage_v6.yaml
- - network/storage_mgmt_v6.yaml
- - network/tenant_v6.yaml
- - network/management_v6.yaml
+ - None
+++ /dev/null
-heat_template_version: pike
-
-description: >
- External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ExternalNetCidr:
- # OpenStack uses the EUI-64 address format, which requires a /64 prefix
- default: '2001:db8:fd00:1000::/64'
- description: Cidr for the external network.
- type: string
- ExternalNetValueSpecs:
- default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'}
- description: Value specs for the external network.
- type: json
- ExternalNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ExternalNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ExternalSubnetName:
- default: external_subnet
- description: The name of the external subnet in Neutron.
- type: string
- ExternalAllocationPools:
- default: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the external network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
- ExternalInterfaceDefaultRoute:
- default: '2001:db8:fd00:1000::1'
- description: default route for the external network
- type: string
-
-resources:
- ExternalNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ExternalNetAdminStateUp}
- name: {get_param: ExternalNetName}
- shared: {get_param: ExternalNetShared}
- value_specs: {get_param: ExternalNetValueSpecs}
-
- ExternalSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: ExternalNetCidr}
- name: {get_param: ExternalSubnetName}
- network: {get_resource: ExternalNetwork}
- allocation_pools: {get_param: ExternalAllocationPools}
- gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
-
-outputs:
- OS::stack_id:
- description: Neutron external network
- value: {get_resource: ExternalNetwork}
- subnet_cidr:
- value: {get_attr: [ExternalSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Internal API network. Used for most APIs, Database, RPC.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- InternalApiNetCidr:
- # OpenStack uses the EUI-64 address format, which requires a /64 prefix
- default: 'fd00:fd00:fd00:2000::/64'
- description: Cidr for the internal_api network.
- type: string
- InternalApiNetValueSpecs:
- default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'}
- description: Value specs for the internal_api network.
- type: json
- InternalApiNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- InternalApiNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- InternalApiNetName:
- default: internal_api
- description: The name of the internal_api network.
- type: string
- InternalApiSubnetName:
- default: internal_api_subnet
- description: The name of the internal_api subnet in Neutron.
- type: string
- InternalApiAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the internal_api network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- InternalApiNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: InternalApiNetAdminStateUp}
- name: {get_param: InternalApiNetName}
- shared: {get_param: InternalApiNetShared}
- value_specs: {get_param: InternalApiNetValueSpecs}
-
- InternalApiSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: InternalApiNetCidr}
- name: {get_param: InternalApiSubnetName}
- network: {get_resource: InternalApiNetwork}
- allocation_pools: {get_param: InternalApiAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron internal network
- value: {get_resource: InternalApiNetwork}
- subnet_cidr:
- value: {get_attr: [InternalApiSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Management network. System administration, SSH, DNS, NTP, etc. This network
- would usually be the default gateway for the non-controller nodes.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ManagementNetCidr:
- default: 'fd00:fd00:fd00:6000::/64'
- description: Cidr for the management network.
- type: string
- ManagementNetValueSpecs:
- default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
- description: Value specs for the management network.
- type: json
- ManagementNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ManagementNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- ManagementSubnetName:
- default: management_subnet
- description: The name of the management subnet in Neutron.
- type: string
- ManagementAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the management network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- ManagementNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ManagementNetAdminStateUp}
- name: {get_param: ManagementNetName}
- shared: {get_param: ManagementNetShared}
- value_specs: {get_param: ManagementNetValueSpecs}
-
- ManagementSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: ManagementNetCidr}
- name: {get_param: ManagementSubnetName}
- network: {get_resource: ManagementNetwork}
- allocation_pools: {get_param: ManagementAllocationPools}
-
-outputs:
- OS::stack_id:
- description: Neutron management network
- value: {get_resource: ManagementNetwork}
- subnet_cidr:
- value: {get_attr: [ManagementSubnet, cidr]}
--- /dev/null
+heat_template_version: pike
+
+description: >
+ {{network.name}} network definition (automatically generated).
+
+parameters:
+ # the defaults here work for static IP assignment (IPAM) only
+ {{network.name}}NetCidr:
+{%- if network.ipv6 or ipv6_override %}
+ default: "{{network.ipv6_subnet|default(network.ip_subnet|default(""))}}"
+{%- else %}
+ default: "{{network.ip_subnet|default("")}}"
+{%- endif %}
+ description: Cidr for the {{network.name_lower}} network.
+ type: string
+ {{network.name}}NetValueSpecs:
+ default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
+ description: Value specs for the {{network.name_lower}} network.
+ type: json
+{%- if not ":" in network.ip_subnet and not network.ipv6 and not ipv6_override %}
+ {{network.name}}NetEnableDHCP:
+ default: false
+ description: Whether to enable DHCP on the associated subnet (IPv4 only).
+ type: boolean
+{%- endif %}
+ {{network.name}}NetAdminStateUp:
+ default: false
+ description: The admin state of the network.
+ type: boolean
+ {{network.name}}NetShared:
+ default: false
+ description: Whether this network is shared across all tenants.
+ type: boolean
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
+ type: string
+ {{network.name}}SubnetName:
+ default: {{network.name_lower}}_subnet
+ description: The name of the {{network.name_lower}} subnet in Neutron.
+ type: string
+ {{network.name}}AllocationPools:
+{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
+ default: {{network.ipv6_allocation_pools|default(network.allocation_pools|default([]))}}
+{%- else %}
+ default: {{network.allocation_pools|default([])}}
+{%- endif %}
+ description: Ip allocation pool range for the {{network.name_lower}} network.
+ type: json
+{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
+ IPv6AddressMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 address mode
+ type: string
+ IPv6RAMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 router advertisement mode
+ type: string
+{%- endif %}
+ {{network.name}}InterfaceDefaultRoute:
+{%- if network.ipv6 or ipv6_override %}
+ default: "{{network.gateway_ipv6|default(network.gateway_ip|default(''))}}"
+{%- else %}
+ default: "{{network.gateway_ip|default('')}}"
+{%- endif %}
+ description: default route for the {{network.name_lower}} network
+ type: string
+{%- if network.vlan %}
+ {{network.name}}NetworkVlanID:
+ default: {{network.vlan}}
+ description: Vlan ID for the {{network.name}} network traffic.
+ type: number
+{%- endif %}
+
+resources:
+ {{network.name}}Network:
+ type: OS::Neutron::Net
+ properties:
+ admin_state_up: {get_param: {{network.name}}NetAdminStateUp}
+ name: {get_param: {{network.name}}NetName}
+ shared: {get_param: {{network.name}}NetShared}
+ value_specs: {get_param: {{network.name}}NetValueSpecs}
+
+ {{network.name}}Subnet:
+ type: OS::Neutron::Subnet
+ properties:
+{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
+ ip_version: 6
+ ipv6_address_mode: {get_param: IPv6AddressMode}
+ ipv6_ra_mode: {get_param: IPv6RAMode}
+{%- else %}
+ enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
+{%- endif %}
+ cidr: {get_param: {{network.name}}NetCidr}
+ name: {get_param: {{network.name}}SubnetName}
+ network: {get_resource: {{network.name}}Network}
+ allocation_pools: {get_param: {{network.name}}AllocationPools}
+ gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: {{network.name_lower}} network
+ value: {get_resource: {{network.name}}Network}
+ subnet_cidr:
+ value: {get_attr: [{{network.name}}Subnet, cidr]}
-heat_template_version: pike
-
-description: >
- {{network.name}} network definition (automatically generated).
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- {{network.name}}NetCidr:
- default: {{network.ip_subnet|default("")}}
- description: Cidr for the {{network.name_lower}} network.
- type: string
- {{network.name}}NetValueSpecs:
- default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
- description: Value specs for the {{network.name_lower}} network.
- type: json
- {{network.name}}NetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- {{network.name}}NetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- {{network.name}}NetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- {{network.name}}NetName:
- default: {{network.name_lower}}
- description: The name of the {{network.name_lower}} network.
- type: string
- {{network.name}}SubnetName:
- default: {{network.name_lower}}_subnet
- description: The name of the {{network.name_lower}} subnet in Neutron.
- type: string
- {{network.name}}AllocationPools:
- default: {{network.allocation_pools|default([])}}
- description: Ip allocation pool range for the {{network.name_lower}} network.
- type: json
- {{network.name}}InterfaceDefaultRoute:
- default: {{network.gateway_ip|default('""')}}
- description: default route for the {{network.name_lower}} network
- type: string
-{%- if network.vlan %}
- {{network.name}}NetworkVlanID:
- default: {{network.vlan}}
- description: Vlan ID for the {{network.name}} network traffic.
- type: number
-{%- endif %}
-{%- if network.ipv6 %}
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-{%- endif %}
-
-resources:
- {{network.name}}Network:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: {{network.name}}NetAdminStateUp}
- name: {get_param: {{network.name}}NetName}
- shared: {get_param: {{network.name}}NetShared}
- value_specs: {get_param: {{network.name}}NetValueSpecs}
-
- {{network.name}}Subnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: {{network.name}}NetCidr}
- name: {get_param: {{network.name}}SubnetName}
- network: {get_resource: {{network.name}}Network}
- allocation_pools: {get_param: {{network.name}}AllocationPools}
- gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute}
-{%- if network.ipv6 %}
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
-{%- else %}
- enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
-{%- endif %}
-
-outputs:
- OS::stack_id:
- description: {{network.name_lower}} network
- value: {get_resource: {{network.name}}Network}
- subnet_cidr:
- value: {get_attr: [{{network.name}}Subnet, cidr]}
+{% include 'network.j2' %}
--- /dev/null
+{% set ipv6_override = true -%}
+{% include 'network.j2' %}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Storage management network. Storage replication, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageMgmtNetCidr:
- # OpenStack uses the EUI-64 address format, which requires a /64 prefix
- default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage_mgmt network.
- type: string
- StorageMgmtNetValueSpecs:
- default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'}
- description: Value specs for the storage_mgmt network.
- type: json
- StorageMgmtNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageMgmtNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the storage_mgmt network.
- type: string
- StorageMgmtSubnetName:
- default: storage_mgmt_subnet
- description: The name of the storage_mgmt subnet in Neutron.
- type: string
- StorageMgmtAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the storage_mgmt network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- StorageMgmtNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageMgmtNetAdminStateUp}
- name: {get_param: StorageMgmtNetName}
- shared: {get_param: StorageMgmtNetShared}
- value_specs: {get_param: StorageMgmtNetValueSpecs}
-
- StorageMgmtSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: StorageMgmtNetCidr}
- name: {get_param: StorageMgmtSubnetName}
- network: {get_resource: StorageMgmtNetwork}
- allocation_pools: {get_param: StorageMgmtAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage management network
- value: {get_resource: StorageMgmtNetwork}
- subnet_cidr:
- value: {get_attr: [StorageMgmtSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Storage network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageNetCidr:
- # OpenStack uses the EUI-64 address format, which requires a /64 prefix
- default: 'fd00:fd00:fd00:3000::/64'
- description: Cidr for the storage network.
- type: string
- StorageNetValueSpecs:
- default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'}
- description: Value specs for the storage network.
- type: json
- StorageNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageSubnetName:
- default: storage_subnet
- description: The name of the storage subnet in Neutron.
- type: string
- StorageAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the storage network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- StorageNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageNetAdminStateUp}
- name: {get_param: StorageNetName}
- shared: {get_param: StorageNetShared}
- value_specs: {get_param: StorageNetValueSpecs}
-
- StorageSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: StorageNetCidr}
- name: {get_param: StorageSubnetName}
- network: {get_resource: StorageNetwork}
- allocation_pools: {get_param: StorageAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage network
- value: {get_resource: StorageNetwork}
- subnet_cidr:
- value: {get_attr: [StorageSubnet, cidr]}
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Tenant IPv6 network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- TenantNetCidr:
- # OpenStack uses the EUI-64 address format, which requires a /64 prefix
- default: 'fd00:fd00:fd00:5000::/64'
- description: Cidr for the tenant network.
- type: string
- TenantNetValueSpecs:
- default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'}
- description: Value specs for the tenant network.
- type: json
- TenantNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- TenantNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
- TenantSubnetName:
- default: tenant_subnet
- description: The name of the tenant subnet in Neutron.
- type: string
- TenantAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the tenant network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- TenantNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: TenantNetAdminStateUp}
- name: {get_param: TenantNetName}
- shared: {get_param: TenantNetShared}
- value_specs: {get_param: TenantNetValueSpecs}
-
- TenantSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: TenantNetCidr}
- name: {get_param: TenantSubnetName}
- network: {get_resource: TenantNetwork}
- allocation_pools: {get_param: TenantAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron tenant network
- value: {get_resource: TenantNetwork}
- subnet_cidr:
- value: {get_attr: [TenantSubnet, cidr]}
# name_lower: lowercase version of name used for filenames
# (optional, defaults to name.lower())
# enabled: Is the network enabled (optional, defaults to true)
-# ipv6: Does this network use IPv6 IPs? (optional, defaults to false)
-# (optional, may use parameter defaults in environment to set)
# vlan: vlan for the network (optional)
# vip: Enable creation of a virtual IP on this network
-# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports,
-# to support VIPs on non-default networks.
-# See https://bugs.launchpad.net/tripleo/+bug/1667104
-# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults)
-# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}]
+# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' or '2001:db8:fd00:1000::/64'
+# (optional, may use parameter defaults instead)
+# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250'}]
# gateway_ip: gateway for the network (optional, may use parameter defaults)
-# NOTE: IP-related values set parameter defaults in templates, may be overridden.
-# compat_name: for existing stack you may need to override the default transformation
-# for the resource's name.
+# ipv6_subnet: Optional, sets default IPv6 subnet if IPv4 is already defined.
+# ipv6_allocation_pools: Set default IPv6 allocation pools if IPv4 allocation pools
+# are already defined.
+# ipv6_gateway: Set an IPv6 gateway if IPv4 gateway already defined.
+# ipv6: If ip_subnet not defined, this specifies that the network is IPv6-only.
+# NOTE: IP-related values set parameter defaults in templates, may be overridden,
+# either by operators, or e.g in environments/network-isolation-v6.yaml where we
+# set some default IPv6 addresses.
+# compat_name: for existing stack you may need to override the default
+# transformation for the resource's name.
#
# Example:
# - name Example
# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}]
# gateway_ip: '10.0.2.254'
#
-# TODO (dsneddon) remove existing templates from j2_excludes.yaml
-# and generate all templates dynamically.
+# To support backward compatility, two versions of the network definitions will
+# be created, network/<network>.yaml and network/<network>_v6.yaml. Only
+# one of these files may be used in the deployment at a time, since the
+# parameters used for configuration are the same in both files. In the
+# future, this behavior may be changed to create only one file for custom
+# networks. You may specify IPv6 addresses for ip_subnet, allocation_pools,
+# and gateway_ip if no IPv4 addresses are used for a custom network, or set
+# ipv6: true, and the network/<network>.yaml file will be configured as IPv6.
+#
+# For configuring both IPv4 and IPv6 on the same interface, use two separate
+# networks, and then assign both IPs in the custom NIC configuration templates.
- name: External
vip: true
ip_subnet: '10.0.0.0/24'
allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
gateway_ip: '10.0.0.1'
+ ipv6_subnet: '2001:db8:fd00:1000::/64'
+ ipv6_allocation_pools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}]
+ gateway_ipv6: '2001:db8:fd00:1000::1'
- name: InternalApi
name_lower: internal_api
vip: true
ip_subnet: '172.16.2.0/24'
allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
+ ipv6_subnet: 'fd00:fd00:fd00:2000::/64'
+ ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
compat_name: Internal
- name: Storage
vip: true
name_lower: storage
ip_subnet: '172.16.1.0/24'
allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}]
+ ipv6_subnet: 'fd00:fd00:fd00:3000::/64'
+ ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}]
- name: StorageMgmt
name_lower: storage_mgmt
vip: true
ip_subnet: '172.16.3.0/24'
allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
+ ipv6_subnet: 'fd00:fd00:fd00:4000::/64'
+ ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
- name: Tenant
vip: false # Tenant network does not use VIPs
name_lower: tenant
ip_subnet: '172.16.0.0/24'
allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}]
+ ipv6_subnet: 'fd00:fd00:fd00:5000::/64'
+ ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}]
- name: Management
- # Management network is disabled by default
- enabled: false
+ # Management network is enabled by default for backwards-compatibility, but
+ # is not included in any roles by default. Add to role definitions to use.
+ enabled: true
vip: false # Management network does not use VIPs
name_lower: management
ip_subnet: '10.0.1.0/24'
allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
+ ipv6_subnet: 'fd00:fd00:fd00:6000::/64'
+ ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
OS::TripleO::Services::ManilaShare: OS::Heat::None
OS::TripleO::Services::ManilaBackendGeneric: OS::Heat::None
+ OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
+ OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None
+ OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None
OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
-{%- endfor %}
- controllerExtraConfig:
- default: {}
- description: |
- DEPRECATED use ControllerExtraConfig instead
- type: json
- NovaComputeExtraConfig:
+{%- if role.deprecated_param_extraconfig is defined %}
+ {{role.deprecated_param_extraconfig}}:
default: {}
description: |
- DEPRECATED use ComputeExtraConfig instead
+ DEPRECATED use {{role.name}}ExtraConfig instead
type: json
+{%- endif %}
+{%- endfor %}
NeutronControlPlaneID:
default: 'ctlplane'
type: string
doing an update which requires removal of specific resources.
Example format ComputeRemovalPolicies: [{'resource_list': ['0']}]
-{% if role.name != 'Compute' %}
{{role.name}}SchedulerHints:
+ type: json
description: Optional scheduler hints to pass to nova
-{% else %}
- NovaComputeSchedulerHints:
- description: DEPRECATED - use ComputeSchedulerHints instead
-{% endif %}
+ default: {}
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ {{role.deprecated_param_scheduler_hints}}:
type: json
+ description: DEPRECATED - use {{role.name}}SchedulerHints instead
default: {}
+{%- endif %}
{{role.name}}Parameters:
type: json
description: >
List of server hostnames to blacklist from any triggered deployments.
+{% for role in roles %}
+{%- if role.deprecated_param_scheduler_hints is defined or role.deprecated_param_extraconfig is defined %}
+{%- if not parameter_groups_defined|default(false) %}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+{%- set parameter_groups_defined = true %}
+{%- endif %}
+{%- endif %}
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ - {{role.deprecated_param_scheduler_hints}}
+{%- endif %}
+{%- if role.deprecated_param_extraconfig is defined %}
+ - {{role.deprecated_param_extraconfig}}
+{%- endif %}
+{%- endfor %}
+
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
map_merge:
- get_attr: [{{role.name}}ServiceConfigSettings, value]
- get_param: ExtraConfig
- {%- if role.name == 'Controller' %}
- - map_merge:
- - get_param: controllerExtraConfig
- - get_param: {{role.name}}ExtraConfig
- {%- elif role.name == 'Compute' %}
- - map_merge:
- - get_param: NovaComputeExtraConfig
- - get_param: {{role.name}}ExtraConfig
- {%- else %}
+{%- if role.deprecated_param_extraconfig is defined %}
+ - get_param: {{role.deprecated_param_extraconfig}}
+{%- endif %}
- get_param: {{role.name}}ExtraConfig
- {%- endif %}
# Filter any null/None service_names which may be present due to mapping
# of services to OS::Heat::None
params:
'%stackname%': {get_param: 'OS::stack_name'}
NodeIndex: '%index%'
- {% if role.name != 'Compute' %}
- {{role.name}}SchedulerHints: {get_param: {{role.name}}SchedulerHints}
- {% else %}
- NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints}
- {% endif %}
+ # Note, SchedulerHints must be defined here, not only in the
+ # nested template, as it can contain %index%
+ {{role.name}}SchedulerHints:
+ map_merge:
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ - {get_param: {{role.deprecated_param_scheduler_hints}}}
+{%- endif %}
+ - {get_param: {{role.name}}SchedulerHints}
ServiceConfigSettings: {get_attr: [{{role.name}}ServiceConfigSettings, value]}
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
+ LoggingSources: {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]}
+ LoggingGroups: {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
RoleParameters: {get_param: {{role.name}}Parameters}
- ','
{% for role in roles %}
- {get_attr: [{{role.name}}ServiceNames, value]}
-{% endfor %}
- logging_groups:
- yaql:
- expression: >
- $.data.groups.flatten()
- data:
- groups:
-{% for role in roles %}
- - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]}
-{% endfor %}
- logging_sources:
- yaql:
- expression: >
- $.data.sources.flatten()
- data:
- sources:
-{% for role in roles %}
- - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]}
{% endfor %}
controller_ips: {get_attr: [{{primary_role_name}}, ip_address]}
controller_names: {get_attr: [{{primary_role_name}}, hostname]}
type: comma_delimited_list
controller_ips:
type: comma_delimited_list
- logging_groups:
- type: json
- logging_sources:
- type: json
service_ips:
type: json
service_node_names:
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
map_merge:
- - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- enabled_services:
yaql:
expression: $.data.distinct()
description: DEPRECATED - use {{role.name}}IPs instead
type: json
{%- endif %}
+ {{role.name}}NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: []
NetworkDeploymentActions:
type: comma_delimited_list
description: >
type: json
description: Optional scheduler hints to pass to nova
default: {}
-{%- if role.deprecated_param_scheduler_hints is defined %}
- {{role.deprecated_param_scheduler_hints}}:
- type: json
- description: DEPRECATED - use {{role.name}}SchedulerHints instead
- default: {}
-{%- endif %}
NodeIndex:
type: number
default: 0
description: Do not use deprecated params, they will be removed.
parameters:
{%- for property in role %}
-{%- if property.startswith('deprecated_param_') %}
+{%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
- {{role[property]}}
{%- endif %}
{%- endfor %}
- {get_param: {{role.deprecated_param_flavor}}}
- {{default_flavor_name}}
{%- endif %}
+ role_network_deployment_actions_exists:
+ not:
+ equals:
+ - {get_param: {{role.name}}NetworkDeploymentActions}
+ - []
resources:
{{server_resource_name}}:
{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints:
- map_merge:
-{%- if role.deprecated_param_scheduler_hints is defined %}
- - {get_param: {{role.deprecated_param_scheduler_hints}}}
-{%- endif %}
- - {get_param: {{role.name}}SchedulerHints}
+ scheduler_hints: {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
actions:
if:
- server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
+ - if:
+ - role_network_deployment_actions_exists
+ - {get_param: {{role.name}}NetworkDeploymentActions}
+ - {get_param: NetworkDeploymentActions}
- []
{{server_resource_name}}UpgradeInitConfig:
a deployment step, these are executed before the main configuration run.
To describe actions or workflows from within a service use:
- * service_workflow_tasks: One or more workflow task properties
+ * workflow_tasks: One or more workflow task properties
which expects a map where the key is the step and the value a list of
dictionaries descrbing each a workflow task, for example::
- service_workflow_tasks:
+ workflow_tasks:
step2:
- name: echo
action: std.echo output=Hello
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- aodh_api_upgrade:
- - name: Stop aodh_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop aodh_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- barbican_api_upgrade:
- - name: Check if barbican_api is deployed
- command: systemctl is-enabled openstack-barbican-api
- tags: common
- ignore_errors: True
- register: barbican_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
- shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
- when: barbican_api_enabled.rc == 0
- tags: step0,validation
- - name: Install openstack-barbican-api package if it was disabled
- tags: step3
- yum: name=openstack-barbican-api state=latest
- when: barbican_api_enabled.rc != 0
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if barbican_api is deployed
+ command: systemctl is-enabled openstack-barbican-api
+ tags: common
+ ignore_errors: True
+ register: barbican_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ when: barbican_api_enabled.rc == 0
+ tags: step0,validation
+ - name: Install openstack-barbican-api package if it was disabled
+ tags: step3
+ yum: name=openstack-barbican-api state=latest
+ when: barbican_api_enabled.rc != 0
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- ceilometer_api_upgrade:
- - name: Stop ceilometer_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop ceilometer_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
ceph::params::packages:
- ceph-base
- ceph-mon
- - ceph-osd
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
list_join: ['.', ['client', {get_param: CephClientUserName}]]
MANILA_CLIENT_KEY:
list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
+ service_config_settings:
+ ceph_osd:
+ ceph::params::packages:
+ - ceph-base
+ - ceph-mon
+ - ceph-osd
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- cinder_api_upgrade:
- - name: Check if cinder_api is deployed
- command: systemctl is-enabled openstack-cinder-api
- tags: common
- ignore_errors: True
- register: cinder_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
- shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
- when: cinder_api_enabled.rc == 0
- tags: step0,validation
- - name: check for cinder running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
- register: cinder_apache
- ignore_errors: true
- - name: Stop cinder_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: cinder_apache.rc == 0
- - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
- tags: step1
- when: cinder_api_enabled.rc == 0
- service: name=openstack-cinder-api state=stopped enabled=no
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if cinder_api is deployed
+ command: systemctl is-enabled openstack-cinder-api
+ tags: common
+ ignore_errors: True
+ register: cinder_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ when: cinder_api_enabled.rc == 0
+ tags: step0,validation
+ - name: check for cinder running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+ register: cinder_apache
+ ignore_errors: true
+ - name: Stop cinder_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: cinder_apache.rc == 0
+ - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: cinder_api_enabled.rc == 0
+ service: name=openstack-cinder-api state=stopped enabled=no
--- /dev/null
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: pike
+
+description: >
+ Openstack Cinder Dell EMC VMAX iscsi backend
+
+parameters:
+ CinderEnableDellEMCVMAXISCSIBackend:
+ type: boolean
+ default: true
+ CinderDellEMCVMAXISCSIBackendName:
+ type: string
+ default: 'tripleo_dellemc_vmax_iscsi'
+ CinderDellEMCVMAXISCSIConfigFile:
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC VMAX iscsi backend.
+ value:
+ service_name: cinder_backend_dellemc_vmax_iscsi
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellemc_vmax_iscsi_backend: {get_param: CinderEnableDellEMCVMAXISCSIBackend}
+ cinder::backend::dell_emc_vmax_iscsi::volume_backend_name: {get_param: CinderDellEMCVMAXISCSIBackendName}
+ cinder::backend::dell_emc_vmax_iscsi::cinder_emc_config_file: {get_param: CinderDellEMCVMAXISCSIConfigFile}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
+ # Bind to localhost if internal TLS is enabled, since we put a TLs
+ # proxy in front.
+ redis::bind:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
- redis::sentinel::sentinel_bind: {get_param: [ServiceNetMap, RedisNetwork]}
+ redis::sentinel::sentinel_bind:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, RedisNetwork]}
redis::ulimit: {get_param: RedisFDLimit}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
+
RedisBase:
type: ./redis-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
dport:
- 6379
- 26379
+ tripleo::profile::base::database::redis::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, RedisNetwork]
+ tripleo::profile::base::database::redis::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ tripleo::profile::base::database::redis::tls_proxy_port: 6379
+ - if:
+ - use_tls_proxy
+ - redis_certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/redis.crt'
+ service_key: '/etc/pki/tls/private/redis.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ principal:
+ str_replace:
+ template: "redis/%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::database::redis
+ metadata_settings:
+ if:
+ - use_tls_proxy
+ -
+ - service: redis
+ network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ type: vip
+ - null
upgrade_tasks:
- name: Check if redis is deployed
command: systemctl is-enabled redis
value:
service_name: mongodb_disabled
upgrade_tasks:
+ - name: Check for mongodb service
+ stat: path=/usr/lib/systemd/system/mongod.service
+ tags: common
+ register: mongod_service
- name: Stop and disable mongodb service on upgrade
tags: step1
service: name=mongod state=stopped enabled=no
+ when: mongod_service.stat.exists
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- gnocchi_api_upgrade:
- - name: Stop gnocchi_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop gnocchi_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
outputs:
role_data:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
tripleo::certmonger::haproxy_dirs::certificate_dir:
get_param: HAProxyInternalTLSCertsDirectory
tripleo::certmonger::haproxy_dirs::key_dir:
get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ service_pem: {get_param: DeployedSSLCertificatePath}
service_certificate:
list_join:
- ''
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.keystone_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- keystone_upgrade:
- - name: Stop keystone service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop keystone service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Openstack Manila isilon backend.
+
+parameters:
+ ManilaIsilonDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaIsilonBackendName:
+ type: string
+ default: tripleo_isilon
+ ManilaIsilonNasLogin:
+ type: string
+ default: ''
+ ManilaIsilonNasPassword:
+ type: string
+ default: ''
+ ManilaIsilonNasServer:
+ type: string
+ default: ''
+ ManilaIsilonNasRootDir:
+ type: string
+ default: ''
+ ManilaIsilonNasServerPort:
+ type: number
+ default: 8080
+ ManilaIsilonNasServerSecure:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila Isilon backend.
+ value:
+ service_name: manila_backend_isilon
+ config_settings:
+ manila::backend::dellemc_isilon::title: {get_param: ManilaIsilonBackendName}
+ manila::backend::dellemc_isilon::emc_nas_login: {get_param: ManilaIsilonNasLogin}
+ manila::backend::dellemc_isilon::driver_handles_share_servers: {get_param: ManilaIsilonDriverHandlesShareServers}
+ manila::backend::dellemc_isilon::emc_nas_password: {get_param: ManilaIsilonNasPassword}
+ manila::backend::dellemc_isilon::emc_nas_server: {get_param: ManilaIsilonNasServer}
+ manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
+ manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
+ manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
+ step_config:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Openstack Manila vmax backend.
+
+parameters:
+ ManilaVMAXDriverHandlesShareServers:
+ type: string
+ default: false
+ ManilaVMAXBackendName:
+ type: string
+ default: tripleo_manila_vmax
+ ManilaVMAXNasLogin:
+ type: string
+ default: ''
+ ManilaVMAXNasPassword:
+ type: string
+ default: ''
+ ManilaVMAXNasServer:
+ type: string
+ default: ''
+ ManilaVMAXServerContainer:
+ type: string
+ default: ''
+ ManilaVMAXShareDataPools:
+ type: string
+ default: ''
+ ManilaVMAXEthernetPorts:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila VMAX backend.
+ value:
+ service_name: manila_backend_vmax
+ config_settings:
+ manila::backend::dellemc_vmax::title: {get_param: ManilaVMAXBackendName}
+ manila::backend::dellemc_vmax::emc_nas_login: {get_param: ManilaVMAXNasLogin}
+ manila::backend::dellemc_vmax::driver_handles_share_servers: {get_param: ManilaVMAXDriverHandlesShareServers}
+ manila::backend::dellemc_vmax::emc_nas_password: {get_param: ManilaVMAXNasPassword}
+ manila::backend::dellemc_vmax::emc_nas_server: {get_param: ManilaVMAXNasServer}
+ manila::backend::dellemc_vmax::emc_share_backend: {'vmax'}
+ manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
+ manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
+ manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
+ step_config:
+
manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
manila::compute::nova::nova_admin_tenant_name: 'service'
manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
+ manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
step_config: |
include ::tripleo::profile::base::manila::scheduler
type: number
default: 0
description: The number of neutron dhcp agents to schedule per network
+ DhcpAgentNotification:
+ default: true
+ description: Whether or not to enable DHCP agent notifications.
+ type: boolean
NeutronDnsDomain:
type: string
default: openstacklocal
- {get_param: NeutronDebug }
neutron::purge_config: {get_param: EnableConfigPurge}
neutron::allow_overlapping_ips: true
+ neutron::dhcp_agent_notification: {get_param: DhcpAgentNotification}
neutron::dns_domain: {get_param: NeutronDnsDomain}
neutron::rabbit_heartbeat_timeout_threshold: 60
neutron::host: '%{::fqdn}'
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
- yaql:
- expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade
- data:
- ovs_upgrade:
- get_attr: [Ovs, role_data, upgrade_tasks]
- neutron_ovs_upgrade:
- - name: Check if neutron_ovs_agent is deployed
- command: systemctl is-enabled neutron-openvswitch-agent
- tags: common
- ignore_errors: True
- register: neutron_ovs_agent_enabled
- - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
- shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
- when: neutron_ovs_agent_enabled.rc == 0
- tags: step0,validation
- - name: Stop neutron_ovs_agent service
- tags: step1
- when: neutron_ovs_agent_enabled.rc == 0
- service: name=neutron-openvswitch-agent state=stopped
+ list_concat:
+ - get_attr: [Ovs, role_data, upgrade_tasks]
+ -
+ - name: Check if neutron_ovs_agent is deployed
+ command: systemctl is-enabled neutron-openvswitch-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_ovs_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_ovs_agent_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop neutron_ovs_agent service
+ tags: step1
+ when: neutron_ovs_agent_enabled.rc == 0
+ service: name=neutron-openvswitch-agent state=stopped
type: boolean
default: false
+ NovaPatchConfigMonkeyPatch:
+ description: Apply monkey patching or not
+ type: boolean
+ default: false
+
+ NovaPatchConfigMonkeyPatchModules:
+ description: List of modules/decorators to monkey patch
+ type: comma_delimited_list
+ default: ''
+
resources:
NeutronML2Base:
neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ nova::patch::config::monkey_patch: {get_param: NovaPatchConfigMonkeyPatch}
+ nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
NativeDhcpMetadata:
default: True
description: This is the flag to indicate if using native DHCP/Metadata or not.
- type: string
+ type: boolean
DhcpProfileUuid:
description: This is the UUID of the NSX DHCP Profile that will be used to enable
native DHCP service.
value:
service_name: neutron_plugin_nsx
config_settings:
- neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz}
- neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router}
- neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers}
- neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser}
- neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword}
- neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata}
- neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid}
- neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid}
+ neutron::plugins::nsx::default_overlay_tz: {get_param: DefaultOverlayTz}
+ neutron::plugins::nsx::default_tier0_router: {get_param: DefaultTier0Router}
+ neutron::plugins::nsx::nsx_api_managers: {get_param: NsxApiManagers}
+ neutron::plugins::nsx::nsx_api_user: {get_param: NsxApiUser}
+ neutron::plugins::nsx::nsx_api_password: {get_param: NsxApiPassword}
+ neutron::plugins::nsx::native_dhcp_metadata: {get_param: NativeDhcpMetadata}
+ neutron::plugins::nsx::dhcp_profile_uuid: {get_param: DhcpProfileUuid}
+ neutron::plugins::nsx::metadata_proxy_uuid: {get_param: MetadataProxyUuid}
step_config: |
- include tripleo::profile::base::neutron::plugins::nsx_v3
+ include tripleo::profile::base::neutron::plugins::nsx
- get_attr: [RoleParametersValue, value]
step_config: |
include ::tripleo::profile::base::neutron::sriov
+ upgrade_tasks:
+ - name: Check if neutron_sriov_agent is deployed
+ command: systemctl is-enabled neutron-sriov-nic-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_sriov_nic_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-server is running"
+ shell: /usr/bin/systemctl show 'neutron-sriov-nic-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_sriov_nic_agent_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop neutron_sriov_nic_agent service
+ tags: step1
+ when: neutron_sriov_nic_agent_enabled.rc == 0
+ service: name=neutron-sriov-nic-agent state=stopped
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron SR-IOV host configuration
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronSriovNumVFs:
+ description: >
+ Provide the list of VFs to be reserved for each SR-IOV interface.
+ Format "<interface_name1>:<numvfs1>,<interface_name2>:<numvfs2>"
+ Example "eth1:4096,eth2:128"
+ type: comma_delimited_list
+ default: ""
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - tripleo::host::sriov::number_of_vfs: NeutronSriovNumVFs
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NeutronSriovNumVFs: {get_param: NeutronSriovNumVFs}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron SR-IOV nic agent service.
+ value:
+ service_name: neutron_sriov_host_config
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
+ step_config: |
+ include ::tripleo::host::sriov
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.nova_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- nova_api_upgrade:
- - name: get bootstrap nodeid
- tags: common
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - name: set is_bootstrap_node fact
- tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- - name: Extra migration for nova tripleo/+bug/1656791
- tags: step0,pre-upgrade
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
- - name: Stop and disable nova_api service (pre-upgrade not under httpd)
- tags: step2
- service: name=openstack-nova-api state=stopped enabled=no
- - name: Create puppet manifest to set transport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- copy:
- dest: /root/nova-api_upgrade_manifest.pp
- mode: 0600
- content: >
- $transport_url = os_transport_url({
- 'transport' => hiera('messaging_service_name', 'rabbit'),
- 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
- 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
- 'username' => hiera('nova::rabbit_userid', 'guest'),
- 'password' => hiera('nova::rabbit_password'),
- 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
- })
- oslo::messaging::default { 'nova_config':
- transport_url => $transport_url
- }
- - name: Run puppet apply to set tranport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
- register: puppet_apply_nova_api_upgrade
- failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
- changed_when: puppet_apply_nova_api_upgrade.rc == 2
- - name: Setup cell_v2 (map cell0)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
- - name: Setup cell_v2 (create default cell)
- tags: step5
- when: is_bootstrap_node
- # (owalsh) puppet-nova expects the cell name 'default'
- # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
- shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
- register: nova_api_create_cell
- failed_when: nova_api_create_cell.rc not in [0,2]
- changed_when: nova_api_create_cell.rc == 0
- - name: Setup cell_v2 (sync nova/cell DB)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db sync
- async: {get_param: NovaDbSyncTimeout}
- poll: 10
- - name: Setup cell_v2 (get cell uuid)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
- register: nova_api_cell_uuid
- - name: Setup cell_v2 (migrate hosts)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- - name: Setup cell_v2 (migrate instances)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- - name: Sync nova_api DB
- tags: step5
- command: nova-manage api_db sync
- when: is_bootstrap_node
- - name: Online data migration for nova
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Extra migration for nova tripleo/+bug/1656791
+ tags: step0,pre-upgrade
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
+ - name: Stop and disable nova_api service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
+ - name: Create puppet manifest to set transport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ copy:
+ dest: /root/nova-api_upgrade_manifest.pp
+ mode: 0600
+ content: >
+ $transport_url = os_transport_url({
+ 'transport' => hiera('messaging_service_name', 'rabbit'),
+ 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
+ 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
+ 'username' => hiera('nova::rabbit_userid', 'guest'),
+ 'password' => hiera('nova::rabbit_password'),
+ 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
+ })
+ oslo::messaging::default { 'nova_config':
+ transport_url => $transport_url
+ }
+ - name: Run puppet apply to set tranport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+ register: puppet_apply_nova_api_upgrade
+ failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
+ changed_when: puppet_apply_nova_api_upgrade.rc == 2
+ - name: Setup cell_v2 (map cell0)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
+ - name: Setup cell_v2 (create default cell)
+ tags: step5
+ when: is_bootstrap_node
+ # (owalsh) puppet-nova expects the cell name 'default'
+ # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
+ shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
+ register: nova_api_create_cell
+ failed_when: nova_api_create_cell.rc not in [0,2]
+ changed_when: nova_api_create_cell.rc == 0
+ - name: Setup cell_v2 (sync nova/cell DB)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db sync
+ async: {get_param: NovaDbSyncTimeout}
+ poll: 10
+ - name: Setup cell_v2 (get cell uuid)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
+ register: nova_api_cell_uuid
+ - name: Setup cell_v2 (migrate hosts)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
+ - name: Setup cell_v2 (migrate instances)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
+ - name: Sync nova_api DB
+ tags: step5
+ command: nova-manage api_db sync
+ when: is_bootstrap_node
+ - name: Online data migration for nova
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
description: Whether to manage the OpenDaylight repository
type: boolean
default: false
+ OpenDaylightSNATMechanism:
+ description: SNAT mechanism to be used
+ default: 'conntrack'
+ type: string
+ constraints:
+ - allowed_values:
+ - conntrack
+ - controller
outputs:
role_data:
- 6640
- 6653
- 2550
+ - 8185
+ opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
step_config: |
include tripleo::profile::base::neutron::opendaylight
upgrade_tasks:
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
- yaql:
- expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade
- data:
- ovs_upgrade:
- get_attr: [Ovs, role_data, upgrade_tasks]
- opendaylight_upgrade:
- - name: Check if openvswitch is deployed
- command: systemctl is-enabled openvswitch
- tags: common
- ignore_errors: True
- register: openvswitch_enabled
- - name: "PreUpgrade step0,validation: Check service openvswitch is running"
- shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
- when: openvswitch_enabled.rc == 0
- tags: step0,validation
- - name: Stop openvswitch service
- tags: step1
- when: openvswitch_enabled.rc == 0
- service: name=openvswitch state=stopped
+ list_concat:
+ - get_attr: [Ovs, role_data, upgrade_tasks]
+ -
+ - name: Check if openvswitch is deployed
+ command: systemctl is-enabled openvswitch
+ tags: common
+ ignore_errors: True
+ register: openvswitch_enabled
+ - name: "PreUpgrade step0,validation: Check service openvswitch is running"
+ shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
+ when: openvswitch_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop openvswitch service
+ tags: step1
+ when: openvswitch_enabled.rc == 0
+ service: name=openvswitch state=stopped
with_items:
- "{{ovs_list_of_rpms.stdout_lines}}"
tags: step2
- when: "'2.5.0-14' in '{{ovs_version.stdout}}'
+ when: "'2.5.0-14' in ovs_version.stdout|default('')
or
- ovs_packaging_issue|succeeded"
+ ovs_packaging_issue|default(false)|succeeded"
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
- - name: get bootstrap nodeid
- tags: step5
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - block:
- - name: Sync cinder DB
- tags: step5
- command: cinder-manage db sync
- - name: Start cinder_volume service (pacemaker)
- tags: step5
- pacemaker_resource:
- resource: openstack-cinder-volume
- state: enable
- when: bootstrap_node.stdout == ansible_hostname
+ post_upgrade_tasks:
+ - name: Start cinder_volume service (pacemaker)
+ tags: step1
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
+ tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, RedisNetwork]
+ tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379
step_config: |
include ::tripleo::profile::pacemaker::database::redis
+ metadata_settings:
+ get_attr: [RedisBase, role_data, metadata_settings]
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.panko_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- panko_api_upgrade:
- - name: Check if httpd is deployed
- command: systemctl is-enabled httpd
- tags: common
- ignore_errors: True
- register: httpd_enabled
- - name: "PreUpgrade step0,validation: Check if httpd is running"
- shell: >
- /usr/bin/systemctl show 'httpd' --property ActiveState |
- grep '\bactive\b'
- when: httpd_enabled.rc == 0
- tags: step0,validation
- - name: Stop panko-api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: httpd_enabled.rc == 0
- - name: Install openstack-panko-api package if it was not installed
- tags: step3
- yum: name=openstack-panko-api state=latest
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
+ - name: "PreUpgrade step0,validation: Check if httpd is running"
+ shell: >
+ /usr/bin/systemctl show 'httpd' --property ActiveState |
+ grep '\bactive\b'
+ when: httpd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop panko-api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: httpd_enabled.rc == 0
+ - name: Install openstack-panko-api package if it was not installed
+ tags: step3
+ yum: name=openstack-panko-api state=latest
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS}
+ rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
tacker::keystone::authtoken::project_name: 'service'
tacker::keystone::authtoken::user_domain_name: 'Default'
tacker::keystone::authtoken::project_domain_name: 'Default'
+ tacker::keystone::authtoken::password: {get_param: TackerPassword}
tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::debug:
if:
- service_debug_unset
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
zaqar::keystone::auth_websocket::tenant: 'service'
+ zaqar::keystone::trust::password: {get_param: ZaqarPassword}
+ zaqar::keystone::trust::user_domain_name: 'Default'
-
if:
- zaqar_management_store_sqlalchemy
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.zaqar_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- zaqar_upgrade:
- - name: Check if zaqar is deployed
- command: systemctl is-enabled openstack-zaqar
- tags: common
- ignore_errors: True
- register: zaqar_enabled
- - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
- shell: >
- /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
- grep '\bactive\b'
- when: zaqar_enabled.rc == 0
- tags: step0,validation
- - name: Check for zaqar running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
- register: zaqar_apache
- ignore_errors: true
- - name: Stop zaqar service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: zaqar_apache.rc == 0
- - name: Stop and disable zaqar service (pre-upgrade not under httpd)
- tags: step1
- when: zaqar_enabled.rc == 0
- service: name=openstack-zaqar state=stopped enabled=no
- - name: Install openstack-zaqar package if it was disabled
- tags: step3
- yum: name=openstack-zaqar state=latest
- when: zaqar_enabled.rc != 0
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if zaqar is deployed
+ command: systemctl is-enabled openstack-zaqar
+ tags: common
+ ignore_errors: True
+ register: zaqar_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
+ grep '\bactive\b'
+ when: zaqar_enabled.rc == 0
+ tags: step0,validation
+ - name: Check for zaqar running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
+ register: zaqar_apache
+ ignore_errors: true
+ - name: Stop zaqar service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: zaqar_apache.rc == 0
+ - name: Stop and disable zaqar service (pre-upgrade not under httpd)
+ tags: step1
+ when: zaqar_enabled.rc == 0
+ service: name=openstack-zaqar state=stopped enabled=no
+ - name: Install openstack-zaqar package if it was disabled
+ tags: step3
+ yum: name=openstack-zaqar state=latest
+ when: zaqar_enabled.rc != 0
--- /dev/null
+---
+upgrade:
+ - |
+ This adds post_upgrade_tasks, ansible tasks that can be added to any
+ service manifest (currently, pacemaker/cinder-volume for bug 1706951).
+
+ These are similar to the existing upgrade_tasks in their format, however
+ they will be executed *after* the docker/puppet config. So the order is
+ upgrade_tasks, deployment steps (docker/puppet), then post_upgrade_tasks.
+
+ Also like the upgrade_tasks these are serialised and you can use 'tags'
+ with 'step0' to 'step6' (more can be added if needed).
--- /dev/null
+---
+features:
+ - |
+ Configure OpenDaylight SNAT to use conntrack mechanism with OVS and controller
+ based mechanism with OVS-DPDK.
--- /dev/null
+---
+upgrade:
+ - |
+ Containerized services logs can be found under updated paths.
+ Pacemaker-managed resources write logs to `/var/log/pacemaker/bundles/*`.
+ Docker-daemon managed openstack services bind-mount their log files to the
+ `/var/log/containers/<foo>/*` sub-directories. Services running under
+ Apache2 WSGI use the `/var/log/containers/httpd/<foo-api>/*` destinations.
+ Additional tools or commands that log to syslog, end up placing log records
+ into the hosts journalctl and `/var/log/messages`.
+
--- /dev/null
+---
+fixes:
+ - |
+ Fixes missing Keystone authtoken password for Tacker.
--- /dev/null
+---
+fixes:
+ - The "neutron_admin_auth_url" is now properly set using KeystoneInternal
+ rather than using the NeutronAdmin endpoint.
--- /dev/null
+---
+fixes:
+ - |
+ Fixes bug where neutron port status was not updated with OpenDaylight
+ deployments due to firewall blocking the websocket port used to send the
+ update (port 8185).
--- /dev/null
+---
+other:
+ - |
+ Network templates are now rendered with jinja2 based on network_data.yaml.
+ The only required parameter for each network is the name, optional params
+ will populate the defaults in the network template. Network templates
+ will be generated for both IPv4 and IPv6 versions of the networks, setting
+ ipv6: true on the network will generate only IPv6 templates. An example for
+ overriding default IP addresses for IPv6 has been added in
+ environments/network-environment-v6.yaml.
--- /dev/null
+---
+features:
+ - |
+ Add support for Dell EMC Isilon manila driver
--- /dev/null
+---
+fixes:
+ - Disables QoS with OpenDaylight until officially
+ supported.
features:
- Support containerized ovn-controller
- Support containerized OVN Dbs without HA
+ - Support containerized OVN DBs with HA
--- /dev/null
+---
+features:
+ - |
+ Add support for Dell EMC VMAX Iscsi cinder driver
--- /dev/null
+---
+features:
+ - |
+ Add support for Dell EMC VMAX Manila driver
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendDellEMCUnity
+ - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
###############################################################################
- name: Networker
description: |
- Standalone networking role to run Neutron services their own. Includes
+ Standalone networking role to run Neutron agents their own. Includes
Pacemaker integration via PacemakerRemote
networks:
- InternalApi
+ - Tenant
HostnameFormatDefault: '%stackname%-networker-%index%'
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronBgpVpnApi
- - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendDellEMCUnity
+ - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+ -
+ name: ssl/enable-internal-tls
+ title: Enable SSL on OpenStack Internal Endpoints
+ description: |
+ A Heat environment file which can be used to enable TLS for the internal
+ network via certmonger
+ files:
+ puppet/all-nodes-config.yaml:
+ parameters:
+ - EnableInternalTLS
+ puppet/services/nova-base.yaml:
+ parameters:
+ - RabbitClientUseSSL
+ overcloud.yaml:
+ parameters:
+ - ServerMetadata
+ static:
+ - EnableInternalTLS
+ - RabbitClientUseSSL
+ - ServerMetadata
+ sample_values:
+ EnableInternalTLS: True
+ RabbitClientUseSSL: True
+ ServerMetadata: |-2
+
+ ipa_enroll: True
+ resource_registry:
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ # We use apache as a TLS proxy
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
- ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
- ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
- host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
- ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
- ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
- ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
- ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
-openstackdocstheme>=1.11.0 # Apache-2.0
+openstackdocstheme>=1.16.0 # Apache-2.0
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
-OPTIONAL_SECTIONS = ['service_workflow_tasks']
+OPTIONAL_SECTIONS = ['workflow_tasks']
REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
'config_settings', 'step_config']
OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
- 'service_config_settings', 'host_prep_tasks',
- 'metadata_settings', 'kolla_config']
+ 'post_upgrade_tasks', 'service_config_settings',
+ 'host_prep_tasks', 'metadata_settings',
+ 'kolla_config']
REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',
'config_image']
OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
'OVNSouthboundServerPort': ['description'],
'ExternalInterfaceDefaultRoute':
['description', 'default'],
+ 'ManagementInterfaceDefaultRoute':
+ ['description', 'default'],
'IPPool': ['description'],
'SSLCertificate': ['description',
'default',
'ControllerExtraConfig': ['description'],
'NovaComputeExtraConfig': ['description'],
'controllerExtraConfig': ['description'],
- 'DockerSwiftConfigImage': ['default'],
+ 'DockerSwiftConfigImage': ['default']
}
PREFERRED_CAMEL_CASE = {
for line in env_desc.splitlines():
env_file.write(u'# %s\n' % line)
- if parameter_defaults:
+ if parameter_defaults or static_defaults:
env_file.write(u'parameter_defaults:\n')
for name, value in sorted(parameter_defaults.items()):
write_sample_entry(env_file, name, value)