Merge "Map /etc/ssh/ssh_known_hosts to all containers"

diff --git a/ci/environments/multinode-container-upgrade.yaml b/ci/environments/multinode-container-upgrade.yaml
index 8997041..24bb1f4 100644 (file)
--- a/ci/environments/multinode-container-upgrade.yaml
+++ b/ci/environments/multinode-container-upgrade.yaml
@@ -1,7 +1,7 @@
-# NOTE: This is an environment specific for containers upgrade
-# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
-# being containerization of services managed by pacemaker is not
-# complete, so we deploy and upgrade the non-HA services for now.
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
 
 resource_registry:
   OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml

diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..c142922
--- /dev/null
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -0,0 +1,134 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+  OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+  OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
+  OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
+  OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
+  OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
+  OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
+  OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+  OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentIpmi
+    - OS::TripleO::Services::CeilometerAgentNotification
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CephClient
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Tacker
+    - OS::TripleO::Services::Congress
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::SensuClient
+
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  #NOTE(gfidente): not great but we need this to deploy on ext4
+  #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+  ExtraConfig:
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  #NOTE: These ID's and keys should be regenerated for
+  # a production deployment. What is here is suitable for
+  # developer and CI testing only.
+  CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+  CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  NovaEnableRbdBackend: true
+  CinderEnableRbdBackend: true
+  CinderBackupBackend: ceph
+  GlanceBackend: rbd
+  GnocchiBackend: rbd
+  CinderEnableIscsiBackend: false
+  BannerText: |
+    ******************************************************************
+    * This system is for the use of authorized users only. Usage of  *
+    * this system may be monitored and recorded by system personnel. *
+    * Anyone using this system expressly consents to such monitoring *
+    * and is advised that if such monitoring reveals possible        *
+    * evidence of criminal activity, system personnel may provide    *
+    * the evidence from such monitoring to law enforcement officials.*
+    ******************************************************************
+  CollectdExtraPlugins:
+    - rrdtool
+  LoggingServers:
+    - host: 127.0.0.1
+      port: 24224
+  MonitoringRabbitHost: 127.0.0.1
+  MonitoringRabbitPort: 5676
+  MonitoringRabbitPassword: sensu
+  TtyValues:
+    - console
+    - tty1
+    - tty2
+    - tty3
+    - tty4
+    - tty5
+    - tty6

diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..7191dea
--- /dev/null
+++ b/ci/environments/scenario002-multinode-containers.yaml
@@ -0,0 +1,70 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
+  OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+  OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::BarbicanApi
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::Zaqar
+    - OS::TripleO::Services::Ec2Api
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  SwiftCeilometerPipelineEnabled: false

diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..cfb0507
--- /dev/null
+++ b/ci/environments/scenario003-multinode-containers.yaml
@@ -0,0 +1,69 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+  OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
+  OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
+  OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
+  OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::SaharaApi
+    - OS::TripleO::Services::SaharaEngine
+    - OS::TripleO::Services::MistralApi
+    - OS::TripleO::Services::MistralEngine
+    - OS::TripleO::Services::MistralExecutor
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  # we don't deploy Swift so we switch to file backend.
+  GlanceBackend: 'file'
+  KeystoneTokenProvider: 'fernet'
+  SwiftCeilometerPipelineEnabled: false

diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..7a6724d
--- /dev/null
+++ b/ci/environments/scenario004-multinode-containers.yaml
@@ -0,0 +1,92 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
+  OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+  OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+  OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+  OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml
+  OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml
+  OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml
+  OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
+  OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::CephMds
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CephRgw
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronBgpVpnApi
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::ManilaApi
+    - OS::TripleO::Services::ManilaScheduler
+    - OS::TripleO::Services::ManilaBackendCephFs
+    - OS::TripleO::Services::ManilaShare
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  #NOTE(gfidente): not great but we need this to deploy on ext4
+  #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+  ExtraConfig:
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  #NOTE: These ID's and keys should be regenerated for
+  # a production deployment. What is here is suitable for
+  # developer and CI testing only.
+  CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+  CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  SwiftCeilometerPipelineEnabled: false
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'

diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml
new file mode 100644 (file)
index 0000000..a0beaa2
--- /dev/null
+++ b/docker/deploy-steps-playbook.yaml
@@ -0,0 +1,47 @@
+- hosts: localhost
+  connection: local
+  tasks:
+    #####################################################
+    # Per step puppet configuration of the baremetal host
+    #####################################################
+    - name: Write the config_step hieradata
+      copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+    - name: Run puppet host configuration for step {{step}}
+      # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3
+      # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+      puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp
+    ######################################
+    # Generate config via docker-puppet.py
+    ######################################
+    - name: Run docker-puppet tasks (generate config)
+      shell: python /var/lib/docker-puppet/docker-puppet.py
+      environment:
+        NET_HOST: 'true'
+      when: step == "1"
+      changed_when: false
+      check_mode: no
+    ##################################################
+    # Per step starting of the containers using paunch
+    ##################################################
+    - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists
+      stat:
+        path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json
+      register: docker_config_json
+    - name: Start containers for step {{step}}
+      command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+      when: docker_config_json.stat.exists
+      changed_when: false
+      check_mode: no
+    ########################################################
+    # Bootstrap tasks, only performed on bootstrap_server_id
+    ########################################################
+    - name: Run docker-puppet tasks (bootstrap tasks)
+      shell: python /var/lib/docker-puppet/docker-puppet.py
+      environment:
+        CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+        NET_HOST: "true"
+        NO_ARCHIVE: "true"
+        STEP: "{{step}}"
+      when: deploy_server_id == bootstrap_server_id
+      changed_when: false
+      check_mode: no

diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index 86811b8..a56ca02 100644 (file)
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -55,39 +55,18 @@ resources:
               step_{{step}}: {}
 {%- endfor %}
 
-# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
-{% for step in range(1, deploy_steps_max) %}
-
-  {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
+  RoleConfig:
     type: OS::Heat::SoftwareConfig
     properties:
-      group: script
-      config: {get_file: docker-puppet.py}
+      group: ansible
+      options:
+        modulepath: /usr/share/ansible-modules
       inputs:
-        - name: CONFIG
-        - name: NET_HOST
-        - name: NO_ARCHIVE
-        - name: STEP
-
-  {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
-    type: OS::Heat::SoftwareDeployment
-    depends_on:
-      {% for dep in roles %}
-      - {{dep.name}}Deployment_Step{{step}}
-      - {{dep.name}}ContainersDeployment_Step{{step}}
-      {% endfor %}
-    properties:
-      name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}}
-      server: {get_param: [servers, {{primary_role_name}}, '0']}
-      config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
-      input_values:
-        CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
-        NET_HOST: 'true'
-        NO_ARCHIVE: 'true'
-        STEP: {{step}}
-
-{% endfor %}
-# END primary_role_name docker-puppet-tasks
+        - name: step
+        - name: role_name
+        - name: update_identifier
+        - name: bootstrap_server_id
+      config: {get_file: deploy-steps-playbook.yaml}
 
 {% for role in roles %}
   # Post deployment steps for all roles
@@ -122,6 +101,7 @@ resources:
                   docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
                   kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
                   bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+                  puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]}
                 tasks:
                   # Join host_prep_tasks with the other per-host configuration
                   yaql:
@@ -130,9 +110,11 @@ resources:
                       host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
                       template_tasks:
 {%- raw %}
-                        # This is where we stack puppet configuration (for now)...
-                        - name: Create /var/lib/config-data
-                          file: path=/var/lib/config-data state=directory
+                        # Write the manifest for baremetal puppet configuration
+                        - name: Create /var/lib/tripleo-config directory
+                          file: path=/var/lib/tripleo-config state=directory
+                        - name: Write the puppet step_config manifest
+                          copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
                         # This is the docker-puppet configs end in
                         - name: Create /var/lib/docker-puppet
                           file: path=/var/lib/docker-puppet state=directory
@@ -145,13 +127,22 @@ resources:
                         # Here we are dumping all the docker container startup configuration data
                         # so that we can have access to how they are started outside of heat
                         # and docker-cmd.  This lets us create command line tools to test containers.
+                        # FIXME do we need the docker-container-startup-configs.json or is the new per-step
+                        # data consumed by paunch enough?
                         - name: Write docker-container-startup-configs
                           copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
+                        - name: Write per-step docker-container-startup-configs
+                          copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes
+                          with_dict: "{{docker_startup_configs}}"
                         - name: Create /var/lib/kolla/config_files directory
                           file: path=/var/lib/kolla/config_files state=directory
                         - name: Write kolla config json files
                           copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
                           with_dict: "{{kolla_config}}"
+                        - name: Install paunch FIXME remove when packaged
+                          shell: |
+                            yum -y install python-pip
+                            pip install paunch
                         ########################################################
                         # Bootstrap tasks, only performed on bootstrap_server_id
                         ########################################################
@@ -167,24 +158,6 @@ resources:
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}HostPrepConfig}
 
-  {{role.name}}GenerateConfig:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: docker-puppet.py}
-      inputs:
-        - name: NET_HOST
-
-  {{role.name}}GenerateConfigDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment]
-    properties:
-      name: {{role.name}}GenerateConfigDeployment
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}GenerateConfig}
-      input_values:
-        NET_HOST: 'true'
-
   {{role.name}}PuppetStepConfig:
     type: OS::Heat::Value
     properties:
@@ -212,20 +185,16 @@ resources:
             service_names: {get_param: [role_data, {{role.name}}, service_names]}
             docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
 
-  # BEGIN BAREMETAL CONFIG STEPS
+  # BEGIN CONFIG STEPS
 
   {{role.name}}PreConfig:
     type: OS::TripleO::Tasks::{{role.name}}PreConfig
+    depends_on: {{role.name}}HostPrepDeployment
     properties:
       servers: {get_param: [servers, {{role.name}}]}
       input_values:
         update_identifier: {get_param: DeployIdentifier}
 
-  {{role.name}}Config:
-    type: OS::TripleO::{{role.name}}Config
-    properties:
-      StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
-
   {% for step in range(1, deploy_steps_max) %}
 
   {{role.name}}Deployment_Step{{step}}:
@@ -236,64 +205,26 @@ resources:
     depends_on:
       {% for dep in roles %}
       - {{dep.name}}Deployment_Step{{step -1}}
-      - {{dep.name}}ContainersDeployment_Step{{step -1}}
       {% endfor %}
-      - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
   {% endif %}
     properties:
       name: {{role.name}}Deployment_Step{{step}}
       servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}Config}
+      config: {get_resource: RoleConfig}
       input_values:
         step: {{step}}
+        role_name: {{role.name}}
         update_identifier: {get_param: DeployIdentifier}
+        bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
 
   {% endfor %}
-  # END BAREMETAL CONFIG STEPS
-
-  # BEGIN CONTAINER CONFIG STEPS
-  {% for step in range(1, deploy_steps_max) %}
-
-  {{role.name}}ContainersConfig_Step{{step}}:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: docker-cmd
-      config:
-        {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
-
-  {{role.name}}ContainersDeployment_Step{{step}}:
-    type: OS::Heat::StructuredDeploymentGroup
-  {% if step == 1 %}
-    depends_on:
-        {%- for dep in roles %}
-      - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
-        {%- endfor %}
-      - {{role.name}}PreConfig
-      - {{role.name}}HostPrepDeployment
-      - {{role.name}}GenerateConfigDeployment
-  {% else %}
-    depends_on:
-        {% for dep in roles %}
-        - {{dep.name}}ContainersDeployment_Step{{step -1}}
-        - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
-        - {{dep.name}}Deployment_Step{{step -1}}
-        {% endfor %}
-        - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
-  {% endif %}
-    properties:
-      name: {{role.name}}ContainersDeployment_Step{{step}}
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
-
-  {% endfor %}
-  # END CONTAINER CONFIG STEPS
+  # END CONFIG STEPS
 
   {{role.name}}PostConfig:
     type: OS::TripleO::Tasks::{{role.name}}PostConfig
     depends_on:
   {% for dep in roles %}
       - {{dep.name}}Deployment_Step5
-      - {{primary_role_name}}DockerPuppetTasksDeployment5
   {% endfor %}
     properties:
       servers:  {get_param: servers}

diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index 94caded..ba4ba92 100644 (file)
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -110,4 +110,4 @@ outputs:
       upgrade_tasks:
         - name: Stop and disable ceilometer agent central service
           tags: step2
-          service: name=openstack-ceilometer-agent-central state=stopped enabled=no
+          service: name=openstack-ceilometer-central state=stopped enabled=no

diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
index 9033cf4..fe8dc15 100644 (file)
--- a/docker/services/ceilometer-agent-compute.yaml
+++ b/docker/services/ceilometer-agent-compute.yaml
@@ -88,4 +88,4 @@ outputs:
       upgrade_tasks:
         - name: Stop and disable ceilometer-agent-compute service
           tags: step2
-          service: name=openstack-ceilometer-agent-compute state=stopped enabled=no
+          service: name=openstack-ceilometer-compute state=stopped enabled=no

diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
new file mode 100644 (file)
index 0000000..1f8bcfa
--- /dev/null
+++ b/docker/services/haproxy.yaml
@@ -0,0 +1,111 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized HAproxy service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerHAProxyImage:
+    description: image
+    default: 'centos-binary-haproxy:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  HAProxyStatsPassword:
+    description: Password for HAProxy stats endpoint
+    hidden: true
+    type: string
+  HAProxyStatsUser:
+    description: User for HAProxy stats endpoint
+    default: admin
+    type: string
+  HAProxySyslogAddress:
+    default: /dev/log
+    description: Syslog address where HAproxy will send its log
+    type: string
+  RedisPassword:
+    description: The password for Redis
+    type: string
+    hidden: true
+  MonitoringSubscriptionHaproxy:
+    default: 'overcloud-haproxy'
+    type: string
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  HAProxyBase:
+    type: ../../puppet/services/haproxy.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the HAproxy role.
+    value:
+      service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [HAProxyBase, role_data, config_settings]
+          - tripleo::haproxy::haproxy_daemon: false
+      step_config: &step_config
+        get_attr: [HAProxyBase, role_data, step_config]
+      service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: haproxy
+        puppet_tags: haproxy_config
+        step_config: *step_config
+        config_image: &haproxy_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/haproxy.json:
+          command: haproxy -f /etc/haproxy/haproxy.cfg
+      docker_config:
+        step_1:
+          haproxy:
+            image: *haproxy_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/haproxy/etc/:/etc/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      metadata_settings:
+        get_attr: [HAProxyBase, role_data, metadata_settings]

diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index 97901bc..bd5147d 100644 (file)
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -104,3 +104,8 @@ outputs:
           file:
             path: /var/log/containers/neutron
             state: directory
+      upgrade_tasks:
+        - name: Stop and disable neutron_l3 service
+          tags: step2
+          service: name=neutron-l3-agent state=stopped enabled=no
+

diff --git a/environments/docker.yaml b/environments/docker.yaml
index 36e4c39..5b03b08 100644 (file)
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -27,6 +27,7 @@ resource_registry:
   OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
   OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+  OS::TripleO::Services::HAProxy: ../docker/services/haproxy.yaml
   OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
   OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
   OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml

diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml
index 8fc4bf2..6a69914 100644 (file)
--- a/environments/puppet-ceph-devel.yaml
+++ b/environments/puppet-ceph-devel.yaml
@@ -20,5 +20,5 @@ parameter_defaults:
   GlanceBackend: rbd
   GnocchiBackend: rbd
   CinderEnableIscsiBackend: false
-  CephPoolDefaultSite: 1
+  CephPoolDefaultSize: 1
 

diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index d66cbd9..7b6fbb7 100644 (file)
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -426,6 +426,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - volume_extraconfig
           - extraconfig
           - service_names

diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index d4dfa71..8047e3d 100644 (file)
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -431,6 +431,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - ceph_extraconfig
           - extraconfig
           - service_names

diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index ff1f6d2..e453508 100644 (file)
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -437,6 +437,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - compute_extraconfig
           - extraconfig
           - service_names

diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 9bf110d..4c0a70f 100644 (file)
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -486,6 +486,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - controller_extraconfig
           - extraconfig
           - service_configs

diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 2f7056c..5ab6669 100644 (file)
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -414,6 +414,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - object_extraconfig
           - extraconfig
           - service_names

diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 7acf2df..570efb3 100644 (file)
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -450,6 +450,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - {{role.lower()}}_extraconfig
           - extraconfig
           - service_names

diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 331fe9a..0563d08 100644 (file)
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -56,11 +56,18 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  AodhDebug:
+    default: ''
+    description: Set to True to enable debugging Aodh services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Aodh role.
@@ -78,7 +85,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        aodh::debug: {get_param: Debug}
+        aodh::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: AodhDebug }
         aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::rabbit_userid: {get_param: RabbitUserName}
         aodh::rabbit_password: {get_param: RabbitPassword}

diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 53fba63..5133124 100644 (file)
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -38,6 +38,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  BarbicanDebug:
+    default: ''
+    description: Set to True to enable debugging Barbican service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -81,6 +85,9 @@ resources:
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
 
+conditions:
+  service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Barbican API role.
@@ -97,7 +104,11 @@ outputs:
             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
             barbican::api::db_auto_create: false
             barbican::api::enabled_certificate_plugins: ['simple_certificate']
-            barbican::api::logging::debug: {get_param: Debug}
+            barbican::api::logging::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: BarbicanDebug }
             barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
             barbican::api::rabbit_userid: {get_param: RabbitUserName}
             barbican::api::rabbit_password: {get_param: RabbitPassword}

diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index b3e2c3a..1d86369 100644 (file)
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -64,6 +64,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  CeilometerDebug:
+    default: ''
+    description: Set to True to enable debugging Ceilometer services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -100,13 +104,20 @@ parameters:
     type: string
     hidden: true
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Ceilometer role.
     value:
       service_name: ceilometer_base
       config_settings:
-        ceilometer::debug: {get_param: Debug}
+        ceilometer::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CeilometerDebug }
         ceilometer::keystone::authtoken::project_name: 'service'
         ceilometer::keystone::authtoken::user_domain_name: 'Default'
         ceilometer::keystone::authtoken::project_domain_name: 'Default'

diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index 2ba5aa5..f7dfe5e 100644 (file)
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -12,6 +12,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  CinderDebug:
+    default: ''
+    description: Set to True to enable debugging on Cinder services.
+    type: string
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -93,6 +97,9 @@ parameters:
         Cron to move deleted instances to another table - Log destination
     default: '/var/log/cinder/cinder-rowsflush.log'
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CinderDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Cinder base service.
@@ -109,7 +116,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        cinder::debug: {get_param: Debug}
+        cinder::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CinderDebug }
         cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         cinder::rabbit_userid: {get_param: RabbitUserName}
         cinder::rabbit_password: {get_param: RabbitPassword}

diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index 8fbcd99..5bca94d 100644 (file)
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -33,6 +33,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  CongressDebug:
+    default: ''
+    description: Set to True to enable debugging Glance service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -62,6 +66,9 @@ parameters:
     default: {}
     type: json
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CongressDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Congress role.
@@ -79,7 +86,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        congress::debug: {get_param: Debug}
+        congress::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CongressDebug }
         congress::rpc_backend: rabbit
         congress::rabbit_userid: {get_param: RabbitUserName}
         congress::rabbit_password: {get_param: RabbitPassword}

diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 2815174..7812c8e 100644 (file)
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  GlanceDebug:
+    default: ''
+    description: Set to True to enable debugging Glance service.
+    type: string
   GlancePassword:
     description: The password for the glance service and db account, used by the glance services.
     type: string
@@ -59,10 +63,6 @@ parameters:
   CephClientUserName:
     default: openstack
     type: string
-  Debug:
-    default: ''
-    description: Set to True to enable debugging on all services.
-    type: string
   GlanceNotifierStrategy:
     description: Strategy to use for Glance notification queue
     type: string
@@ -128,6 +128,7 @@ parameters:
 conditions:
   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
   glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
+  service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
 
 resources:
 
@@ -170,7 +171,11 @@ outputs:
             glance::api::enable_v2_api: true
             glance::api::authtoken::password: {get_param: GlancePassword}
             glance::api::enable_proxy_headers_parsing: true
-            glance::api::debug: {get_param: Debug}
+            glance::api::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: GlanceDebug }
             glance::policy::policies: {get_param: GlanceApiPolicies}
             tripleo.glance_api.firewall_rules:
               '112 glance_api':

diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 012bd72..f4067ef 100644 (file)
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -31,7 +31,7 @@ parameters:
     description: The short name of the Gnocchi indexer backend to use.
     type: string
   MetricProcessingDelay:
-    default: 60
+    default: 30
     description: Delay between processing metrics.
     type: number
   GnocchiPassword:
@@ -52,6 +52,13 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  GnocchiDebug:
+    default: ''
+    description: Set to True to enable debugging Gnocchi services.
+    type: string
+
+conditions:
+  service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']}
 
 outputs:
   aux_parameters:
@@ -65,7 +72,11 @@ outputs:
       config_settings:
         #Gnocchi engine
         gnocchi_redis_password: {get_param: RedisPassword}
-        gnocchi::debug: {get_param: Debug}
+        gnocchi::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: GnocchiDebug }
         gnocchi::db::database_connection:
           make_url:
             scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}

diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index dfd823d..d89fe46 100644 (file)
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -8,6 +8,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  HeatDebug:
+    default: ''
+    description: Set to True to enable debugging Heat services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -112,6 +116,9 @@ parameters:
     description: Maximum raw byte size of the Heat API JSON request body.
     type: number
 
+conditions:
+  service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
+
 outputs:
   role_data:
     description: Shared role data for the Heat services.
@@ -122,7 +129,11 @@ outputs:
         heat::rabbit_password: {get_param: RabbitPassword}
         heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         heat::rabbit_port: {get_param: RabbitClientPort}
-        heat::debug: {get_param: Debug}
+        heat::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: HeatDebug }
         heat::enable_proxy_headers_parsing: true
         heat::rpc_response_timeout: 600
         # We need this because the default heat policy.json no longer works on TripleO

diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 562afe1..93bced8 100644 (file)
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -14,6 +14,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  HorizonDebug:
+    default: false
+    description: Set to True to enable debugging Horizon service.
+    type: string
   DefaultPasswords:
     default: {}
     type: json
@@ -62,7 +66,7 @@ parameters:
 
 conditions:
 
-  debug_empty: {equals : [{get_param: Debug}, '']}
+  debug_unset: {equals : [{get_param: Debug}, '']}
 
 outputs:
   role_data:
@@ -104,9 +108,9 @@ outputs:
           memcached_ipv6: {get_param: MemcachedIPv6}
         -
           if:
-          - debug_empty
-          - {}
-          - horizon::django_debug: {get_param: Debug}
+          - debug_unset
+          - horizon::django_debug: { get_param: HorizonDebug }
+          - horizon::django_debug: { get_param: Debug }
       step_config: |
         include ::tripleo::profile::base::horizon
       # Ansible tasks to handle upgrade

diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index da48516..41d6ced 100644 (file)
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  IronicDebug:
+    default: ''
+    description: Set to True to enable debugging Ironic services.
+    type: string
   IronicPassword:
     description: The password for the Ironic service and db account, used by the Ironic services
     type: string
@@ -53,6 +57,9 @@ parameters:
         an SSL connection to the RabbitMQ host.
     type: string
 
+conditions:
+  service_debug_unset: {equals : [{get_param: IronicDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Ironic role.
@@ -69,7 +76,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        ironic::debug: {get_param: Debug}
+        ironic::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: IronicDebug }
         ironic::rabbit_userid: {get_param: RabbitUserName}
         ironic::rabbit_password: {get_param: RabbitPassword}
         ironic::rabbit_port: {get_param: RabbitClientPort}

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 7262e47..f3a9cbc 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -63,6 +63,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  KeystoneDebug:
+    default: ''
+    description: Set to True to enable debugging Keystone service.
+    type: string
   AdminEmail:
     default: 'admin@example.com'
     description: The email for the keystone admin account.
@@ -198,6 +202,7 @@ resources:
 conditions:
   keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
   keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
+  service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
 
 outputs:
   role_data:
@@ -242,7 +247,11 @@ outputs:
               '/etc/keystone/fernet-keys/1':
                 content: {get_param: KeystoneFernetKey1}
             keystone::fernet_replace_keys: false
-            keystone::debug: {get_param: Debug}
+            keystone::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: KeystoneDebug }
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
             keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}

diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
index a299fff..d0ee212 100644 (file)
--- a/puppet/services/manila-base.yaml
+++ b/puppet/services/manila-base.yaml
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  ManilaDebug:
+    default: ''
+    description: Set to True to enable debugging Manila services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -53,6 +57,9 @@ parameters:
     type: string
     hidden: true
 
+conditions:
+  service_debug_unset: {equals : [{get_param: ManilaDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Manila Base service.
@@ -63,7 +70,11 @@ outputs:
         manila::rabbit_password: {get_param: RabbitPassword}
         manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         manila::rabbit_port: {get_param: RabbitClientPort}
-        manila::debug: {get_param: Debug}
+        manila::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: ManilaDebug }
         manila::db::database_db_max_retries: -1
         manila::db::database_max_retries: -1
         manila::sql_connection:

diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
index 2e70865..8b3655d 100644 (file)
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@@ -31,6 +31,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  MistralDebug:
+    default: ''
+    description: Set to True to enable debugging Mistral services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -58,6 +62,9 @@ parameters:
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
+
 outputs:
   role_data:
     description: Shared role data for the Mistral services.
@@ -78,7 +85,11 @@ outputs:
         mistral::rabbit_password: {get_param: RabbitPassword}
         mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         mistral::rabbit_port: {get_param: RabbitClientPort}
-        mistral::debug: {get_param: Debug}
+        mistral::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: MistralDebug }
         mistral::keystone_password: {get_param: MistralPassword}
         mistral::keystone_tenant: 'service'
         mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}

diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 57581b5..3c7518b 100644 (file)
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -50,6 +50,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  NeutronDebug:
+    default: ''
+    description: Set to True to enable debugging Neutron services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -90,6 +94,7 @@ parameters:
 
 conditions:
   dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
+  service_debug_unset: {equals : [{get_param: NeutronDebug}, '']}
 
 outputs:
   role_data:
@@ -104,7 +109,11 @@ outputs:
             neutron::rabbit_port: {get_param: RabbitClientPort}
             neutron::core_plugin: {get_param: NeutronCorePlugin}
             neutron::service_plugins: {get_param: NeutronServicePlugins}
-            neutron::debug: {get_param: Debug}
+            neutron::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: NeutronDebug }
             neutron::purge_config: {get_param: EnableConfigPurge}
             neutron::allow_overlapping_ips: true
             neutron::dns_domain: {get_param: NeutronDnsDomain}

diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index ea21af8..ea58493 100644 (file)
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -68,6 +68,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  NovaDebug:
+    default: ''
+    description: Set to True to enable debugging Nova services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -136,6 +140,7 @@ parameters:
 conditions:
 
   compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']}
+  service_debug_unset: {equals : [{get_param: NovaDebug}, '']}
 
 outputs:
   role_data:
@@ -193,7 +198,11 @@ outputs:
               query:
                 read_default_file: /etc/my.cnf.d/tripleo.cnf
                 read_default_group: tripleo
-          nova::debug: {get_param: Debug}
+          nova::debug:
+            if:
+            - service_debug_unset
+            - {get_param: Debug }
+            - {get_param: NovaDebug }
           nova::purge_config: {get_param: EnableConfigPurge}
           nova::network::neutron::neutron_project_name: 'service'
           nova::network::neutron::neutron_username: 'neutron'

diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml
index 19dc5b4..0809b3e 100644 (file)
--- a/puppet/services/octavia-base.yaml
+++ b/puppet/services/octavia-base.yaml
@@ -30,6 +30,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  OctaviaDebug:
+    default: ''
+    description: Set to True to enable debugging Octavia services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -55,13 +59,20 @@ parameters:
     description: Set rabbit subscriber port, change this if using SSL
     type: number
 
+conditions:
+  service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
+
 outputs:
   role_data:
     description: Base role data for Octavia services
     value:
        service_name: octavia_base
        config_settings:
-         octavia::debug: {get_param: Debug}
+         octavia::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: OctaviaDebug }
          octavia::purge_config: {get_param: EnableConfigPurge}
          octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
          octavia::rabbit_userid: {get_param: RabbitUserName}

diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
index 84817bc..a94d4ea 100644 (file)
--- a/puppet/services/panko-base.yaml
+++ b/puppet/services/panko-base.yaml
@@ -34,11 +34,18 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  PankoDebug:
+    default: ''
+    description: Set to True to enable debugging Panko services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Panko role.
@@ -55,7 +62,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        panko::debug: {get_param: Debug}
+        panko::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: PankoDebug }
         panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         panko::keystone::authtoken::project_name: 'service'
         panko::keystone::authtoken::user_domain_name: 'Default'

diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index 1ee6d17..c294e74 100644 (file)
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -52,11 +52,18 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  SaharaDebug:
+    default: ''
+    description: Set to True to enable debugging Sahara services.
+    type: string
   SaharaPlugins:
     default: ["ambari","cdh","mapr","vanilla","spark","storm"]
     description: Sahara enabled plugin list
     type: comma_delimited_list
 
+conditions:
+  service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Sahara base service.
@@ -77,7 +84,11 @@ outputs:
         sahara::rabbit_user: {get_param: RabbitUserName}
         sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         sahara::rabbit_port: {get_param: RabbitClientPort}
-        sahara::debug: {get_param: Debug}
+        sahara::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: SaharaDebug }
         # Remove admin_password when https://review.openstack.org/442619 is merged.
         sahara::admin_password: {get_param: SaharaPassword}
         sahara::use_neutron: true

diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index e121feb..5ced8c3 100644 (file)
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -33,6 +33,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  TackerDebug:
+    default: ''
+    description: Set to True to enable debugging Tacker service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -62,6 +66,9 @@ parameters:
     default: {}
     type: json
 
+conditions:
+  service_debug_unset: {equals : [{get_param: TackerDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Tacker role.
@@ -80,7 +87,11 @@ outputs:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
 
-        tacker::debug: {get_param: Debug}
+        tacker::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: TackerDebug }
         tacker::rpc_backend: rabbit
         tacker::rabbit_userid: {get_param: RabbitUserName}
         tacker::rabbit_password: {get_param: RabbitPassword}

diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 6bc296a..416d86d 100644 (file)
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  ZaqarDebug:
+    default: ''
+    description: Set to True to enable debugging Zaqar service.
+    type: string
   ZaqarPassword:
     description: The password for Zaqar
     type: string
@@ -54,6 +58,7 @@ parameters:
 
 conditions:
   zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
+  service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
 
 resources:
 
@@ -78,7 +83,11 @@ outputs:
             zaqar::keystone::authtoken::project_name: 'service'
             zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-            zaqar::debug: {get_param: Debug}
+            zaqar::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: ZaqarDebug }
             zaqar::server::service_name: 'httpd'
             zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
             zaqar::wsgi::apache::ssl: false

diff --git a/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml
new file mode 100644 (file)
index 0000000..da9af4a
--- /dev/null
+++ b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Allow to configure debug per service.
+    The feature is backward compatible with existing Debug parameter.
+    Adding a new parameter per service, e.g. GlanceDebug. Set to False,
+    it will disable debug for the service, even if Debug is set to True.
+    If Debug is set to False but GlanceDebug is set to True, Glance debug
+    will be enabled.

diff --git a/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml
new file mode 100644 (file)
index 0000000..d74e3a1
--- /dev/null
+++ b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - Update the default metric processing delay to 30. This will help reduce
+    the metric backlog and wont load up the storage backend.

diff --git a/test-requirements.txt b/test-requirements.txt
index c30101f..76f03d7 100644 (file)
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6,4 +6,4 @@ Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
 six>=1.9.0 # MIT
 sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-reno>=1.8.0 # Apache-2.0
+reno!=2.3.1,>=1.8.0 # Apache-2.0