Merge "Containerize Horizon"
authorJenkins <jenkins@review.openstack.org>
Thu, 8 Jun 2017 20:30:50 +0000 (20:30 +0000)
committerGerrit Code Review <review@openstack.org>
Thu, 8 Jun 2017 20:30:50 +0000 (20:30 +0000)
436 files changed:
README.rst
all-nodes-validation.yaml
bootstrap-config.yaml
capabilities-map.yaml
ci/common/net-config-multinode-os-net-config.yaml
ci/common/net-config-multinode.yaml
ci/environments/multinode-container-upgrade.yaml
ci/environments/multinode-containers.yaml [new file with mode: 0644]
ci/environments/multinode-core.yaml
ci/environments/scenario001-multinode-containers.yaml [new file with mode: 0644]
ci/environments/scenario001-multinode.yaml
ci/environments/scenario002-multinode-containers.yaml [new file with mode: 0644]
ci/environments/scenario002-multinode.yaml
ci/environments/scenario003-multinode-containers.yaml [new file with mode: 0644]
ci/environments/scenario004-multinode-containers.yaml [new file with mode: 0644]
ci/environments/scenario004-multinode.yaml
ci/pingtests/scenario001-multinode.yaml
ci/pingtests/scenario002-multinode.yaml
ci/pingtests/scenario003-multinode.yaml
ci/pingtests/scenario004-multinode.yaml
ci/pingtests/tenantvm_floatingip.yaml
default_passwords.yaml
deployed-server/ctlplane-port.yaml
deployed-server/deployed-neutron-port.yaml
deployed-server/deployed-server-bootstrap-centos.yaml
deployed-server/deployed-server-bootstrap-rhel.yaml
deployed-server/deployed-server.yaml
docker/create-config-dir.sh [deleted file]
docker/deploy-steps-playbook.yaml [new file with mode: 0644]
docker/docker-puppet.py
docker/docker-steps.j2
docker/firstboot/setup_docker_host.yaml
docker/services/aodh-api.yaml
docker/services/ceilometer-agent-central.yaml
docker/services/ceilometer-agent-compute.yaml
docker/services/containers-common.yaml
docker/services/database/mongodb.yaml
docker/services/database/mysql.yaml
docker/services/database/redis.yaml
docker/services/etcd.yaml
docker/services/glance-api.yaml
docker/services/gnocchi-api.yaml
docker/services/haproxy.yaml [new file with mode: 0644]
docker/services/heat-api-cfn.yaml
docker/services/heat-api.yaml
docker/services/heat-engine.yaml
docker/services/ironic-api.yaml
docker/services/keystone.yaml
docker/services/mistral-api.yaml
docker/services/neutron-api.yaml
docker/services/neutron-l3.yaml
docker/services/neutron-metadata.yaml [new file with mode: 0644]
docker/services/neutron-plugin-ml2.yaml
docker/services/nova-api.yaml
docker/services/nova-libvirt.yaml
docker/services/nova-metadata.yaml
docker/services/pacemaker/clustercheck.yaml [new file with mode: 0644]
docker/services/pacemaker/database/mysql.yaml [new file with mode: 0644]
docker/services/pacemaker/database/redis.yaml [new file with mode: 0644]
docker/services/pacemaker/haproxy.yaml [new file with mode: 0644]
docker/services/pacemaker/rabbitmq.yaml [new file with mode: 0644]
docker/services/panko-api.yaml
docker/services/services.yaml
docker/services/swift-proxy.yaml
docker/services/swift-ringbuilder.yaml
environments/cinder-dellsc-config.yaml
environments/contrail/contrail-nic-config-compute.yaml
environments/disable-telemetry.yaml [new file with mode: 0644]
environments/docker-services-tls-everywhere.yaml
environments/docker.yaml
environments/hyperconverged-ceph.yaml
environments/low-memory-usage.yaml
environments/neutron-bgpvpn-opendaylight.yaml [new file with mode: 0644]
environments/neutron-l2gw-opendaylight.yaml [new file with mode: 0644]
environments/neutron-l2gw.yaml [moved from environments/neutron-l2gw-api.yaml with 54% similarity]
environments/neutron-linuxbridge.yaml [new file with mode: 0644]
environments/neutron-ovs-dpdk.yaml
environments/puppet-ceph-devel.yaml
environments/services-docker/zaqar.yaml
environments/services/ceilometer-collector.yaml
environments/services/ironic.yaml
environments/services/zaqar.yaml
environments/tls-endpoints-public-dns.yaml
environments/tls-endpoints-public-ip.yaml
environments/tls-everywhere-endpoints-dns.yaml
extraconfig/all_nodes/mac_hostname.j2.yaml
extraconfig/all_nodes/random_string.j2.yaml
extraconfig/all_nodes/swap-partition.j2.yaml
extraconfig/all_nodes/swap.j2.yaml
extraconfig/nova_metadata/krb-service-principals.yaml
extraconfig/post_deploy/default.yaml
extraconfig/post_deploy/example.yaml
extraconfig/post_deploy/example_run_on_update.yaml
extraconfig/post_deploy/undercloud_post.sh
extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
extraconfig/pre_network/config_then_reboot.yaml
extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
extraconfig/tasks/post_puppet_pacemaker.j2.yaml
extraconfig/tasks/post_puppet_pacemaker_restart.yaml
extraconfig/tasks/pre_puppet_pacemaker.yaml
extraconfig/tasks/ssh/host_public_key.yaml
extraconfig/tasks/ssh/known_hosts_config.yaml
extraconfig/tasks/yum_update.yaml
extraconfig/tasks/yum_update_noop.yaml
firstboot/install_vrouter_kmod.yaml
firstboot/os-net-config-mappings.yaml
firstboot/userdata_default.yaml
firstboot/userdata_dev_rsync.yaml
firstboot/userdata_example.yaml
firstboot/userdata_heat_admin.yaml
firstboot/userdata_root_password.yaml
hosts-config.yaml
net-config-bond.yaml
net-config-bridge.yaml
net-config-linux-bridge.yaml
net-config-noop.yaml
net-config-static-bridge-with-external-dhcp.yaml
net-config-static-bridge.yaml
net-config-static.yaml
net-config-undercloud.yaml
network/config/bond-with-vlans/ceph-storage.yaml
network/config/bond-with-vlans/cinder-storage.yaml
network/config/bond-with-vlans/compute-dpdk.yaml
network/config/bond-with-vlans/compute.yaml
network/config/bond-with-vlans/controller-no-external.yaml
network/config/bond-with-vlans/controller-v6.yaml
network/config/bond-with-vlans/controller.yaml
network/config/bond-with-vlans/swift-storage.yaml
network/config/multiple-nics/ceph-storage.yaml
network/config/multiple-nics/cinder-storage.yaml
network/config/multiple-nics/compute-dvr.yaml
network/config/multiple-nics/compute.yaml
network/config/multiple-nics/controller-v6.yaml
network/config/multiple-nics/controller.yaml
network/config/multiple-nics/swift-storage.yaml
network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
network/config/single-nic-linux-bridge-vlans/compute.yaml
network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
network/config/single-nic-linux-bridge-vlans/controller.yaml
network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
network/config/single-nic-vlans/ceph-storage.yaml
network/config/single-nic-vlans/cinder-storage.yaml
network/config/single-nic-vlans/compute.yaml
network/config/single-nic-vlans/controller-no-external.yaml
network/config/single-nic-vlans/controller-v6.yaml
network/config/single-nic-vlans/controller.yaml
network/config/single-nic-vlans/swift-storage.yaml
network/endpoints/build_endpoint_map.py
network/endpoints/endpoint_data.yaml
network/endpoints/endpoint_map.yaml
network/external.yaml
network/external_v6.yaml
network/internal_api.yaml
network/internal_api_v6.yaml
network/management.yaml
network/management_v6.yaml
network/networks.j2.yaml
network/ports/ctlplane_vip.yaml
network/ports/external.yaml
network/ports/external_from_pool.yaml
network/ports/external_from_pool_v6.yaml
network/ports/external_v6.yaml
network/ports/from_service.yaml
network/ports/from_service_v6.yaml
network/ports/internal_api.yaml
network/ports/internal_api_from_pool.yaml
network/ports/internal_api_from_pool_v6.yaml
network/ports/internal_api_v6.yaml
network/ports/management.yaml
network/ports/management_from_pool.yaml
network/ports/management_from_pool_v6.yaml
network/ports/management_v6.yaml
network/ports/net_ip_list_map.yaml
network/ports/net_ip_map.yaml
network/ports/net_vip_map_external.yaml
network/ports/net_vip_map_external_v6.yaml
network/ports/noop.yaml
network/ports/storage.yaml
network/ports/storage_from_pool.yaml
network/ports/storage_from_pool_v6.yaml
network/ports/storage_mgmt.yaml
network/ports/storage_mgmt_from_pool.yaml
network/ports/storage_mgmt_from_pool_v6.yaml
network/ports/storage_mgmt_v6.yaml
network/ports/storage_v6.yaml
network/ports/tenant.yaml
network/ports/tenant_from_pool.yaml
network/ports/tenant_from_pool_v6.yaml
network/ports/tenant_v6.yaml
network/ports/vip.yaml
network/ports/vip_v6.yaml
network/service_net_map.j2.yaml
network/storage.yaml
network/storage_mgmt.yaml
network/storage_mgmt_v6.yaml
network/storage_v6.yaml
network/tenant.yaml
network/tenant_v6.yaml
overcloud-resource-registry-puppet.j2.yaml
overcloud.j2.yaml
puppet/all-nodes-config.yaml
puppet/blockstorage-role.yaml
puppet/cephstorage-role.yaml
puppet/compute-role.yaml
puppet/config.role.j2.yaml
puppet/controller-role.yaml
puppet/deploy-artifacts.yaml
puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
puppet/extraconfig/pre_deploy/controller/multiple.yaml
puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
puppet/extraconfig/pre_deploy/default.yaml
puppet/extraconfig/pre_deploy/per_node.yaml
puppet/extraconfig/tls/ca-inject.yaml
puppet/extraconfig/tls/freeipa-enroll.yaml
puppet/extraconfig/tls/tls-cert-inject.yaml
puppet/major_upgrade_steps.j2.yaml
puppet/objectstorage-role.yaml
puppet/post-upgrade.j2.yaml
puppet/post.j2.yaml
puppet/role.role.j2.yaml
puppet/services/aodh-api.yaml
puppet/services/aodh-base.yaml
puppet/services/aodh-evaluator.yaml
puppet/services/aodh-listener.yaml
puppet/services/aodh-notifier.yaml
puppet/services/apache.yaml
puppet/services/auditd.yaml
puppet/services/barbican-api.yaml
puppet/services/ca-certs.yaml
puppet/services/ceilometer-agent-central.yaml
puppet/services/ceilometer-agent-compute.yaml
puppet/services/ceilometer-agent-ipmi.yaml
puppet/services/ceilometer-agent-notification.yaml
puppet/services/ceilometer-api.yaml
puppet/services/ceilometer-base.yaml
puppet/services/ceilometer-expirer.yaml
puppet/services/ceph-base.yaml
puppet/services/ceph-client.yaml
puppet/services/ceph-external.yaml
puppet/services/ceph-mds.yaml
puppet/services/ceph-mon.yaml
puppet/services/ceph-osd.yaml
puppet/services/ceph-rgw.yaml
puppet/services/certmonger-user.yaml
puppet/services/cinder-api.yaml
puppet/services/cinder-backend-dellps.yaml
puppet/services/cinder-backend-dellsc.yaml
puppet/services/cinder-backend-netapp.yaml
puppet/services/cinder-backend-pure.yaml
puppet/services/cinder-backend-scaleio.yaml
puppet/services/cinder-backup.yaml
puppet/services/cinder-base.yaml
puppet/services/cinder-hpelefthand-iscsi.yaml
puppet/services/cinder-scheduler.yaml
puppet/services/cinder-volume.yaml
puppet/services/congress.yaml
puppet/services/database/mongodb-base.yaml
puppet/services/database/mongodb.yaml
puppet/services/database/mysql-client.yaml
puppet/services/database/mysql.yaml
puppet/services/database/redis-base.yaml
puppet/services/database/redis.yaml
puppet/services/disabled/ceilometer-collector-disabled.yaml [moved from puppet/services/disabled/ceilometer-collector.yaml with 95% similarity]
puppet/services/disabled/ceilometer-expirer-disabled.yaml [moved from puppet/services/disabled/ceilometer-expirer.yaml with 77% similarity]
puppet/services/disabled/glance-registry-disabled.yaml [moved from puppet/services/disabled/glance-registry.yaml with 93% similarity]
puppet/services/disabled/mongodb-disabled.yaml [new file with mode: 0644]
puppet/services/docker.yaml
puppet/services/etcd.yaml
puppet/services/external-swift-proxy.yaml
puppet/services/glance-api.yaml
puppet/services/gnocchi-api.yaml
puppet/services/gnocchi-base.yaml
puppet/services/gnocchi-metricd.yaml
puppet/services/gnocchi-statsd.yaml
puppet/services/haproxy-internal-tls-certmonger.yaml
puppet/services/haproxy-public-tls-certmonger.yaml
puppet/services/heat-api-cfn.yaml
puppet/services/heat-api-cloudwatch.yaml
puppet/services/heat-api.yaml
puppet/services/heat-base.yaml
puppet/services/horizon.yaml
puppet/services/ironic-api.yaml
puppet/services/ironic-base.yaml
puppet/services/ironic-conductor.yaml
puppet/services/keepalived.yaml
puppet/services/kernel.yaml
puppet/services/keystone.yaml
puppet/services/logging/fluentd-base.yaml
puppet/services/logging/fluentd-client.yaml
puppet/services/logging/fluentd-config.yaml
puppet/services/manila-api.yaml
puppet/services/manila-backend-cephfs.yaml
puppet/services/manila-backend-generic.yaml
puppet/services/manila-backend-netapp.yaml
puppet/services/manila-base.yaml
puppet/services/manila-scheduler.yaml
puppet/services/manila-share.yaml
puppet/services/memcached.yaml
puppet/services/metrics/collectd.yaml
puppet/services/mistral-api.yaml
puppet/services/mistral-base.yaml
puppet/services/mistral-engine.yaml
puppet/services/mistral-executor.yaml
puppet/services/monitoring/sensu-base.yaml
puppet/services/monitoring/sensu-client.yaml
puppet/services/network/contrail-analytics-database.yaml
puppet/services/network/contrail-analytics.yaml
puppet/services/network/contrail-base.yaml
puppet/services/network/contrail-config.yaml
puppet/services/network/contrail-control.yaml
puppet/services/network/contrail-database.yaml
puppet/services/network/contrail-heat.yaml
puppet/services/network/contrail-neutron-plugin.yaml
puppet/services/network/contrail-provision.yaml
puppet/services/network/contrail-tsn.yaml
puppet/services/network/contrail-vrouter.yaml
puppet/services/network/contrail-webui.yaml
puppet/services/neutron-api.yaml
puppet/services/neutron-base.yaml
puppet/services/neutron-bgpvpn-api.yaml
puppet/services/neutron-bigswitch-agent.yaml
puppet/services/neutron-compute-plugin-midonet.yaml
puppet/services/neutron-compute-plugin-nuage.yaml
puppet/services/neutron-compute-plugin-ovn.yaml
puppet/services/neutron-compute-plugin-plumgrid.yaml
puppet/services/neutron-dhcp.yaml
puppet/services/neutron-l2gw-agent.yaml [new file with mode: 0644]
puppet/services/neutron-l2gw-api.yaml
puppet/services/neutron-l3-compute-dvr.yaml
puppet/services/neutron-l3.yaml
puppet/services/neutron-linuxbridge-agent.yaml [new file with mode: 0644]
puppet/services/neutron-metadata.yaml
puppet/services/neutron-midonet.yaml
puppet/services/neutron-ovs-agent.yaml
puppet/services/neutron-ovs-dpdk-agent.yaml
puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml
puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml
puppet/services/neutron-plugin-ml2-odl.yaml
puppet/services/neutron-plugin-ml2-ovn.yaml
puppet/services/neutron-plugin-ml2.yaml
puppet/services/neutron-plugin-nsx.yaml
puppet/services/neutron-plugin-nuage.yaml
puppet/services/neutron-sriov-agent.yaml
puppet/services/neutron-vpp-agent.yaml
puppet/services/nova-api.yaml
puppet/services/nova-base.yaml
puppet/services/nova-compute.yaml
puppet/services/nova-conductor.yaml
puppet/services/nova-consoleauth.yaml
puppet/services/nova-ironic.yaml
puppet/services/nova-libvirt.yaml
puppet/services/nova-metadata.yaml
puppet/services/nova-placement.yaml
puppet/services/nova-scheduler.yaml
puppet/services/nova-vnc-proxy.yaml
puppet/services/octavia-base.yaml
puppet/services/octavia-health-manager.yaml
puppet/services/octavia-housekeeping.yaml
puppet/services/octavia-worker.yaml
puppet/services/opendaylight-api.yaml
puppet/services/opendaylight-ovs.yaml
puppet/services/openvswitch-upgrade.yaml
puppet/services/ovn-dbs.yaml
puppet/services/pacemaker.yaml
puppet/services/pacemaker/ceph-rbdmirror.yaml
puppet/services/pacemaker/cinder-backup.yaml
puppet/services/pacemaker/cinder-volume.yaml
puppet/services/pacemaker/database/mysql.yaml
puppet/services/pacemaker/database/redis.yaml
puppet/services/pacemaker/haproxy.yaml
puppet/services/pacemaker/manila-share.yaml
puppet/services/pacemaker/rabbitmq.yaml
puppet/services/pacemaker_remote.yaml
puppet/services/panko-api.yaml
puppet/services/panko-base.yaml
puppet/services/qdr.yaml
puppet/services/rabbitmq.yaml
puppet/services/sahara-api.yaml
puppet/services/sahara-base.yaml
puppet/services/sahara-engine.yaml
puppet/services/securetty.yaml
puppet/services/services.yaml
puppet/services/snmp.yaml
puppet/services/sshd.yaml
puppet/services/swift-base.yaml
puppet/services/swift-proxy.yaml
puppet/services/swift-ringbuilder.yaml
puppet/services/swift-storage.yaml
puppet/services/tacker.yaml
puppet/services/time/ntp.yaml
puppet/services/time/timezone.yaml
puppet/services/tripleo-firewall.yaml
puppet/services/tripleo-packages.yaml
puppet/services/vpp.yaml
puppet/services/zaqar.yaml
puppet/upgrade_config.yaml
releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml [new file with mode: 0644]
releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml [new file with mode: 0644]
releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml [new file with mode: 0644]
releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml [new file with mode: 0644]
releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml [new file with mode: 0644]
releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml [new file with mode: 0644]
releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml [new file with mode: 0644]
releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml [new file with mode: 0644]
releasenotes/notes/example-roles-d27c748090f6a154.yaml [new file with mode: 0644]
releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml [new file with mode: 0644]
releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml [new file with mode: 0644]
releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml [new file with mode: 0644]
releasenotes/notes/redfish-9203af1f7bf02bc5.yaml [new file with mode: 0644]
releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml [new file with mode: 0644]
releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml [new file with mode: 0644]
releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml [new file with mode: 0644]
releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml [new file with mode: 0644]
releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml [new file with mode: 0644]
releasenotes/source/conf.py
roles/BlockStorage.yaml [new file with mode: 0644]
roles/CephStorage.yaml [new file with mode: 0644]
roles/Compute.yaml [new file with mode: 0644]
roles/Controller.yaml [new file with mode: 0644]
roles/ControllerOpenstack.yaml [new file with mode: 0644]
roles/Database.yaml [new file with mode: 0644]
roles/Messaging.yaml [new file with mode: 0644]
roles/Networker.yaml [new file with mode: 0644]
roles/ObjectStorage.yaml [new file with mode: 0644]
roles/README.rst [new file with mode: 0644]
roles/Telemetry.yaml [new file with mode: 0644]
roles/Undercloud.yaml [new file with mode: 0644]
roles_data.yaml
roles_data_undercloud.yaml
test-requirements.txt
tox.ini

index 4eed715..988a0d8 100644 (file)
@@ -54,6 +54,9 @@ A description of the directory layout in TripleO Heat Templates.
  * validation-scripts: validation scripts useful to all deployment
                        configurations
 
+ * roles: example roles that can be used with the tripleoclient to generate
+          a roles_data.yaml for a deployment See the
+          `roles/README.rst <roles/README.rst>`_ for additional details.
 
 Service testing matrix
 ----------------------
@@ -78,6 +81,8 @@ and should be executed according to the following table:
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | neutron-bgpvpn |             |             |             |      X      |                 |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
+| neutron-l2gw   |             |             |             |      X      |                 |
++----------------+-------------+-------------+-------------+-------------+-----------------+
 | rabbitmq       |      X      |      X      |      X      |      X      |        X        |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | mongodb        |      X      |      X      |             |             |                 |
index 11a5b37..52cd6ac 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive validations that occur on all nodes.
index a3fdee9..8e8a2a7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Bootstrap Config'
 
 parameters:
index 9afe1cd..1fe7790 100644 (file)
@@ -369,7 +369,7 @@ topics:
               - overcloud-resource-registry-puppet.yaml
           - file: environments/neutron-l2gw.yaml
             title: Neutron L2 gateway Service Plugin
-            description: Enables Neutron L2 gateway Service Plugin
+            description: Enables Neutron L2 gateway Service Plugin and Agent
             requires:
               - overcloud-resource-registry-puppet.yaml
 
index 8c50b64..6f4542b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config for a simple bridge configured
index dc31235..f7e250e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config for a simple bridge configured
index 8997041..24bb1f4 100644 (file)
@@ -1,7 +1,7 @@
-# NOTE: This is an environment specific for containers upgrade
-# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
-# being containerization of services managed by pacemaker is not
-# complete, so we deploy and upgrade the non-HA services for now.
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
 
 resource_registry:
   OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml
new file mode 100644 (file)
index 0000000..8997041
--- /dev/null
@@ -0,0 +1,70 @@
+# NOTE: This is an environment specific for containers upgrade
+# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
+# being containerization of services managed by pacemaker is not
+# complete, so we deploy and upgrade the non-HA services for now.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+    # Required for Centos 7.3 and Qemu 2.6.0
+    nova::compute::libvirt::libvirt_cpu_mode: 'none'
+    #NOTE(gfidente): not great but we need this to deploy on ext4
+    #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  SwiftCeilometerPipelineEnabled: False
+  Debug: True
index 0c07a1b..b5316f1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Core Service
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..c142922
--- /dev/null
@@ -0,0 +1,134 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+  OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+  OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
+  OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
+  OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
+  OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
+  OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
+  OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+  OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentIpmi
+    - OS::TripleO::Services::CeilometerAgentNotification
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CephClient
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Tacker
+    - OS::TripleO::Services::Congress
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::SensuClient
+
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  #NOTE(gfidente): not great but we need this to deploy on ext4
+  #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+  ExtraConfig:
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  #NOTE: These ID's and keys should be regenerated for
+  # a production deployment. What is here is suitable for
+  # developer and CI testing only.
+  CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+  CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  NovaEnableRbdBackend: true
+  CinderEnableRbdBackend: true
+  CinderBackupBackend: ceph
+  GlanceBackend: rbd
+  GnocchiBackend: rbd
+  CinderEnableIscsiBackend: false
+  BannerText: |
+    ******************************************************************
+    * This system is for the use of authorized users only. Usage of  *
+    * this system may be monitored and recorded by system personnel. *
+    * Anyone using this system expressly consents to such monitoring *
+    * and is advised that if such monitoring reveals possible        *
+    * evidence of criminal activity, system personnel may provide    *
+    * the evidence from such monitoring to law enforcement officials.*
+    ******************************************************************
+  CollectdExtraPlugins:
+    - rrdtool
+  LoggingServers:
+    - host: 127.0.0.1
+      port: 24224
+  MonitoringRabbitHost: 127.0.0.1
+  MonitoringRabbitPort: 5676
+  MonitoringRabbitPassword: sensu
+  TtyValues:
+    - console
+    - tty1
+    - tty2
+    - tty3
+    - tty4
+    - tty5
+    - tty6
index 437d7c3..ad4fa10 100644 (file)
@@ -101,6 +101,7 @@ parameter_defaults:
   CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
   CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephPoolDefaultSize: 1
   NovaEnableRbdBackend: true
   CinderEnableRbdBackend: true
   CinderBackupBackend: ceph
diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..7191dea
--- /dev/null
@@ -0,0 +1,70 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
+  OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+  OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::BarbicanApi
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::Zaqar
+    - OS::TripleO::Services::Ec2Api
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  SwiftCeilometerPipelineEnabled: false
index e3ecf74..ed0f7e2 100644 (file)
@@ -8,6 +8,7 @@ resource_registry:
   OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
   OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
   OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
   OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
   OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..cfb0507
--- /dev/null
@@ -0,0 +1,69 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+  OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
+  OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
+  OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
+  OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::SaharaApi
+    - OS::TripleO::Services::SaharaEngine
+    - OS::TripleO::Services::MistralApi
+    - OS::TripleO::Services::MistralEngine
+    - OS::TripleO::Services::MistralExecutor
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  # we don't deploy Swift so we switch to file backend.
+  GlanceBackend: 'file'
+  KeystoneTokenProvider: 'fernet'
+  SwiftCeilometerPipelineEnabled: false
diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml
new file mode 100644 (file)
index 0000000..7a6724d
--- /dev/null
@@ -0,0 +1,92 @@
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
+  OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+  OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+  OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+  OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml
+  OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml
+  OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml
+  OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
+  OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::CephMds
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CephRgw
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronBgpVpnApi
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::ManilaApi
+    - OS::TripleO::Services::ManilaScheduler
+    - OS::TripleO::Services::ManilaBackendCephFs
+    - OS::TripleO::Services::ManilaShare
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+  Debug: true
+  #NOTE(gfidente): not great but we need this to deploy on ext4
+  #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+  ExtraConfig:
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  #NOTE: These ID's and keys should be regenerated for
+  # a production deployment. What is here is suitable for
+  # developer and CI testing only.
+  CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+  CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  SwiftCeilometerPipelineEnabled: false
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
index 24fb2bf..e473d0b 100644 (file)
@@ -13,6 +13,8 @@ resource_registry:
   OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml
   OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
   OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+  OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
   # These enable Pacemaker
   OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
@@ -44,6 +46,8 @@ parameter_defaults:
     - OS::TripleO::Services::NeutronBgpVpnApi
     - OS::TripleO::Services::NeutronDhcpAgent
     - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronL2gwApi
+    - OS::TripleO::Services::NeutronL2gwAgent
     - OS::TripleO::Services::NeutronMetadataAgent
     - OS::TripleO::Services::NeutronServer
     - OS::TripleO::Services::NeutronCorePlugin
@@ -86,6 +90,8 @@ parameter_defaults:
   CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
   CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephPoolDefaultSize: 1
   SwiftCeilometerPipelineEnabled: false
-  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
   BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+  L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
index af8f47a..141a389 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario001.
index da1ae60..72aac4c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario002.
index c3ceada..7685cfa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario003.
index 8681bba..8ba60e2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario004.
@@ -128,6 +128,8 @@ resources:
   manila_share:
     type: OS::Manila::Share
     properties:
+      name: pingtest
+      share_type: { get_resource: manila_share_type }
       share_protocol: CEPHFS
       size: 1
 
index b910d6c..28b0911 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This template resides in tripleo-ci for Mitaka CI jobs only.
index c85881e..04828d9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Passwords we manage at the top level
 
index 7b5cdf1..8cd22ca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   network:
index bddf8bc..861ee91 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: "
   A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on
index c1740d7..5b26823 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: 'Deployed Server Bootstrap Config'
 
index 2d2f515..a901851 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: 'Deployed Server Bootstrap Config'
 
index afdb5d0..0847bfb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 parameters:
   image:
     type: string
diff --git a/docker/create-config-dir.sh b/docker/create-config-dir.sh
deleted file mode 100644 (file)
index 1be1a56..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# This is where we stack puppet configuration (for now)...
-mkdir -p /var/lib/config-data
-
-# This is the docker-puppet configs end in
-mkdir -p /var/lib/docker-puppet
diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml
new file mode 100644 (file)
index 0000000..a0beaa2
--- /dev/null
@@ -0,0 +1,47 @@
+- hosts: localhost
+  connection: local
+  tasks:
+    #####################################################
+    # Per step puppet configuration of the baremetal host
+    #####################################################
+    - name: Write the config_step hieradata
+      copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+    - name: Run puppet host configuration for step {{step}}
+      # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3
+      # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+      puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp
+    ######################################
+    # Generate config via docker-puppet.py
+    ######################################
+    - name: Run docker-puppet tasks (generate config)
+      shell: python /var/lib/docker-puppet/docker-puppet.py
+      environment:
+        NET_HOST: 'true'
+      when: step == "1"
+      changed_when: false
+      check_mode: no
+    ##################################################
+    # Per step starting of the containers using paunch
+    ##################################################
+    - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists
+      stat:
+        path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json
+      register: docker_config_json
+    - name: Start containers for step {{step}}
+      command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+      when: docker_config_json.stat.exists
+      changed_when: false
+      check_mode: no
+    ########################################################
+    # Bootstrap tasks, only performed on bootstrap_server_id
+    ########################################################
+    - name: Run docker-puppet tasks (bootstrap tasks)
+      shell: python /var/lib/docker-puppet/docker-puppet.py
+      environment:
+        CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+        NET_HOST: "true"
+        NO_ARCHIVE: "true"
+        STEP: "{{step}}"
+      when: deploy_server_id == bootstrap_server_id
+      changed_when: false
+      check_mode: no
index f1594d2..d9d0c25 100755 (executable)
@@ -176,6 +176,10 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
             mkdir -p /var/lib/config-data/${NAME}/etc
             cp -a /etc/* /var/lib/config-data/${NAME}/etc/
 
+            # workaround LP1696283
+            mkdir -p /var/lib/config-data/${NAME}/etc/ssh
+            touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts
+
             if [ -d /root/ ]; then
               cp -a /root/ /var/lib/config-data/${NAME}/root/
             fi
@@ -253,7 +257,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
             log.debug(cmd_stderr)
         if subproc.returncode != 0:
             log.error('Failed running docker-puppet.py for %s' % config_volume)
-        rm_container('docker-puppet-%s' % config_volume)
+        else:
+            # only delete successful runs, for debugging
+            rm_container('docker-puppet-%s' % config_volume)
         return subproc.returncode
 
 # Holds all the information for each process to consume.
index 1d5605b..a56ca02 100644 (file)
@@ -11,7 +11,7 @@
 # primary role is: {{primary_role_name}}
 {% set deploy_steps_max = 6 -%}
 
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-deploy configuration steps via puppet for all roles,
@@ -55,54 +55,18 @@ resources:
               step_{{step}}: {}
 {%- endfor %}
 
-# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
-{% for step in range(1, deploy_steps_max) %}
-
-  {{primary_role_name}}DockerPuppetJsonConfig{{step}}:
-      type: OS::Heat::StructuredConfig
-      properties:
-        group: json-file
-        config:
-          /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json:
-            {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']}
-
-  {{primary_role_name}}DockerPuppetJsonDeployment{{step}}:
-    type: OS::Heat::SoftwareDeployment
-    properties:
-      server: {get_param: [servers, {{primary_role_name}}, '0']}
-      config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}}
-
-  {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
+  RoleConfig:
     type: OS::Heat::SoftwareConfig
     properties:
-      group: script
-      config: {get_file: docker-puppet.py}
+      group: ansible
+      options:
+        modulepath: /usr/share/ansible-modules
       inputs:
-        - name: CONFIG
-        - name: NET_HOST
-        - name: NO_ARCHIVE
-        - name: STEP
-
-  {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
-    type: OS::Heat::SoftwareDeployment
-    depends_on:
-      {% for dep in roles %}
-      - {{dep.name}}Deployment_Step{{step}}
-      - {{dep.name}}ContainersDeployment_Step{{step}}
-      {% endfor %}
-      - {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
-    properties:
-      name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
-      server: {get_param: [servers, {{primary_role_name}}, '0']}
-      config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
-      input_values:
-        CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
-        NET_HOST: 'true'
-        NO_ARCHIVE: 'true'
-        STEP: {{step}}
-
-{% endfor %}
-# END primary_role_name docker-puppet-tasks
+        - name: step
+        - name: role_name
+        - name: update_identifier
+        - name: bootstrap_server_id
+      config: {get_file: deploy-steps-playbook.yaml}
 
 {% for role in roles %}
   # Post deployment steps for all roles
@@ -117,44 +81,76 @@ resources:
       servers:  {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}ArtifactsConfig}
 
-  {{role.name}}PreConfig:
-    type: OS::TripleO::Tasks::{{role.name}}PreConfig
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
-
-  {{role.name}}CreateConfigDir:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: create-config-dir.sh}
-
-  {{role.name}}CreateConfigDirDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}CreateConfigDir}
-
-  {{role.name}}HostPrepAnsible:
-    type: OS::Heat::Value
-    properties:
-      value:
-        str_replace:
-          template: CONFIG
-          params:
-            CONFIG:
-              - hosts: localhost
-                connection: local
-                tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
-
   {{role.name}}HostPrepConfig:
     type: OS::Heat::SoftwareConfig
     properties:
       group: ansible
       options:
         modulepath: /usr/share/ansible-modules
-      config: {get_attr: [{{role.name}}HostPrepAnsible, value]}
+      config:
+        str_replace:
+          template: _PLAYBOOK
+          params:
+            _PLAYBOOK:
+              - hosts: localhost
+                connection: local
+                vars:
+                  puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
+                  docker_puppet_script: {get_file: docker-puppet.py}
+                  docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
+                  docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
+                  kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
+                  bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+                  puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]}
+                tasks:
+                  # Join host_prep_tasks with the other per-host configuration
+                  yaql:
+                    expression: $.data.host_prep_tasks + $.data.template_tasks
+                    data:
+                      host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
+                      template_tasks:
+{%- raw %}
+                        # Write the manifest for baremetal puppet configuration
+                        - name: Create /var/lib/tripleo-config directory
+                          file: path=/var/lib/tripleo-config state=directory
+                        - name: Write the puppet step_config manifest
+                          copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
+                        # This is the docker-puppet configs end in
+                        - name: Create /var/lib/docker-puppet
+                          file: path=/var/lib/docker-puppet state=directory
+                        # this creates a JSON config file for our docker-puppet.py script
+                        - name: Write docker-puppet-tasks json files
+                          copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
+                        # FIXME: can we move docker-puppet somewhere so it's installed via a package?
+                        - name: Write docker-puppet.py
+                          copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes
+                        # Here we are dumping all the docker container startup configuration data
+                        # so that we can have access to how they are started outside of heat
+                        # and docker-cmd.  This lets us create command line tools to test containers.
+                        # FIXME do we need the docker-container-startup-configs.json or is the new per-step
+                        # data consumed by paunch enough?
+                        - name: Write docker-container-startup-configs
+                          copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
+                        - name: Write per-step docker-container-startup-configs
+                          copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes
+                          with_dict: "{{docker_startup_configs}}"
+                        - name: Create /var/lib/kolla/config_files directory
+                          file: path=/var/lib/kolla/config_files state=directory
+                        - name: Write kolla config json files
+                          copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
+                          with_dict: "{{kolla_config}}"
+                        - name: Install paunch FIXME remove when packaged
+                          shell: |
+                            yum -y install python-pip
+                            pip install paunch
+                        ########################################################
+                        # Bootstrap tasks, only performed on bootstrap_server_id
+                        ########################################################
+                        - name: Write docker-puppet-tasks json files
+                          copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
+                          with_dict: "{{docker_puppet_tasks}}"
+                          when: deploy_server_id == bootstrap_server_id
+{%- endraw %}
 
   {{role.name}}HostPrepDeployment:
     type: OS::Heat::SoftwareDeploymentGroup
@@ -162,39 +158,6 @@ resources:
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}HostPrepConfig}
 
-  # this creates a JSON config file for our docker-puppet.py script
-  {{role.name}}GenPuppetConfig:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        /var/lib/docker-puppet/docker-puppet.json:
-          {get_param: [role_data, {{role.name}}, puppet_config]}
-
-  {{role.name}}GenPuppetDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}GenPuppetConfig}
-
-  {{role.name}}GenerateConfig:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: docker-puppet.py}
-      inputs:
-        - name: NET_HOST
-
-  {{role.name}}GenerateConfigDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment, {{role.name}}HostPrepDeployment]
-    properties:
-      name: {{role.name}}GenerateConfigDeployment
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}GenerateConfig}
-      input_values:
-        NET_HOST: 'true'
-
   {{role.name}}PuppetStepConfig:
     type: OS::Heat::Value
     properties:
@@ -222,52 +185,16 @@ resources:
             service_names: {get_param: [role_data, {{role.name}}, service_names]}
             docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
 
-  # Here we are dumping all the docker container startup configuration data
-  # so that we can have access to how they are started outside of heat
-  # and docker-cmd.  This lets us create command line tools to start and
-  # test these containers.
-  {{role.name}}DockerConfigJsonStartupData:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        /var/lib/docker-container-startup-configs.json:
-          {get_attr: [{{role.name}}DockerConfig, value]}
-
-  {{role.name}}DockerConfigJsonStartupDataDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      config: {get_resource: {{role.name}}DockerConfigJsonStartupData}
-      servers: {get_param: [servers, {{role.name}}]}
-
-  {{role.name}}KollaJsonConfig:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        {get_param: [role_data, {{role.name}}, kolla_config]}
-
-  {{role.name}}KollaJsonDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      name: {{role.name}}KollaJsonDeployment
-      config: {get_resource: {{role.name}}KollaJsonConfig}
-      servers: {get_param: [servers, {{role.name}}]}
-
-  # BEGIN BAREMETAL CONFIG STEPS
+  # BEGIN CONFIG STEPS
 
   {{role.name}}PreConfig:
     type: OS::TripleO::Tasks::{{role.name}}PreConfig
+    depends_on: {{role.name}}HostPrepDeployment
     properties:
       servers: {get_param: [servers, {{role.name}}]}
       input_values:
         update_identifier: {get_param: DeployIdentifier}
 
-  {{role.name}}Config:
-    type: OS::TripleO::{{role.name}}Config
-    properties:
-      StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
-
   {% for step in range(1, deploy_steps_max) %}
 
   {{role.name}}Deployment_Step{{step}}:
@@ -278,64 +205,26 @@ resources:
     depends_on:
       {% for dep in roles %}
       - {{dep.name}}Deployment_Step{{step -1}}
-      - {{dep.name}}ContainersDeployment_Step{{step -1}}
       {% endfor %}
-      - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
   {% endif %}
     properties:
       name: {{role.name}}Deployment_Step{{step}}
       servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}Config}
+      config: {get_resource: RoleConfig}
       input_values:
         step: {{step}}
+        role_name: {{role.name}}
         update_identifier: {get_param: DeployIdentifier}
+        bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
 
   {% endfor %}
-  # END BAREMETAL CONFIG STEPS
-
-  # BEGIN CONTAINER CONFIG STEPS
-  {% for step in range(1, deploy_steps_max) %}
-
-  {{role.name}}ContainersConfig_Step{{step}}:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: docker-cmd
-      config:
-        {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
-
-  {{role.name}}ContainersDeployment_Step{{step}}:
-    type: OS::Heat::StructuredDeploymentGroup
-  {% if step == 1 %}
-    depends_on:
-      - {{role.name}}KollaJsonDeployment
-      - {{role.name}}GenPuppetDeployment
-      - {{role.name}}GenerateConfigDeployment
-        {%- for dep in roles %}
-      - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
-        {%- endfor %}
-  {% else %}
-    depends_on:
-        {% for dep in roles %}
-        - {{dep.name}}ContainersDeployment_Step{{step -1}}
-        - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
-        - {{dep.name}}Deployment_Step{{step -1}}
-        {% endfor %}
-        - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
-  {% endif %}
-    properties:
-      name: {{role.name}}ContainersDeployment_Step{{step}}
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
-
-  {% endfor %}
-  # END CONTAINER CONFIG STEPS
+  # END CONFIG STEPS
 
   {{role.name}}PostConfig:
     type: OS::TripleO::Tasks::{{role.name}}PostConfig
     depends_on:
   {% for dep in roles %}
       - {{dep.name}}Deployment_Step5
-      - {{primary_role_name}}DockerPuppetTasksDeployment5
   {% endfor %}
     properties:
       servers:  {get_param: servers}
index 2f25898..4b061e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   DockerNamespace:
index 8a02d8f..f802e4e 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
                   - /var/log/containers/aodh:/var/log/aodh
-            command: /usr/bin/aodh-dbsync
+            command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
         step_4:
           aodh_api:
             image: *aodh_image
index 94caded..ba4ba92 100644 (file)
@@ -110,4 +110,4 @@ outputs:
       upgrade_tasks:
         - name: Stop and disable ceilometer agent central service
           tags: step2
-          service: name=openstack-ceilometer-agent-central state=stopped enabled=no
+          service: name=openstack-ceilometer-central state=stopped enabled=no
index 9033cf4..359dc3a 100644 (file)
@@ -83,9 +83,10 @@ outputs:
                 -
                   - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+                  - /var/run/libvirt:/var/run/libvirt:ro
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       upgrade_tasks:
         - name: Stop and disable ceilometer-agent-compute service
           tags: step2
-          service: name=openstack-ceilometer-agent-compute state=stopped enabled=no
+          service: name=openstack-ceilometer-compute state=stopped enabled=no
index fad1456..973d999 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contains a static list of common things necessary for containers
@@ -9,6 +9,8 @@ outputs:
     value:
       - /etc/hosts:/etc/hosts:ro
       - /etc/localtime:/etc/localtime:ro
+      # required for bootstrap_host_exec
+      - /etc/puppet:/etc/puppet:ro
       # OpenSSL trusted CAs
       - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
       - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
@@ -16,3 +18,4 @@ outputs:
       - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
       # Syslog socket
       - /dev/log:/dev/log
+      - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
index ed4e317..96a02f9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MongoDB service deployment using puppet and docker
index 3a4de24..73578e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL service deployment using puppet
index 86c4490..9000aee 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Redis services
@@ -77,6 +77,14 @@ outputs:
               recurse: true
       docker_config:
         step_1:
+          redis_init_logs:
+            start_order: 0
+            image: *redis_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/redis:/var/log/redis
+            command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
           redis:
             image: *redis_image
             net: host
@@ -87,14 +95,17 @@ outputs:
               - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
               - /var/lib/config-data/redis/etc/:/etc/:ro
               - /etc/localtime:/etc/localtime:ro
-              - logs:/var/log/kolla
+              - /var/log/containers/redis:/var/log/redis
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
-        - name: create /var/run/redis
+        - name: create persistent directories
           file:
-            path: /var/run/redis
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/redis
+            - /var/run/redis
       upgrade_tasks:
         - name: Stop and disable redis service
           tags: step2
index 13a0735..e5a7096 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized etcd services
index ef1e00e..df8186d 100644 (file)
@@ -100,6 +100,7 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes: &glance_volumes
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -110,6 +111,7 @@ outputs:
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
         step_4:
           map_merge:
             - glance_api:
@@ -149,3 +151,5 @@ outputs:
         - name: Stop and disable glance_api service
           tags: step2
           service: name=openstack-glance-api state=stopped enabled=no
+      metadata_settings:
+        get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
index 9b47473..e59d609 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
                   - /var/log/containers/gnocchi:/var/log/gnocchi
-            command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
+            command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
         step_4:
           gnocchi_api:
             image: *gnocchi_image
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
new file mode 100644 (file)
index 0000000..1f8bcfa
--- /dev/null
@@ -0,0 +1,111 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized HAproxy service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerHAProxyImage:
+    description: image
+    default: 'centos-binary-haproxy:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  HAProxyStatsPassword:
+    description: Password for HAProxy stats endpoint
+    hidden: true
+    type: string
+  HAProxyStatsUser:
+    description: User for HAProxy stats endpoint
+    default: admin
+    type: string
+  HAProxySyslogAddress:
+    default: /dev/log
+    description: Syslog address where HAproxy will send its log
+    type: string
+  RedisPassword:
+    description: The password for Redis
+    type: string
+    hidden: true
+  MonitoringSubscriptionHaproxy:
+    default: 'overcloud-haproxy'
+    type: string
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  HAProxyBase:
+    type: ../../puppet/services/haproxy.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the HAproxy role.
+    value:
+      service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [HAProxyBase, role_data, config_settings]
+          - tripleo::haproxy::haproxy_daemon: false
+      step_config: &step_config
+        get_attr: [HAProxyBase, role_data, step_config]
+      service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: haproxy
+        puppet_tags: haproxy_config
+        step_config: *step_config
+        config_image: &haproxy_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/haproxy.json:
+          command: haproxy -f /etc/haproxy/haproxy.cfg
+      docker_config:
+        step_1:
+          haproxy:
+            image: *haproxy_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/haproxy/etc/:/etc/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      metadata_settings:
+        get_attr: [HAProxyBase, role_data, metadata_settings]
index 2631928..37fa4c8 100644 (file)
@@ -132,3 +132,5 @@ outputs:
         - name: Stop and disable heat_api_cfn service
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [HeatBase, role_data, metadata_settings]
index b2f4eb6..5043aed 100644 (file)
@@ -132,3 +132,5 @@ outputs:
         - name: Stop and disable heat_api service
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [HeatBase, role_data, metadata_settings]
index 8c554a5..0adad53 100644 (file)
@@ -94,13 +94,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
                   - /var/log/containers/heat:/var/log/heat
-            command: ['heat-manage', 'db_sync']
+            command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
         step_4:
           heat_engine:
             image: *heat_engine_image
index 300aa0b..c8978aa 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/ironic/etc/:/etc/:ro
                   - /var/log/containers/ironic:/var/log/ironic
-            command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+            command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
         step_4:
           ironic_api:
             start_order: 10
index ca64374..772859e 100644 (file)
@@ -131,8 +131,9 @@ outputs:
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
           keystone:
-            start_order: 1
+            start_order: 2
             image: *keystone_image
             net: host
             privileged: false
@@ -141,10 +142,10 @@ outputs:
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           keystone_bootstrap:
-            start_order: 2
+            start_order: 3
             action: exec
             command:
-              [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
       docker_puppet_tasks:
         # Keystone endpoint creation occurs only on single node
         step_3:
index 3b256fd..5586d41 100644 (file)
@@ -100,19 +100,21 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/mistral/etc/:/etc/:ro
                   - /var/log/containers/mistral:/var/log/mistral
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
           mistral_db_populate:
             start_order: 2
             image: *mistral_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -121,7 +123,7 @@ outputs:
                   - /var/log/containers/mistral:/var/log/mistral
             # NOTE: dprince this requires that we install openstack-tripleo-common into
             # the Mistral API image so that we get tripleo* actions
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
         step_4:
           mistral_api:
             start_order: 15
index 9d266b0..7ce47a1 100644 (file)
@@ -39,6 +39,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -81,6 +88,8 @@ outputs:
             - path: /var/log/neutron
               owner: neutron:neutron
               recurse: true
+        /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
         # db sync runs before permissions set by kolla_config
         step_3:
@@ -101,8 +110,6 @@ outputs:
             net: host
             privileged: false
             detach: false
-            # FIXME: we should make config file permissions right
-            # and run as neutron user
             user: root
             volumes:
               list_concat:
@@ -111,22 +118,44 @@ outputs:
                   - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
                   - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
                   - /var/log/containers/neutron:/var/log/neutron
-            command: ['neutron-db-manage', 'upgrade', 'heads']
+            command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
+            # FIXME: we should make config file permissions right
+            # and run as neutron user
+            #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
         step_4:
-          neutron_api:
-            image: *neutron_api_image
-            net: host
-            privileged: false
-            restart: always
-            volumes:
-              list_concat:
-                - {get_attr: [ContainersCommon, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
-                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
-                  - /var/log/containers/neutron:/var/log/neutron
-            environment:
-              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+          map_merge:
+            - neutron_api:
+                image: *neutron_api_image
+                net: host
+                privileged: false
+                restart: always
+                volumes:
+                  list_concat:
+                    - {get_attr: [ContainersCommon, volumes]}
+                    -
+                      - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+                      - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                      - /var/log/containers/neutron:/var/log/neutron
+                environment:
+                  - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            - if:
+                - internal_tls_enabled
+                - neutron_server_tls_proxy:
+                    image: *neutron_api_image
+                    net: host
+                    user: root
+                    restart: always
+                    volumes:
+                      list_concat:
+                        - {get_attr: [ContainersCommon, volumes]}
+                        -
+                          - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                          - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                    environment:
+                      - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+                - {}
       host_prep_tasks:
         - name: create persistent logs directory
           file:
@@ -136,3 +165,5 @@ outputs:
         - name: Stop and disable neutron_api service
           tags: step2
           service: name=neutron-server state=stopped enabled=no
+      metadata_settings:
+        get_attr: [NeutronBase, role_data, metadata_settings]
index 97901bc..bd5147d 100644 (file)
@@ -104,3 +104,8 @@ outputs:
           file:
             path: /var/log/containers/neutron
             state: directory
+      upgrade_tasks:
+        - name: Stop and disable neutron_l3 service
+          tags: step2
+          service: name=neutron-l3-agent state=stopped enabled=no
+
diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml
new file mode 100644 (file)
index 0000000..88b2ca5
--- /dev/null
@@ -0,0 +1,110 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Neutron Metadata agent
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerNeutronMetadataImage:
+    description: image
+    default: 'centos-binary-neutron-metadata-agent:latest'
+    type: string
+  # we configure all neutron services in the same neutron
+  DockerNeutronConfigImage:
+    description: image
+    default: 'centos-binary-neutron-server:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  NeutronMetadataBase:
+    type: ../../puppet/services/neutron-metadata.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for Neutron Metadata agent
+    value:
+      service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]}
+      config_settings: {get_attr: [NeutronMetadataBase, role_data, config_settings]}
+      step_config: &step_config
+        get_attr: [NeutronMetadataBase, role_data, step_config]
+      puppet_config:
+        puppet_tags: neutron_config,neutron_metadata_agent_config
+        config_volume: neutron
+        step_config: *step_config
+        config_image:
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/neutron-metadata-agent.json:
+          command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
+      docker_config:
+        step_4:
+          neutron_metadata_agent:
+            image:
+              list_join:
+                - '/'
+                - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ]
+            net: host
+            pid: host
+            privileged: true
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /run:/run
+                  - /var/log/containers/neutron:/var/log/neutron
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable neutron_metadata service
+          tags: step2
+          service: name=neutron-metadata-agent state=stopped enabled=no
index 2e5384e..1739a5b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Neutron ML2 Plugin configured with Puppet
index d571b21..2375dad 100644 (file)
@@ -103,6 +103,7 @@ outputs:
             image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: &nova_api_volumes
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -110,7 +111,7 @@ outputs:
                   - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
                   - /var/log/containers/nova:/var/log/nova
-            command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
           # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
           # to be capable of upgrading a baremetal setup. This is to ensure the name
           # of the cell is 'default'
@@ -119,11 +120,9 @@ outputs:
             image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'map_cell0'
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
           nova_api_create_default_cell:
             start_order: 3
             image: *nova_api_image
@@ -134,18 +133,16 @@ outputs:
             # this idempotent (if the resource already exists a conflict
             # is raised)
             exit_codes: [0,2]
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'create_cell'
-              - '--name="default"'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
           nova_db_sync:
             start_order: 4
             image: *nova_api_image
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command: ['/usr/bin/nova-manage', 'db', 'sync']
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
         step_4:
           nova_api:
             start_order: 2
@@ -164,10 +161,8 @@ outputs:
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'discover_hosts'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
       host_prep_tasks:
         - name: create persistent logs directory
           file:
index ebf0da7..9779d67 100644 (file)
@@ -18,6 +18,10 @@ parameters:
     description: image
     default: 'centos-binary-nova-compute:latest'
     type: string
+  EnablePackageInstall:
+    default: 'false'
+    description: Set to true to enable package installation
+    type: boolean
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -112,6 +116,7 @@ outputs:
                   - /var/run/libvirt:/var/run/libvirt
                   - /var/lib/libvirt:/var/lib/libvirt
                   - /etc/libvirt/qemu:/etc/libvirt/qemu
+                  - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
                   - /var/log/containers/nova:/var/log/nova
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -124,6 +129,22 @@ outputs:
             - /etc/libvirt/qemu
             - /var/lib/libvirt
             - /var/log/containers/nova
+        - name: set enable_package_install fact
+          set_fact:
+            enable_package_install: {get_param: EnablePackageInstall}
+        # We use virtlogd on host, so when using Deployed Server
+        # feature, we need to ensure libvirt is installed.
+        - name: install libvirt-daemon
+          package:
+            name: libvirt-daemon
+            state: present
+          when: enable_package_install
+        - name: start virtlogd socket
+          service:
+            name: virtlogd.socket
+            state: started
+            enabled: yes
+          when: enable_package_install
       upgrade_tasks:
         - name: Stop and disable libvirtd service
           tags: step2
index 2aebbb2..e158d3b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Metadata service
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
new file mode 100644 (file)
index 0000000..bad2acf
--- /dev/null
@@ -0,0 +1,103 @@
+heat_template_version: pike
+
+description: >
+  MySQL HA clustercheck service deployment using puppet
+  This service is used by HAProxy in a HA scenario to report whether
+  the local galera node is synced
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerClustercheckImage:
+    description: image
+    default: 'centos-binary-mariadb:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ../containers-common.yaml
+
+  MysqlPuppetBase:
+    type: ../../../puppet/services/pacemaker/database/mysql.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Containerized service clustercheck using composable services.
+    value:
+      service_name: clustercheck
+      config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+      step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: clustercheck
+        puppet_tags: file # set this even though file is the default
+        step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+        config_image: &clustercheck_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/clustercheck.json:
+          command: /usr/sbin/xinetd -dontfork
+          config_files:
+          - dest: /etc/xinetd.conf
+            source: /var/lib/kolla/config_files/src/etc/xinetd.conf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/xinetd.d/galera-monitor
+            source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/sysconfig/clustercheck
+            source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+            owner: mysql
+            perm: '0600'
+      docker_config:
+        step_2:
+          clustercheck:
+            start_order: 1
+            image: *clustercheck_image
+            restart: always
+            net: host
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro
+                  - /var/lib/mysql:/var/lib/mysql
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+      upgrade_tasks:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
new file mode 100644 (file)
index 0000000..d64845f
--- /dev/null
@@ -0,0 +1,180 @@
+heat_template_version: pike
+
+description: >
+  MySQL service deployment with pacemaker bundle
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerMysqlImage:
+    description: image
+    default: 'centos-binary-mariadb:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  MysqlRootPassword:
+    type: string
+    hidden: true
+    default: ''
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ../../containers-common.yaml
+
+  MysqlPuppetBase:
+    type: ../../../../puppet/services/pacemaker/database/mysql.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Containerized service MySQL using composable services.
+    value:
+      service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+          - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerMysqlImage}
+      step_config: ""
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: mysql
+        puppet_tags: file # set this even though file is the default
+        step_config:
+          list_join:
+            - "\n"
+            - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+              - "exec {'wait-for-settle': command => '/bin/true' }"
+              - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
+        config_image: *mysql_image
+      kolla_config:
+        /var/lib/kolla/config_files/mysql.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+          - dest: /etc/libqb/force-filesystem-sockets
+            source: /dev/null
+            owner: root
+            perm: '0644'
+          - dest: /etc/my.cnf
+            source: /var/lib/kolla/config_files/src/etc/my.cnf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/my.cnf.d/galera.cnf
+            source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/sysconfig/clustercheck
+            source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+            owner: root
+            perm: '0600'
+      docker_config:
+        step_1:
+          mysql_data_ownership:
+            start_order: 0
+            detach: false
+            image: *mysql_image
+            net: host
+            user: root
+            # Kolla does only non-recursive chown
+            command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
+            volumes:
+              - /var/lib/mysql:/var/lib/mysql
+          mysql_bootstrap:
+            start_order: 1
+            detach: false
+            image: *mysql_image
+            net: host
+            # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
+            command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+            volumes: &mysql_volumes
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+                  - /var/lib/mysql:/var/lib/mysql
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+              - KOLLA_BOOTSTRAP=True
+              # NOTE(mandre) skip wsrep cluster status check
+              - KOLLA_KUBERNETES=True
+              -
+                list_join:
+                  - '='
+                  - - 'DB_ROOT_PASSWORD'
+                    -
+                      yaql:
+                        expression: $.data.passwords.where($ != '').first()
+                        data:
+                          passwords:
+                            - {get_param: MysqlRootPassword}
+                            - {get_param: [DefaultPasswords, mysql_root_password]}
+        step_2:
+          mysql_init_bundle:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
+            image: *mysql_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+              - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
+              - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+              - /var/lib/mysql:/var/lib/mysql:rw
+      host_prep_tasks:
+        - name: create /var/lib/mysql
+          file:
+            path: /var/lib/mysql
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable mysql service
+          tags: step2
+          service: name=mariadb state=stopped enabled=no
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
new file mode 100644 (file)
index 0000000..ef27f7e
--- /dev/null
@@ -0,0 +1,140 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Redis services
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerRedisImage:
+    description: image
+    default: 'centos-binary-redis:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  RedisBase:
+    type: ../../../../puppet/services/database/redis.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Redis API role.
+    value:
+      service_name: {get_attr: [RedisBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [RedisBase, role_data, config_settings]}
+          - redis::service_manage: false
+            redis::notify_service: false
+            redis::managed_by_cluster_manager: true
+            tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerRedisImage}
+
+      step_config: ""
+      service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: 'redis'
+        # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+        # /etc/redis.conf
+        # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+        puppet_tags: 'exec'
+        step_config:
+          get_attr: [RedisBase, role_data, step_config]
+        config_image: *redis_image
+      kolla_config:
+        /var/lib/kolla/config_files/redis.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+            - dest: /etc/libqb/force-filesystem-sockets
+              source: /dev/null
+              owner: root
+              perm: '0644'
+          permissions:
+            - path: /var/run/redis
+              owner: redis:redis
+              recurse: true
+            - path: /var/lib/redis
+              owner: redis:redis
+              recurse: true
+            - path: /var/log/redis
+              owner: redis:redis
+              recurse: true
+      docker_config:
+        step_2:
+          redis_init_bundle:
+            start_order: 2
+            detach: false
+            net: host
+            user: root
+            config_volume: 'redis_init_bundle'
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+            image: *redis_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      host_prep_tasks:
+        - name: create /var/run/redis
+          file:
+            path: /var/run/redis
+            state: directory
+        - name: create /var/log/redis
+          file:
+            path: /var/log/redis
+            state: directory
+        - name: create /var/lib/redis
+          file:
+            path: /var/lib/redis
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable redis service
+          tags: step2
+          service: name=redis state=stopped enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
new file mode 100644 (file)
index 0000000..ae19652
--- /dev/null
@@ -0,0 +1,116 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized HAproxy service for pacemaker
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerHAProxyImage:
+    description: image
+    default: 'centos-binary-haproxy:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  HAProxyBase:
+    type: ../../../puppet/services/pacemaker/haproxy.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the HAproxy role.
+    value:
+      service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [HAProxyBase, role_data, config_settings]
+          - tripleo::haproxy::haproxy_daemon: false
+            haproxy_docker: true
+            tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
+              list_join:
+                - '/'
+                - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+      step_config:
+          list_join:
+            - "\n"
+            - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
+              - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+      service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: haproxy
+        puppet_tags: haproxy_config
+        step_config:
+          list_join:
+            - "\n"
+            - - "exec {'wait-for-settle': command => '/bin/true' }"
+              - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+              - *noop_pcmk
+              - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+        config_image: *haproxy_image
+      kolla_config:
+        /var/lib/kolla/config_files/haproxy.json:
+          command: haproxy -f /etc/haproxy/haproxy.cfg
+      docker_config:
+        step_2:
+          haproxy_init_bundle:
+            start_order: 3
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG:
+                      list_join:
+                        - ';'
+                        - - *noop_firewall
+                          - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+            image: *haproxy_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      metadata_settings:
+        get_attr: [HAProxyBase, role_data, metadata_settings]
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
new file mode 100644 (file)
index 0000000..7f6ac70
--- /dev/null
@@ -0,0 +1,159 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Rabbitmq service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerRabbitmqImage:
+    description: image
+    default: 'centos-binary-rabbitmq:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RabbitCookie:
+    type: string
+    default: ''
+    hidden: true
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  RabbitmqBase:
+    type: ../../../puppet/services/rabbitmq.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Rabbitmq API role.
+    value:
+      service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [RabbitmqBase, role_data, config_settings]}
+          - rabbitmq::service_manage: false
+            tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerRabbitmqImage}
+      step_config: &step_config
+        get_attr: [RabbitmqBase, role_data, step_config]
+      service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: rabbitmq
+        puppet_tags: file
+        step_config: *step_config
+        config_image: *rabbitmq_image
+      kolla_config:
+        /var/lib/kolla/config_files/rabbitmq.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+          - dest: /etc/libqb/force-filesystem-sockets
+            source: /dev/null
+            owner: root
+            perm: '0644'
+          permissions:
+           - path: /var/lib/rabbitmq
+             owner: rabbitmq:rabbitmq
+             recurse: true
+           - path: /var/log/rabbitmq
+             owner: rabbitmq:rabbitmq
+             recurse: true
+      # When using pacemaker we don't launch the container, instead that is done by pacemaker
+      # itself.
+      docker_config:
+        step_1:
+          rabbitmq_bootstrap:
+            start_order: 0
+            image: *rabbitmq_image
+            net: host
+            privileged: false
+            volumes:
+              - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /var/lib/rabbitmq:/var/lib/rabbitmq
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+              - KOLLA_BOOTSTRAP=True
+              -
+                list_join:
+                  - '='
+                  - - 'RABBITMQ_CLUSTER_COOKIE'
+                    -
+                      yaql:
+                        expression: $.data.passwords.where($ != '').first()
+                        data:
+                          passwords:
+                            - {get_param: RabbitCookie}
+                            - {get_param: [DefaultPasswords, rabbit_cookie]}
+        step_2:
+          rabbitmq_init_bundle:
+            start_order: 0
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
+            image: *rabbitmq_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      host_prep_tasks:
+        - name: create /var/lib/rabbitmq
+          file:
+            path: /var/lib/rabbitmq
+            state: directory
+        - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
+          shell: |
+            echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
+            echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
+            for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+      upgrade_tasks:
+        - name: Stop and disable rabbitmq service
+          tags: step2
+          service: name=rabbitmq-server state=stopped enabled=no
index 46cfa5a..b9e6e93 100644 (file)
@@ -101,13 +101,14 @@ outputs:
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
                   - /var/log/containers/panko:/var/log/panko
-            command: /usr/bin/panko-dbsync
+            command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
         step_4:
           panko_api:
             start_order: 2
index 15f1bf0..2ad3b63 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Utility stack to convert an array of services into a set of combined
index 60972f9..04c4ba1 100644 (file)
@@ -135,3 +135,5 @@ outputs:
         - name: Stop and disable swift_proxy service
           tags: step2
           service: name=openstack-swift-proxy state=stopped enabled=no
+      metadata_settings:
+        get_attr: [SwiftProxyBase, role_data, metadata_settings]
index 9ced8f2..bfd445d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Ringbuilder
index 617d640..99e517b 100644 (file)
@@ -9,9 +9,13 @@ parameter_defaults:
   CinderDellScSanIp: ''
   CinderDellScSanLogin: 'Admin'
   CinderDellScSanPassword: ''
-  CinderDellScSsn: '64702'
+  CinderDellScSsn: 64702
   CinderDellScIscsiIpAddress: ''
-  CinderDellScIscsiPort: '3260'
-  CinderDellScApiPort: '3033'
+  CinderDellScIscsiPort: 3260
+  CinderDellScApiPort: 3033
   CinderDellScServerFolder: 'dellsc_server'
   CinderDellScVolumeFolder: 'dellsc_volume'
+  CinderDellScSecondarySanIp: ''
+  CinderDellScSecondarySanLogin: 'Admin'
+  CinderDellScSecondarySanPassword: ''
+  CinderDellScSecondaryScApiPort: 3033
index 3007638..a5f0eca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config to configure multiple interfaces
diff --git a/environments/disable-telemetry.yaml b/environments/disable-telemetry.yaml
new file mode 100644 (file)
index 0000000..6249c28
--- /dev/null
@@ -0,0 +1,20 @@
+# This heat environment can be used to disable all of the telemetry services.
+# It is most useful in a resource constrained environment or one in which
+# telemetry is not needed.
+
+resource_registry:
+  OS::TripleO::Services::CeilometerApi: OS::Heat::None
+  OS::TripleO::Services::CeilometerCollector: OS::Heat::None
+  OS::TripleO::Services::CeilometerExpirer: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
+  OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
+  OS::TripleO::Services::GnocchiApi: OS::Heat::None
+  OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
+  OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
+  OS::TripleO::Services::AodhApi: OS::Heat::None
+  OS::TripleO::Services::AodhEvaluator: OS::Heat::None
+  OS::TripleO::Services::AodhNotifier: OS::Heat::None
+  OS::TripleO::Services::AodhListener: OS::Heat::None
+  OS::TripleO::Services::PankoApi: OS::Heat::None
index 33afbc6..2740664 100644 (file)
@@ -12,6 +12,7 @@ resource_registry:
   OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
   OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
   OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+  OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
   OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
   OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
@@ -20,6 +21,12 @@ resource_registry:
   OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
   OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+  OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+  OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+  OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+  OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+  OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+  OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
   OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
   OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
@@ -43,3 +50,4 @@ parameter_defaults:
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Sshd
index d2142d1..2852794 100644 (file)
@@ -22,10 +22,12 @@ resource_registry:
   OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+  OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
   OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
   OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+  OS::TripleO::Services::HAProxy: ../docker/services/haproxy.yaml
   OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
   OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
   OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
@@ -52,10 +54,10 @@ resource_registry:
   OS::TripleO::Services: ../docker/services/services.yaml
 
 parameter_defaults:
-  # Defaults to 'tripleoupstream'.  Specify a local docker registry
-  # Example: 192.168.24.1:8787/tripleoupstream
-  DockerNamespace: tripleoupstream
-  DockerNamespaceIsRegistry: false
+  # To specify a local docker registry, enable these
+  # where 192.168.24.1 is the host running docker-distribution
+  #DockerNamespace: 192.168.24.1:8787/tripleoupstream
+  #DockerNamespaceIsRegistry: true
 
   ComputeServices:
     - OS::TripleO::Services::NovaCompute
@@ -63,3 +65,4 @@ parameter_defaults:
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::CeilometerAgentCompute
+    - OS::TripleO::Services::Sshd
index 6fd7101..0f7e114 100644 (file)
@@ -19,6 +19,7 @@ parameter_defaults:
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::ComputeCeilometerAgent
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
index 3a60633..547dc31 100644 (file)
@@ -16,3 +16,5 @@ parameter_defaults:
 
   ControllerExtraConfig:
       'nova::network::neutron::neutron_url_timeout': '60'
+
+  DatabaseSyncTimeout: 900
diff --git a/environments/neutron-bgpvpn-opendaylight.yaml b/environments/neutron-bgpvpn-opendaylight.yaml
new file mode 100644 (file)
index 0000000..1d2e077
--- /dev/null
@@ -0,0 +1,12 @@
+# A Heat environment file that can be used to deploy Neutron BGPVPN service
+#
+#  This environment file deploys Neutron BGPVPN service and configures
+#  Opendaylight as its service provider.
+#
+# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+resource_registry:
+  OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
+
+parameter_defaults:
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  BgpvpnServiceProvider: 'BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default'
diff --git a/environments/neutron-l2gw-opendaylight.yaml b/environments/neutron-l2gw-opendaylight.yaml
new file mode 100644 (file)
index 0000000..2168dbc
--- /dev/null
@@ -0,0 +1,18 @@
+# A Heat environment file that can be used to deploy Neutron L2 Gateway service
+#
+# Currently there are only two service provider for Neutron L2 Gateway
+# This file enables L2GW service with OpenDaylight as driver.
+#
+# - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+resource_registry:
+  OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+
+parameter_defaults:
+  NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
+  L2gwServiceProvider: ['L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default']
+
+  # Optional
+  # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+  # L2gwServiceDefaultDeviceName: "Switch1"
+  # L2gwServiceQuotaL2Gateway: 10
+  # L2gwServicePeriodicMonitoringInterval: 5
similarity index 54%
rename from environments/neutron-l2gw-api.yaml
rename to environments/neutron-l2gw.yaml
index 0989467..bba0968 100644 (file)
@@ -8,13 +8,20 @@
 # - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
 resource_registry:
   OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: ../puppet/services/neutron-l2gw-agent.yaml
 
 parameter_defaults:
   NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
-  L2gwServiceProvider: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+  L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
 
   # Optional
-  # L2gwServiceDefaultInterfaceName:
-  # L2gwServiceDefaultDeviceName:
-  # L2gwServiceQuotaL2Gateway:
-  # L2gwServicePeriodicMonitoringInterval:
+  # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+  # L2gwServiceDefaultDeviceName: "Switch1"
+  # L2gwServiceQuotaL2Gateway: 10
+  # L2gwServicePeriodicMonitoringInterval: 5
+  # L2gwAgentOvsdbHosts: ["ovsdb1:127.0.0.1:6632"]
+  # L2gwAgentEnableManager: False
+  # L2gwAgentManagerTableListeningPort: "6633"
+  # L2gwAgentPeriodicInterval: 20
+  # L2gwAgentMaxConnectionRetries: 10
+  # L2gwAgentSocketTimeout: 30
diff --git a/environments/neutron-linuxbridge.yaml b/environments/neutron-linuxbridge.yaml
new file mode 100644 (file)
index 0000000..c8045cc
--- /dev/null
@@ -0,0 +1,8 @@
+## A Heat environment that can be used to deploy linuxbridge
+resource_registry:
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronLinuxbridgeAgent: ../puppet/services/neutron-linuxbridge-agent.yaml
+
+parameter_defaults:
+  NeutronMechanismDrivers: ['linuxbridge']
index 004b8ac..6706bcc 100644 (file)
@@ -9,7 +9,7 @@ parameter_defaults:
   #NeutronDpdkMemoryChannels: ""
 
   NeutronDatapathType: "netdev"
-  NeutronVhostuserSocketDir: "/var/run/openvswitch"
+  NeutronVhostuserSocketDir: "/var/lib/vhost_sockets"
 
   #NeutronDpdkSocketMemory: ""
   #NeutronDpdkDriverType: "vfio-pci"
index 9c8abbb..6a69914 100644 (file)
@@ -20,3 +20,5 @@ parameter_defaults:
   GlanceBackend: rbd
   GnocchiBackend: rbd
   CinderEnableIscsiBackend: false
+  CephPoolDefaultSize: 1
+
index ca0b3b1..08033d9 100644 (file)
@@ -1,2 +1,3 @@
 resource_registry:
   OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
+  OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
index 4cc765f..f97d3e0 100644 (file)
@@ -1,2 +1,3 @@
 resource_registry:
   OS::TripleO::Services::CeilometerCollector: ../../puppet/services/ceilometer-collector.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
index 8359f4a..b131738 100644 (file)
@@ -1,4 +1,5 @@
 resource_registry:
   OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
   OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
+  OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml
   OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
index ee13792..e501b69 100644 (file)
@@ -1,2 +1,3 @@
 resource_registry:
   OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
index 1b666c5..4443221 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
     KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
     KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
index 7311a1f..5ac2918 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
     KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
     KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
index e6608b5..865ed4c 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
     IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
     KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
     KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
index fcf022a..79794f9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for cluster config
index 77d4b38..b954e72 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for cluster config
index b6fef79..9e3713b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Template file to add a swap partition to a node.
 
index 044f817..e19fc21 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Template file to add a swap file to a node.
 
index 56d3cbc..59b8e7f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Generates the relevant service principals for a server'
 
 parameters:
index 4da54ea..4a0e06e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Extra Post Deployment Config'
 parameters:
   servers:
index 8ac7eb7..ee5a830 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for post-deployment
index 738e263..346a1d7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for post-deployment, this re-runs every update
index 8bcae1d..3c508d1 100755 (executable)
@@ -45,57 +45,61 @@ if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then
     cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
 fi
 
-PHYSICAL_NETWORK=ctlplane
-
-ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
-subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
-subnet_id=
+if [ "$(hiera neutron_api_enabled)" = "true" ]; then
+    PHYSICAL_NETWORK=ctlplane
+
+    ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
+    subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
+    subnet_id=
+
+    for subnet_id in $subnet_ids; do
+        network_id=$(openstack subnet show -f value -c network_id $subnet_id)
+        if [ "$network_id" = "$ctlplane_id" ]; then
+            break
+        fi
+    done
 
-for subnet_id in $subnet_ids; do
-    network_id=$(openstack subnet show -f value -c network_id $subnet_id)
-    if [ "$network_id" = "$ctlplane_id" ]; then
-        break
-    fi
-done
-
-net_create=1
-if [ -n "$subnet_id" ]; then
-    cidr=$(openstack subnet show $subnet_id -f value -c cidr)
-    if [ "$cidr" = "$undercloud_network_cidr" ]; then
-        net_create=0
-    else
-        echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
-        echo "Will attempt to delete and recreate subnet $subnet_id"
+    net_create=1
+    if [ -n "$subnet_id" ]; then
+        cidr=$(openstack subnet show $subnet_id -f value -c cidr)
+        if [ "$cidr" = "$undercloud_network_cidr" ]; then
+            net_create=0
+        else
+            echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
+            echo "Will attempt to delete and recreate subnet $subnet_id"
+        fi
     fi
-fi
 
-if [ "$net_create" -eq "1" ]; then
-    # Delete the subnet and network to make sure it doesn't already exist
-    if openstack subnet list | grep start; then
-        openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
-    fi
-    if openstack network show ctlplane; then
-        openstack network delete ctlplane
+    if [ "$net_create" -eq "1" ]; then
+        # Delete the subnet and network to make sure it doesn't already exist
+        if openstack subnet list | grep start; then
+            openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
+        fi
+        if openstack network show ctlplane; then
+            openstack network delete ctlplane
+        fi
+
+
+        NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
+
+        NAMESERVER_ARG=""
+        if [ -n "${undercloud_nameserver:-}" ]; then
+            NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
+        fi
+
+        openstack subnet create --network=$NETWORK_ID \
+            --gateway=$undercloud_network_gateway \
+            --subnet-range=$undercloud_network_cidr \
+            --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
+            --host-route destination=169.254.169.254/32,gateway=$local_ip \
+            $NAMESERVER_ARG ctlplane
     fi
-
-
-    NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
-
-    NAMESERVER_ARG=""
-    if [ -n "${undercloud_nameserver:-}" ]; then
-        NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
-    fi
-
-    openstack subnet create --network=$NETWORK_ID \
-        --gateway=$undercloud_network_gateway \
-        --subnet-range=$undercloud_network_cidr \
-        --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
-        --host-route destination=169.254.169.254/32,gateway=$local_ip \
-        $NAMESERVER_ARG ctlplane
 fi
 
-# Disable nova quotas
-openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+if [ "$(hiera nova_api_enabled)" = "true" ]; then
+    # Disable nova quotas
+    openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+fi
 
 # MISTRAL WORKFLOW CONFIGURATION
 if [ "$(hiera mistral_api_enabled)" = "true" ]; then
index 30a8355..96632bc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RHEL Registration and unregistration software deployments.
index bb0b951..48ba526 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Do some configuration, then reboot - sometimes needed for early-boot
index 4ad53cb..658fea7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Do some configuration, then reboot - sometimes needed for early-boot
index 0db0bc1..7fc258d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Post-Puppet Config for Pacemaker deployments'
 
 parameters:
index 07f3d00..203ca1f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Post-Puppet restart config for Pacemaker deployments'
 
 parameters:
index a424463..98b37be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Pre-Puppet Config for Pacemaker deployments'
 
 parameters:
index 847c877..e4ba0cc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will fetch the ssh host public key.
index 2ebcb63..50bde65 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'SSH Known Hosts Config'
 
 parameters:
index 8cff838..9daa835 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software-config for performing package updates using yum
index 9400c1d..2ede5be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'No-op yum update task'
 
 resources:
index e936e60..65e93fe 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ContrailRepo:
index f82bc19..8bd1c9d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure os-net-config mappings for specific nodes
index bc379f4..0951b84 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a default no-op template which provides empty user-data
index d412b93..43e966d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is first boot configuration for development purposes. It allows
index a352093..2f03c83 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 # NOTE: You don't need to pass the parameter explicitly from the
 # parent template, it can be specified via the parameter_defaults
index ed8302d..5223f93 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Can be overridden via parameter_defaults in the environment
index 63dd5a9..d32f223 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Uses cloud-init to enable root logins and set the root password.
index c02c420..f0d3c6a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'All Hosts Config'
 
 parameters:
index 3ae09c9..f92f9a1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge.
 parameters:
index 10d5388..29646ab 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index a544d54..6c44e60 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index be05cc1..57f1a19 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to no-op for os-net-config. Using this will allow you
index 12374a2..cbf282e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index 50e541b..c778bd8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index a52e22b..e864be0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index 9be51c0..881fbfd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index 703fea0..97177c4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role.
 parameters:
index df15cd6..5456c2c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role.
 parameters:
index 4677241..607d346 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
 parameters:
index f9c926d..448d4e2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
 parameters:
index ce1e865..8ac5cda 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
 parameters:
index bb4ac27..2579648 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6
   on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control
index 9151538..e4b3012 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
 parameters:
index 6d4e368..6371ceb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role.
 parameters:
index 6a78806..3cc4361 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role.
 parameters:
index d238444..fa7d49e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role.
 parameters:
index abfd323..a793912 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the
   compute role with external bridge for DVR.
index 101a08d..5549368 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the compute role.
 parameters:
index 4fae435..477eeaa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External
   network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index ba9f8fd..59f16b9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the controller role.
 parameters:
index 4019012..180f553 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the swift storage role.
 parameters:
index 448df69..6685f2b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the ceph storage role.
 parameters:
index 465555d..ecc57ad 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the cinder storage role.
 parameters:
index a21bc8f..e36afd3 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the compute role.
 parameters:
index bb8bb9c..d405807 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
   IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index a9689ce..a52a8b8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role.
 parameters:
index c8e4db2..ad154fa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the swift storage role.
 parameters:
index 0b5eb0c..790e8a7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the ceph storage role.
 parameters:
index 882d6eb..6dee3be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the cinder storage role.
 parameters:
index 42cfd78..2201b0b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the compute role.
 parameters:
index 9e0680e..d26de32 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured.
 parameters:
index 1f9a67d..8f68760 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
   IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index 4ac1831..8530118 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role.
 parameters:
index 605b8ee..b4587e0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the swift storage role.
 parameters:
index 990cbab..42eb118 100755 (executable)
@@ -191,7 +191,7 @@ def template_endpoint_items(config):
 
 def generate_endpoint_map_template(config):
     return collections.OrderedDict([
-        ('heat_template_version', 'ocata'),
+        ('heat_template_version', 'pike'),
         ('description', 'A map of OpenStack endpoints. Since the endpoints '
          'are URLs, we need to have brackets around IPv6 IP addresses. The '
          'inputs to these parameters come from net_ip_uri_map, which will '
index c92ce37..f5f2b97 100644 (file)
@@ -394,6 +394,15 @@ Ironic:
             '': /v1
     port: 6385
 
+IronicInspector:
+    Internal:
+        net_param: IronicInspector
+    Public:
+        net_param: Public
+    Admin:
+        net_param: IronicInspector
+    port: 5050
+
 Zaqar:
     Internal:
         net_param: ZaqarApi
index b4fcbb1..4509bca 100644 (file)
@@ -2,7 +2,7 @@
 ### This file is automatically generated from endpoint_data.yaml
 ### by the script build_endpoint_map.py
 
-heat_template_version: ocata
+heat_template_version: pike
 description: A map of OpenStack endpoints. Since the endpoints are URLs,
   we need to have brackets around IPv6 IP addresses. The inputs to these
   parameters come from net_ip_uri_map, which will include these brackets
@@ -89,6 +89,9 @@ parameters:
       IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
       IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
       IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
+      IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
+      IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
+      IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
       KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
       KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
       KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
@@ -5930,6 +5933,249 @@ outputs:
                         template: NETWORK_uri
             - ':'
             - get_param: [EndpointMap, IronicPublic, port]
+      IronicInspectorAdmin:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorAdmin, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, IronicInspectorNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorAdmin, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorAdmin, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorAdmin, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorAdmin, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorAdmin, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorAdmin, port]
+      IronicInspectorInternal:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorInternal, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, IronicInspectorNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorInternal, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorInternal, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorInternal, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorInternal, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorInternal, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorInternal, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorInternal, port]
+      IronicInspectorPublic:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorPublic, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, PublicNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, PublicNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorPublic, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, PublicNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, PublicNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorPublic, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorPublic, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorPublic, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, PublicNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, PublicNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorPublic, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorPublic, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, PublicNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, PublicNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorPublic, port]
       KeystoneAdmin:
         host:
           str_replace:
index 21260d3..277c761 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
index 51000bb..e577c1c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
index 793535c..563e6d4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Internal API network. Used for most APIs, Database, RPC.
index 5395065..05a740b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Internal API network. Used for most APIs, Database, RPC.
index 77fcd4e..41ede5c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Management network. System administration, SSH, DNS, NTP, etc. This network
index e1391ad..a44d34d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Management network. System administration, SSH, DNS, NTP, etc. This network
index ef977d8..f19e2c0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Create networks to split out Overcloud traffic
 
index 0f21e3e..386520c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the undercloud ctlplane network.
index c33643e..a02cc28 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the external network. The IP address will be chosen
index 893b26d..d2610c6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index c67789a..e5fe8d7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index 905974f..12d61cc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the external network. The IP address will be chosen
index 69a887e..64fdce6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a service mapped list of IPs
index c9673dd..2735a69 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a service mapped list of IPv6 IPs
index 1f96e3f..f258080 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the internal_api network.
index 3f16f30..cb87fd5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index b36ef23..12a0731 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index e236156..46e6e18 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the internal_api network.
index b626bc2..dd62033 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the management network. The IP address will be chosen
index 05fedb9..188be68 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 64758bf..b5d4425 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index 9e6a35b..977502a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the management network. The IP address will be chosen
index 83d875e..c3734af 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ControlPlaneIpList:
index c974d72..75818bf 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ControlPlaneIp:
index 58f96e6..018bf2b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Set these via parameter defaults to configure external VIPs
index 12db8d2..aa40cf1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Set these via parameter defaults to configure external VIPs
index e2004cb..8030bfc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns the control plane port (provisioning network) as the ip_address.
index 8040041..5c1aba1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage network.
index dfab49a..ca5993f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index a6cde5f..ec7cd2f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index b96fbd0..94b058a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage_mgmt API network.
index 6ec3dba..63b2e15 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 2f3ea19..6d0b879 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs This version is for IPv6
index 01e4c31..3d70c69 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage_mgmt API network.
index 1dd7619..6137d24 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage network.
index f6929b8..a56b0f4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the tenant network.
index c72b227..03ff6d1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index bc056fa..d45faf0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 8410182..d23e91f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the tenant network.
index d996d03..70b4482 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the isolated network NetworkName.
index 7a45756..09f646a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the isolated network NetworkName.
index 26ff3e0..d3d8cbd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Mapping of service_name_network -> network name
@@ -45,6 +45,7 @@ parameters:
       GlanceApiNetwork: storage
       IronicApiNetwork: ctlplane
       IronicNetwork: ctlplane
+      IronicInspectorNetwork: ctlplane
       KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
       KeystonePublicApiNetwork: internal_api
       ManilaApiNetwork: internal_api
index 0a704ea..0fb9cc0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage network.
index c711716..9869f0d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage management network. Storage replication, etc.
index 2b06519..d6b1652 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage management network. Storage replication, etc.
index 777e616..0ec34ad 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage network.
index 33055fe..4881308 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Tenant network.
index 0bf5d2f..bbc2b6b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Tenant IPv6 network.
index 450e611..d4c301b 100644 (file)
@@ -124,7 +124,7 @@ resource_registry:
   OS::TripleO::Services::Congress: OS::Heat::None
   OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
   OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
-  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
+  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
   OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
   OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
@@ -135,6 +135,7 @@ resource_registry:
   OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
   OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
   OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
   # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
   # the multinode job ControllerServices after this patch merges
@@ -153,6 +154,7 @@ resource_registry:
 
   OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
   OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+  OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::Pacemaker: OS::Heat::None
   OS::TripleO::Services::PacemakerRemote: OS::Heat::None
@@ -170,7 +172,7 @@ resource_registry:
   OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
   OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
   OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
-  OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
+  OS::TripleO::Services::MongoDb: puppet/services/disabled/mongodb-disabled.yaml
   OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml
   OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml
   OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml
@@ -188,8 +190,8 @@ resource_registry:
   OS::TripleO::Services::Tacker: OS::Heat::None
   OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
   OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
-  OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector.yaml
-  OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer.yaml
+  OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml
+  OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml
   OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
   OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
   OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
index cd42a50..f8655b1 100644 (file)
@@ -7,7 +7,7 @@
 {%- endfor -%}
 {%- set primary_role_name = primary_role[0].name -%}
 # primary role is: {{primary_role_name}}
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Deploy an OpenStack environment, consisting of several node types (roles),
@@ -197,6 +197,12 @@ parameters:
     description: >
       Set to true to append per network Vips to /etc/hosts on each node.
 
+  DeploymentServerBlacklist:
+    default: []
+    type: comma_delimited_list
+    description: >
+      List of server hostnames to blacklist from any triggered deployments.
+
 conditions:
   add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
 
@@ -293,6 +299,14 @@ resources:
       RoleName: {{role.name}}
       RoleParameters: {get_param: {{role.name}}Parameters}
 
+  # Lookup of role_data via heat outputs is slow, so workaround this by caching
+  # the value in an OS::Heat::Value resource
+  {{role.name}}ServiceChainRoleData:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value: {get_attr: [{{role.name}}ServiceChain, role_data]}
+
   # Filter any null/None service_names which may be present due to mapping
   # of services to OS::Heat::None
   {{role.name}}ServiceNames:
@@ -303,21 +317,21 @@ resources:
       value:
         yaql:
           expression: coalesce($.data, []).where($ != null)
-          data: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+          data: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_names]}
 
   {{role.name}}HostsDeployment:
     type: OS::Heat::StructuredDeployments
     properties:
       name: {{role.name}}HostsDeployment
       config: {get_attr: [hostsConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}SshKnownHostsDeployment:
     type: OS::Heat::StructuredDeployments
     properties:
       name: {{role.name}}SshKnownHostsDeployment
       config: {get_resource: SshKnownHostsConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}AllNodesDeployment:
     type: OS::Heat::StructuredDeployments
@@ -328,7 +342,7 @@ resources:
     properties:
       name: {{role.name}}AllNodesDeployment
       config: {get_attr: [allNodesConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
       input_values:
         # Note we have to use yaql to look up the first hostname/ip in the
         # list because heat path based attributes operate on the attribute
@@ -350,7 +364,7 @@ resources:
     properties:
       name: {{role.name}}AllNodesValidationDeployment
       config: {get_resource: AllNodesValidationConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}IpListMap:
     type: OS::TripleO::Network::Ports::NetIpListMap
@@ -365,7 +379,13 @@ resources:
       EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
       ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
       ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
-      NetworkHostnameMap:
+      NetworkHostnameMap: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
+
+  {{role.name}}NetworkHostnameMap:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
         # Note (shardy) this somewhat complex yaql may be replaced
         # with a map_deep_merge function in ocata.  It merges the
         # list of maps, but appends to colliding lists so we can
@@ -403,7 +423,7 @@ resources:
   {% endif %}
           ServiceConfigSettings:
             map_merge:
-              -  get_attr: [{{role.name}}ServiceChain, role_data, config_settings]
+              -  get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings]
           {% for r in roles %}
               - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
           {% endfor %}
@@ -423,10 +443,41 @@ resources:
                         {% endfor %}
                     services: {get_attr: [{{role.name}}ServiceNames, value]}
           ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
-          MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
-          ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]}
+          MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
+          ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
+          DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
+{% endfor %}
+
+{% for role in roles %}
+  {{role.name}}Servers:
+    type: OS::Heat::Value
+    depends_on: {{role.name}}
+    properties:
+      type: json
+      value:
+        yaql:
+          expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
+          data:
+            servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
 {% endfor %}
 
+  # This resource just creates a dict out of the DeploymentServerBlacklist,
+  # which is a list. The dict is used in the role templates to set a condition
+  # on whether to create the deployment resources. We can't use the list
+  # directly because there is no way to ask Heat if a list contains a specific
+  # value.
+  DeploymentServerBlacklistDict:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
+        map_merge:
+          repeat:
+            template:
+              hostname: 1
+            for_each:
+              hostname: {get_param: DeploymentServerBlacklist}
+
   hostsConfig:
     type: OS::TripleO::Hosts::SoftwareConfig
     properties:
@@ -465,7 +516,7 @@ resources:
           data:
             groups:
 {% for role in roles %}
-              - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
+              - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]}
 {% endfor %}
       logging_sources:
         yaql:
@@ -474,7 +525,7 @@ resources:
           data:
             sources:
 {% for role in roles %}
-              - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
+              - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]}
 {% endfor %}
       controller_ips: {get_attr: [{{primary_role_name}}, ip_address]}
       controller_names: {get_attr: [{{primary_role_name}}, hostname]}
@@ -649,7 +700,7 @@ resources:
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
       input_values:
         deploy_identifier: {get_param: DeployIdentifier}
@@ -667,7 +718,7 @@ resources:
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
 
   # Post deployment steps for all roles
@@ -681,12 +732,12 @@ resources:
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
       EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
       role_data:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+        {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
 {% endfor %}
 
 outputs:
@@ -725,11 +776,17 @@ outputs:
     description: The configuration data associated with each role
     value:
 {% for role in roles %}
-      {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+      {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
 {% endfor %}
   RoleNetIpMap:
     description: Mapping of each network to a list of IPs for each role
     value:
 {% for role in roles %}
       {{role.name}}: {get_attr: [{{role.name}}IpListMap, net_ip_map]}
+{% endfor %}
+  RoleNetHostnameMap:
+    description: Mapping of each network to a list of hostnames for each role
+    value:
+{% for role in roles %}
+      {{role.name}}: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
 {% endfor %}
index 60290f6..baafe03 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'All Nodes Config for Puppet'
 
 parameters:
index b9e5c6f..60ddeb8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack cinder storage configured by Puppet'
 parameters:
   BlockStorageImage:
@@ -109,6 +109,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -123,6 +132,20 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   BlockStorage:
@@ -130,6 +153,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image:
         {get_param: BlockStorageImage}
@@ -356,7 +380,11 @@ resources:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
       server: {get_resource: BlockStorage}
-      actions: {get_param: NetworkDeploymentActions}
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
 
   BlockStorageUpgradeInitConfig:
     type: OS::Heat::SoftwareConfig
@@ -379,6 +407,11 @@ resources:
       name: BlockStorageUpgradeInitDeployment
       server: {get_resource: BlockStorage}
       config: {get_resource: BlockStorageUpgradeInitConfig}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   BlockStorageDeployment:
     type: OS::Heat::StructuredDeployment
@@ -389,6 +422,11 @@ resources:
       config: {get_resource: BlockStorageConfig}
       input_values:
         enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   # Map heat metadata into hiera datafiles
   BlockStorageConfig:
@@ -399,6 +437,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - volume_extraconfig
           - extraconfig
           - service_names
@@ -456,6 +495,11 @@ resources:
       input_values:
         update_identifier:
           get_param: UpdateIdentifier
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   SshHostPubKey:
     type: OS::TripleO::Ssh::HostPubKey
@@ -545,6 +589,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the block storage server
     value:
       {get_resource: BlockStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index 075f42b..9d30ab2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack ceph storage node configured by Puppet'
 parameters:
   OvercloudCephStorageFlavor:
@@ -115,6 +115,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -129,6 +138,20 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   CephStorage:
@@ -136,6 +159,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: CephStorageImage}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -362,7 +386,11 @@ resources:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
       server: {get_resource: CephStorage}
-      actions: {get_param: NetworkDeploymentActions}
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
 
   CephStorageUpgradeInitConfig:
     type: OS::Heat::SoftwareConfig
@@ -385,6 +413,11 @@ resources:
       name: CephStorageUpgradeInitDeployment
       server: {get_resource: CephStorage}
       config: {get_resource: CephStorageUpgradeInitConfig}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   CephStorageDeployment:
     type: OS::Heat::StructuredDeployment
@@ -395,6 +428,11 @@ resources:
       server: {get_resource: CephStorage}
       input_values:
         enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   CephStorageConfig:
     type: OS::Heat::StructuredConfig
@@ -404,6 +442,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - ceph_extraconfig
           - extraconfig
           - service_names
@@ -467,6 +506,11 @@ resources:
       input_values:
         update_identifier:
           get_param: UpdateIdentifier
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   SshHostPubKey:
     type: OS::TripleO::Ssh::HostPubKey
@@ -556,6 +600,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the ceph storage server
     value:
       {get_resource: CephStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index 351b382..06a31ec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack hypervisor node configured via Puppet.
@@ -127,6 +127,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -141,6 +150,20 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
 
@@ -149,6 +172,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: NovaImage}
       image_update_policy:
@@ -374,9 +398,13 @@ resources:
     depends_on: PreNetworkConfig
     properties:
       name: NetworkDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
       config: {get_resource: NetworkConfig}
       server: {get_resource: NovaCompute}
-      actions: {get_param: NetworkDeploymentActions}
       input_values:
         bridge_name: {get_param: NeutronPhysicalBridge}
         interface_name: {get_param: NeutronPublicInterface}
@@ -400,6 +428,11 @@ resources:
     depends_on: NetworkDeployment
     properties:
       name: NovaComputeUpgradeInitDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       server: {get_resource: NovaCompute}
       config: {get_resource: NovaComputeUpgradeInitConfig}
 
@@ -411,6 +444,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - compute_extraconfig
           - extraconfig
           - service_names
@@ -451,6 +485,11 @@ resources:
     depends_on: NovaComputeUpgradeInitDeployment
     properties:
       name: NovaComputeDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       config: {get_resource: NovaComputeConfig}
       server: {get_resource: NovaCompute}
       input_values:
@@ -486,6 +525,11 @@ resources:
     depends_on: NetworkDeployment
     properties:
       name: UpdateDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       config: {get_resource: UpdateConfig}
       server: {get_resource: NovaCompute}
       input_values:
@@ -599,4 +643,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
   nova_server_resource:
     description: Heat resource handle for the Nova compute server
     value:
-      {get_resource: NovaCompute}
\ No newline at end of file
+      {get_resource: NovaCompute}
+    condition: server_not_blacklisted
index cdbc76f..832656b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   A software config which runs puppet on the {{role}} role
index 92eb70a..cccfdef 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack controller node configured by Puppet.
@@ -141,6 +141,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -155,6 +164,13 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
 
 parameter_groups:
 - label: deprecated
@@ -162,6 +178,14 @@ parameter_groups:
   parameters:
   - controllerExtraConfig
 
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
+
+
 resources:
 
   Controller:
@@ -169,6 +193,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: controllerImage}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -395,7 +420,11 @@ resources:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
       server: {get_resource: Controller}
-      actions: {get_param: NetworkDeploymentActions}
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
       input_values:
         bridge_name: br-ex
         interface_name: {get_param: NeutronPublicInterface}
@@ -434,6 +463,11 @@ resources:
     depends_on: NetworkDeployment
     properties:
       name: ControllerUpgradeInitDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       server: {get_resource: Controller}
       config: {get_resource: ControllerUpgradeInitConfig}
 
@@ -442,6 +476,11 @@ resources:
     depends_on: ControllerUpgradeInitDeployment
     properties:
       name: ControllerDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       config: {get_resource: ControllerConfig}
       server: {get_resource: Controller}
       input_values:
@@ -458,6 +497,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - controller_extraconfig
           - extraconfig
           - service_configs
@@ -525,6 +565,11 @@ resources:
     depends_on: NetworkDeployment
     properties:
       name: UpdateDeployment
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
       config: {get_resource: UpdateConfig}
       server: {get_resource: Controller}
       input_values:
@@ -639,6 +684,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the Nova compute server
     value:
       {get_resource: Controller}
+    condition: server_not_blacklisted
   tls_key_modulus_md5:
     description: MD5 checksum of the TLS Key Modulus
     value: {get_attr: [NodeTLSData, key_modulus_md5]}
index 5e89405..3a7a73c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to install deployment artifacts (tarball's and/or
index b6d1239..e1c464b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for all MidoNet nodes
 
index b05fa63..313c126 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Network Cisco configuration
 
index e3f4cce..93408dd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Big Switch agents on compute node
 
index 1d16e90..ea2fd71 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Nuage configuration on the Compute
 
index d3d546d..69cd703 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Extra Pre-Deployment Config, multiple'
 parameters:
   server:
index e7d0b83..71a915d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Neutron Big Switch configuration
 
index 5da07f8..f14e13f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Noop Extra Pre-Deployment Config'
 parameters:
   server:
index 65113f6..7fb67d8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata overrides for specific nodes
 
index 04b5ccf..11f2769 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will inject the trusted anchor.
index 7ce1506..9c6a402 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Enroll nodes to FreeIPA
 
index 2a61afc..8cba435 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will build the TLS Certificates necessary
index 4fdc491..b44095b 100644 (file)
@@ -2,7 +2,7 @@
 {% set batch_upgrade_steps_max = 3 -%}
 {% set upgrade_steps_max = 6 -%}
 {% set deliver_script = {'deliver': False} -%}
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Upgrade steps for all roles'
 
 parameters:
@@ -44,24 +44,6 @@ resources:
         - ''
         - - "#!/bin/bash\n\n"
           - "set -eu\n\n"
-          - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement username placement\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement project_name service\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement os_interface internal\n\n"
-          - str_replace:
-              template: |
-                crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
-                crudini --set /etc/nova/nova.conf placement os_region_name 'REGION_NAME'
-                crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'
-              params:
-                SERVICE_PASSWORD: { get_param: NovaPassword }
-                REGION_NAME: { get_param: KeystoneRegion }
-                AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
-          - "  systemctl restart openstack-nova-compute\n\n"
-          - "fi\n\n"
           - str_replace:
               template: |
                 ROLE='ROLE_NAME'
index fb60d2b..19ea1b6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack swift storage node configured by Puppet'
 parameters:
   OvercloudSwiftStorageFlavor:
@@ -109,6 +109,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -123,6 +132,20 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
 
@@ -131,6 +154,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: SwiftStorageImage}
       flavor: {get_param: OvercloudSwiftStorageFlavor}
@@ -356,7 +380,12 @@ resources:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
       server: {get_resource: SwiftStorage}
-      actions: {get_param: NetworkDeploymentActions}
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
+
 
   SwiftStorageUpgradeInitConfig:
     type: OS::Heat::SoftwareConfig
@@ -379,6 +408,11 @@ resources:
       name: SwiftStorageUpgradeInitDeployment
       server: {get_resource: SwiftStorage}
       config: {get_resource: SwiftStorageUpgradeInitConfig}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   SwiftStorageHieraConfig:
     type: OS::Heat::StructuredConfig
@@ -388,6 +422,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - object_extraconfig
           - extraconfig
           - service_names
@@ -426,6 +461,11 @@ resources:
       config: {get_resource: SwiftStorageHieraConfig}
       input_values:
         enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   # Resource for site-specific injection of root certificate
   NodeTLSCAData:
@@ -454,6 +494,11 @@ resources:
       input_values:
         update_identifier:
           get_param: UpdateIdentifier
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   SshHostPubKey:
     type: OS::TripleO::Ssh::HostPubKey
@@ -543,6 +588,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the swift storage server
     value:
       {get_resource: SwiftStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index b84039d..c51b6e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-upgrade configuration steps via puppet for all roles
index 2120277..3a15cec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-deploy configuration steps via puppet for all roles,
index 960f0d5..7af90e2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack {{role}} node configured by Puppet'
 parameters:
   Overcloud{{role}}Flavor:
@@ -125,6 +125,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   LoggingSources:
     type: json
     default: []
@@ -145,6 +154,20 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   {{role}}:
@@ -152,6 +175,7 @@ resources:
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: {{role}}Image}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -382,6 +406,11 @@ resources:
       input_values:
         bridge_name: br-ex
         interface_name: {get_param: NeutronPublicInterface}
+      actions:
+        if:
+          - server_not_blacklisted
+          - {get_param: NetworkDeploymentActions}
+          - []
 
   {{role}}UpgradeInitConfig:
     type: OS::Heat::SoftwareConfig
@@ -404,6 +433,11 @@ resources:
       name: {{role}}UpgradeInitDeployment
       server: {get_resource: {{role}}}
       config: {get_resource: {{role}}UpgradeInitConfig}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   {{role}}Deployment:
     type: OS::Heat::StructuredDeployment
@@ -414,6 +448,11 @@ resources:
       server: {get_resource: {{role}}}
       input_values:
         enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   {{role}}Config:
     type: OS::Heat::StructuredConfig
@@ -423,6 +462,7 @@ resources:
         hierarchy:
           - '"%{::uuid}"'
           - heat_config_%{::deploy_config_name}
+          - config_step
           - {{role.lower()}}_extraconfig
           - extraconfig
           - service_names
@@ -489,6 +529,11 @@ resources:
       input_values:
         update_identifier:
           get_param: UpdateIdentifier
+      actions:
+        if:
+          - server_not_blacklisted
+          - ['CREATE', 'UPDATE']
+          - []
 
   SshHostPubKey:
     type: OS::TripleO::Ssh::HostPubKey
@@ -578,6 +623,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for {{role}} server
     value:
       {get_resource: {{role}}}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index 23df7d2..561b48c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh API service configured with Puppet
index 331fe9a..0563d08 100644 (file)
@@ -56,11 +56,18 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  AodhDebug:
+    default: ''
+    description: Set to True to enable debugging Aodh services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Aodh role.
@@ -78,7 +85,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        aodh::debug: {get_param: Debug}
+        aodh::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: AodhDebug }
         aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::rabbit_userid: {get_param: RabbitUserName}
         aodh::rabbit_password: {get_param: RabbitPassword}
index 509ae76..669c11d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Evaluator service configured with Puppet
index 336a9a3..17710ec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Listener service configured with Puppet
index e3db105..2eed1b7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Notifier service configured with Puppet
index f302106..23fcab9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Apache service configured with Puppet. Note this is typically included
@@ -38,6 +38,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 conditions:
 
@@ -88,6 +93,7 @@ outputs:
             - internal_tls_enabled
             -
               generate_service_certificates: true
+              apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
               tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
               tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
               apache_certificates_specs:
index 989ad7a..3eff534 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   AuditD configured with Puppet
index 53fba63..5133124 100644 (file)
@@ -38,6 +38,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  BarbicanDebug:
+    default: ''
+    description: Set to True to enable debugging Barbican service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -81,6 +85,9 @@ resources:
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
 
+conditions:
+  service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Barbican API role.
@@ -97,7 +104,11 @@ outputs:
             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
             barbican::api::db_auto_create: false
             barbican::api::enabled_certificate_plugins: ['simple_certificate']
-            barbican::api::logging::debug: {get_param: Debug}
+            barbican::api::logging::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: BarbicanDebug }
             barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
             barbican::api::rabbit_userid: {get_param: RabbitUserName}
             barbican::api::rabbit_password: {get_param: RabbitPassword}
index 144d9d9..6249c1a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service configured with Puppet
index 50608d5..2dbaf55 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Central Agent service configured with Puppet
index 002851c..c453a43 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Compute Agent service configured with Puppet
index 0f6390d..7dd1e78 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Ipmi Agent service configured with Puppet
index 174aff7..6e89356 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Notification Agent service configured with Puppet
index 2df0e44..74b0c3d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer API service configured with Puppet
index e60eb42..1d86369 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer service configured with Puppet
@@ -64,6 +64,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  CeilometerDebug:
+    default: ''
+    description: Set to True to enable debugging Ceilometer services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -100,13 +104,20 @@ parameters:
     type: string
     hidden: true
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Ceilometer role.
     value:
       service_name: ceilometer_base
       config_settings:
-        ceilometer::debug: {get_param: Debug}
+        ceilometer::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CeilometerDebug }
         ceilometer::keystone::authtoken::project_name: 'service'
         ceilometer::keystone::authtoken::user_domain_name: 'Default'
         ceilometer::keystone::authtoken::project_domain_name: 'Default'
index 529b84f..775e921 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Expirer service configured with Puppet
index e458855..e12c55e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph base service. Shared by all Ceph services.
@@ -99,7 +99,6 @@ outputs:
       service_name: ceph_base
       config_settings:
         tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
-        ceph::profile::params::osd_pool_default_min_size: 1
         ceph::profile::params::osds: {/srv/data: {}}
         ceph::profile::params::manage_repo: false
         ceph::profile::params::authentication_type: cephx
index 66c7a36..ec34fca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph Client service.
index 3d64cf4..599532c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph External service.
index 0236087..270d3a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph MDS service.
index 45fca89..2855230 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph Monitor service.
@@ -78,6 +78,10 @@ parameters:
   MonitoringSubscriptionCephMon:
     default: 'overcloud-ceph-mon'
     type: string
+  CephPoolDefaultSize:
+    description: default minimum replication for RBD copies
+    type: number
+    default: 3
 
 resources:
   CephBase:
@@ -102,7 +106,7 @@ outputs:
             ceph::profile::params::mon_key: {get_param: CephMonKey}
             ceph::profile::params::osd_pool_default_pg_num: 32
             ceph::profile::params::osd_pool_default_pgp_num: 32
-            ceph::profile::params::osd_pool_default_size: 3
+            ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize}
             # repeat returns items in a list, so we need to map_merge twice
             tripleo::profile::base::ceph::mon::ceph_pools:
               map_merge:
index 64c1c73..24b2886 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph OSD service.
index 3ed158b..ad91b4e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph RadosGW service.
index d04b587..6ad451a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Requests certificates using certmonger through Puppet
index 3e6d880..036209f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder API service configured with Puppet
index 50c9bef..d038253 100644 (file)
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC PS Series backend
index b5b0e00..a201134 100644 (file)
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC Storage Center backend
@@ -49,6 +49,18 @@ parameters:
   CinderDellScVolumeFolder:
     type: string
     default: 'dellsc_volume'
+  CinderDellScSecondarySanIp:
+    type: string
+    default: ''
+  CinderDellScSecondarySanLogin:
+    type: string
+    default: 'Admin'
+  CinderDellScSecondarySanPassword:
+    type: string
+    hidden: true
+  CinderDellScSecondaryScApiPort:
+    type: number
+    default: 3033
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -89,5 +101,9 @@ outputs:
                 cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort}
                 cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder}
                 cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder}
+                cinder::backend::dellsc_iscsi::secondary_san_ip: {get_param: CinderDellScSecondarySanIp}
+                cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin}
+                cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword}
+                cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort}
       step_config: |
         include ::tripleo::profile::base::cinder::volume
index cc44d42..bddc8e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Openstack Cinder Netapp backend
 
index 853d273..576896a 100644 (file)
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Pure Storage FlashArray backend
index fa22fae..832cc09 100644 (file)
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC ScaleIO backend
index 4417781..629a0f5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Backup service configured with Puppet
index 2ba5aa5..f7dfe5e 100644 (file)
@@ -12,6 +12,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  CinderDebug:
+    default: ''
+    description: Set to True to enable debugging on Cinder services.
+    type: string
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -93,6 +97,9 @@ parameters:
         Cron to move deleted instances to another table - Log destination
     default: '/var/log/cinder/cinder-rowsflush.log'
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CinderDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Cinder base service.
@@ -109,7 +116,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        cinder::debug: {get_param: Debug}
+        cinder::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CinderDebug }
         cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         cinder::rabbit_userid: {get_param: RabbitUserName}
         cinder::rabbit_password: {get_param: RabbitPassword}
index c4b79bb..3ea0fd8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure Cinder HPELeftHandISCSIDriver
index c74f0a1..806f9bb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Scheduler service configured with Puppet
index 7de4b7b..fe95222 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Volume service configured with Puppet
index 8fbcd99..5bca94d 100644 (file)
@@ -33,6 +33,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  CongressDebug:
+    default: ''
+    description: Set to True to enable debugging Glance service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -62,6 +66,9 @@ parameters:
     default: {}
     type: json
 
+conditions:
+  service_debug_unset: {equals : [{get_param: CongressDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Congress role.
@@ -79,7 +86,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        congress::debug: {get_param: Debug}
+        congress::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: CongressDebug }
         congress::rpc_backend: rabbit
         congress::rabbit_userid: {get_param: RabbitUserName}
         congress::rabbit_password: {get_param: RabbitPassword}
index 0d3a9ea..b5fced4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configuration details for MongoDB service using composable roles
index 72a37c6..968d435 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MongoDb service deployment using puppet
@@ -40,6 +40,13 @@ parameters:
       format: >-
         /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
         (?<message>.*)$/
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
   MongoDbBase:
@@ -79,6 +86,28 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+          -
+            if:
+              - internal_tls_enabled
+              -
+                generate_service_certificates: true
+                mongodb::server::ssl: true
+                mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb_certificate_specs:
+                  service_pem: '/etc/pki/tls/certs/mongodb.pem'
+                  service_certificate: '/etc/pki/tls/certs/mongodb.crt'
+                  service_key: '/etc/pki/tls/private/mongodb.key'
+                  hostname:
+                    str_replace:
+                      template: "%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+                  principal:
+                    str_replace:
+                      template: "mongodb/%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+              - {}
       step_config: |
         include ::tripleo::profile::base::database::mongodb
       upgrade_tasks:
@@ -88,3 +117,11 @@ outputs:
         - name: Start mongodb service
           tags: step4
           service: name=mongod state=started
+      metadata_settings:
+        if:
+          - internal_tls_enabled
+          -
+            - service: mongodb
+              network: {get_param: [ServiceNetMap, MongodbNetwork]}
+              type: node
+          - null
index 4b0201f..19d732d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Mysql client settings
index 0b6797c..2bde903 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL service deployment using puppet
index fff817e..89fa806 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
index 9c7144c..df406a8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
@@ -31,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Ceilometer Collector role.
     value:
-      service_name: ceilometer_collector
+      service_name: ceilometer_collector_disabled
       upgrade_tasks:
         - name: Stop and disable ceilometer_collector service on upgrade
           tags: step1
@@ -29,10 +29,10 @@ parameters:
 
 outputs:
   role_data:
-    description: Role data for the disabled Ceilometer Expirer role.
+    description: Role data for the disabling Ceilometer Expirer role.
     value:
-      service_name: ceilometer_expirer
+      service_name: ceilometer_expirer_disabled
       upgrade_tasks:
-        - name: Stop and disable ceilometer_expirer service on upgrade
+        - name: Remove ceilometer expirer cron tab on upgrade
           tags: step1
-          service: name=openstack-ceilometer-expirer state=stopped enabled=no
+          shell: '/usr/bin/crontab -u ceilometer -r'
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Glance Registry service, disabled since ocata
@@ -31,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Glance Registry role.
     value:
-      service_name: glance_registry
+      service_name: glance_registry_disabled
       upgrade_tasks:
         - name: Stop and disable glance_registry service on upgrade
           tags: step1
diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml
new file mode 100644 (file)
index 0000000..fa3fe9a
--- /dev/null
@@ -0,0 +1,38 @@
+heat_template_version: pike
+
+description: >
+  Mongodb service, disabled by default since pike
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the disabled MongoDB role.
+    value:
+      service_name: mongodb_disabled
+      upgrade_tasks:
+        - name: Stop and disable mongodb service on upgrade
+          tags: step1
+          service: name=mongod state=stopped enabled=no
index 9eaa5c9..2be2112 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configures docker on the host
index 9e9638d..2e87764 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Etcd service configured with Puppet
index de97dd9..206536d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External Swift Proxy endpoint configured with Puppet
index 2815174..7812c8e 100644 (file)
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  GlanceDebug:
+    default: ''
+    description: Set to True to enable debugging Glance service.
+    type: string
   GlancePassword:
     description: The password for the glance service and db account, used by the glance services.
     type: string
@@ -59,10 +63,6 @@ parameters:
   CephClientUserName:
     default: openstack
     type: string
-  Debug:
-    default: ''
-    description: Set to True to enable debugging on all services.
-    type: string
   GlanceNotifierStrategy:
     description: Strategy to use for Glance notification queue
     type: string
@@ -128,6 +128,7 @@ parameters:
 conditions:
   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
   glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
+  service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
 
 resources:
 
@@ -170,7 +171,11 @@ outputs:
             glance::api::enable_v2_api: true
             glance::api::authtoken::password: {get_param: GlancePassword}
             glance::api::enable_proxy_headers_parsing: true
-            glance::api::debug: {get_param: Debug}
+            glance::api::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: GlanceDebug }
             glance::policy::policies: {get_param: GlanceApiPolicies}
             tripleo.glance_api.firewall_rules:
               '112 glance_api':
index dfa337d..2411d42 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
index d62c349..e6a172a 100644 (file)
@@ -31,9 +31,13 @@ parameters:
     description: The short name of the Gnocchi indexer backend to use.
     type: string
   MetricProcessingDelay:
-    default: 60
+    default: 30
     description: Delay between processing metrics.
     type: number
+  NumberOfStorageSacks:
+    default: '128'
+    description: Number of storage sacks to create.
+    type: string
   GnocchiPassword:
     description: The password for the gnocchi service and db account.
     type: string
@@ -52,6 +56,13 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  GnocchiDebug:
+    default: ''
+    description: Set to True to enable debugging Gnocchi services.
+    type: string
+
+conditions:
+  service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']}
 
 outputs:
   aux_parameters:
@@ -65,7 +76,11 @@ outputs:
       config_settings:
         #Gnocchi engine
         gnocchi_redis_password: {get_param: RedisPassword}
-        gnocchi::debug: {get_param: Debug}
+        gnocchi::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: GnocchiDebug }
         gnocchi::db::database_connection:
           make_url:
             scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
@@ -76,7 +91,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        gnocchi::db::sync::extra_opts: '--skip-storage'
+        gnocchi::db::sync::extra_opts:
+          list_join:
+          - ' '
+          - - '--num-storage-sacks'
+            - {get_param: NumberOfStorageSacks}
         gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
         gnocchi::storage::swift::swift_user: 'service:gnocchi'
         gnocchi::storage::swift::swift_auth_version: 3
index 626d37e..5ada99f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
index 5a4a283..5ba1dfc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
index ad3a528..1866bb9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAProxy deployment with TLS enabled, powered by certmonger
index f9d04eb..7ebacdb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAProxy deployment with TLS enabled, powered by certmonger
index bdb5445..92d73cf 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat CloudFormation API service configured with Puppet
index af32d3d..a740d20 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat CloudWatch API service configured with Puppet
index 46ab300..ced7f0c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat API service configured with Puppet
index 314f609..d89fe46 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat base service. Shared for all Heat services.
@@ -8,6 +8,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  HeatDebug:
+    default: ''
+    description: Set to True to enable debugging Heat services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -112,6 +116,9 @@ parameters:
     description: Maximum raw byte size of the Heat API JSON request body.
     type: number
 
+conditions:
+  service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
+
 outputs:
   role_data:
     description: Shared role data for the Heat services.
@@ -122,7 +129,11 @@ outputs:
         heat::rabbit_password: {get_param: RabbitPassword}
         heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         heat::rabbit_port: {get_param: RabbitClientPort}
-        heat::debug: {get_param: Debug}
+        heat::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: HeatDebug }
         heat::enable_proxy_headers_parsing: true
         heat::rpc_response_timeout: 600
         # We need this because the default heat policy.json no longer works on TripleO
index 59cdae5..93bced8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Horizon service configured with Puppet
@@ -14,6 +14,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  HorizonDebug:
+    default: false
+    description: Set to True to enable debugging Horizon service.
+    type: string
   DefaultPasswords:
     default: {}
     type: json
@@ -62,7 +66,7 @@ parameters:
 
 conditions:
 
-  debug_empty: {equals : [{get_param: Debug}, '']}
+  debug_unset: {equals : [{get_param: Debug}, '']}
 
 outputs:
   role_data:
@@ -104,9 +108,9 @@ outputs:
           memcached_ipv6: {get_param: MemcachedIPv6}
         -
           if:
-          - debug_empty
-          - {}
-          - horizon::django_debug: {get_param: Debug}
+          - debug_unset
+          - horizon::django_debug: { get_param: HorizonDebug }
+          - horizon::django_debug: { get_param: Debug }
       step_config: |
         include ::tripleo::profile::base::horizon
       # Ansible tasks to handle upgrade
@@ -126,3 +130,10 @@ outputs:
           tags: step1
           when: httpd_enabled.rc == 0
           service: name=httpd state=stopped
+      service_config_settings:
+        haproxy:
+          tripleo.horizon.firewall_rules:
+            '127 horizon':
+              dport:
+                - 80
+                - 443
index 5ae52db..945033a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ironic API configured with Puppet
index da48516..41d6ced 100644 (file)
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  IronicDebug:
+    default: ''
+    description: Set to True to enable debugging Ironic services.
+    type: string
   IronicPassword:
     description: The password for the Ironic service and db account, used by the Ironic services
     type: string
@@ -53,6 +57,9 @@ parameters:
         an SSL connection to the RabbitMQ host.
     type: string
 
+conditions:
+  service_debug_unset: {equals : [{get_param: IronicDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Ironic role.
@@ -69,7 +76,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        ironic::debug: {get_param: Debug}
+        ironic::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: IronicDebug }
         ironic::rabbit_userid: {get_param: RabbitUserName}
         ironic::rabbit_password: {get_param: RabbitPassword}
         ironic::rabbit_port: {get_param: RabbitClientPort}
index 7ec8452..b167671 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ironic conductor configured with Puppet
@@ -61,9 +61,19 @@ parameters:
     description: Enabled Ironic drivers
     type: comma_delimited_list
   IronicEnabledHardwareTypes:
-    default: ['ipmi']
+    default: ['ipmi', 'redfish']
     description: Enabled Ironic hardware types
     type: comma_delimited_list
+  IronicEnabledManagementInterfaces:
+    default: ['ipmitool', 'redfish']
+    description: Enabled management interface implementations. Each hardware
+                 type must have at least one valid implementation enabled.
+    type: comma_delimited_list
+  IronicEnabledPowerInterfaces:
+    default: ['ipmitool', 'redfish']
+    description: Enabled power interface implementations. Each hardware
+                 type must have at least one valid implementation enabled.
+    type: comma_delimited_list
   IronicIPXEEnabled:
     default: true
     description: Whether to use iPXE instead of PXE for deployment.
@@ -136,7 +146,9 @@ outputs:
             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
             ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
+            ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
+            ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
             tripleo.ironic_conductor.firewall_rules:
               '134 ironic conductor TFTP':
index cbdc9d3..44e6b24 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Keepalived service configured with Puppet
index 8121454..c142b47 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Load kernel modules with kmod and configure kernel options with sysctl.
@@ -77,6 +77,8 @@ outputs:
             value: 0
           net.ipv4.conf.all.send_redirects:
             value: 0
+          net.ipv4.conf.all.arp_accept:
+            value: 1
           net.ipv4.conf.default.accept_redirects:
             value: 0
           net.ipv4.conf.default.secure_redirects:
index 7262e47..f3a9cbc 100644 (file)
@@ -63,6 +63,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  KeystoneDebug:
+    default: ''
+    description: Set to True to enable debugging Keystone service.
+    type: string
   AdminEmail:
     default: 'admin@example.com'
     description: The email for the keystone admin account.
@@ -198,6 +202,7 @@ resources:
 conditions:
   keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
   keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
+  service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
 
 outputs:
   role_data:
@@ -242,7 +247,11 @@ outputs:
               '/etc/keystone/fernet-keys/1':
                 content: {get_param: KeystoneFernetKey1}
             keystone::fernet_replace_keys: false
-            keystone::debug: {get_param: Debug}
+            keystone::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: KeystoneDebug }
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
             keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
index 7210966..21049a9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd base service
 
index 931646e..e34f31f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd client configured with Puppet
 
index 3bc90ac..9ade641 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd logging configuration
 
index 0b656d8..2710d78 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-api service configured with Puppet
index 060762f..f4c7a07 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila Cephfs backend
index 032aa1b..7be9239 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila generic backend.
index b865e3d..b106848 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila netapp backend.
index a299fff..d0ee212 100644 (file)
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  ManilaDebug:
+    default: ''
+    description: Set to True to enable debugging Manila services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -53,6 +57,9 @@ parameters:
     type: string
     hidden: true
 
+conditions:
+  service_debug_unset: {equals : [{get_param: ManilaDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Manila Base service.
@@ -63,7 +70,11 @@ outputs:
         manila::rabbit_password: {get_param: RabbitPassword}
         manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         manila::rabbit_port: {get_param: RabbitClientPort}
-        manila::debug: {get_param: Debug}
+        manila::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: ManilaDebug }
         manila::db::database_db_max_retries: -1
         manila::db::database_max_retries: -1
         manila::sql_connection:
index 9ce90f0..b3d1ffa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-scheduler service configured with Puppet
index dbfe597..50d7f7c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-share service configured with Puppet
index 8c1e4cf..5b98e02 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Memcached service configured with Puppet
index 26dbd4c..da77ef0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Collectd client service
 
index f4ec227..b865ec1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral API service configured with Puppet
@@ -36,8 +36,21 @@ parameters:
       e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
     default: {}
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
 
 resources:
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
   MistralBase:
     type: ./mistral-base.yaml
     properties:
@@ -57,12 +70,25 @@ outputs:
           - get_attr: [MistralBase, role_data, config_settings]
           - mistral::api::api_workers: {get_param: MistralWorkers}
             mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+            mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             mistral::policy::policies: {get_param: MistralApiPolicies}
             tripleo.mistral_api.firewall_rules:
               '133 mistral':
                 dport:
                   - 8989
                   - 13989
+            mistral::api::service_name: 'httpd'
+            mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+            mistral::wsgi::apache::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
+          - if:
+            - mistral_workers_zero
+            - {}
+            - mistral::wsgi::apache::workers: {get_param: MistralWorkers}
       service_config_settings:
         get_attr: [MistralBase, role_data, service_config_settings]
       step_config: |
@@ -79,10 +105,16 @@ outputs:
             grep '\bactive\b'
           when: mistral_api_enabled.rc == 0
           tags: step0,validation
-        - name: Stop mistral_api service
+        - name: check for mistral_api running under apache (post upgrade)
+          tags: step1
+          shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi"
+          register: mistral_api_apache
+          ignore_errors: true
+        - name: Stop mistral_api service (running under httpd)
           tags: step1
-          service: name=openstack-mistral-api state=stopped
-        - name: Install openstack-mistral-api package if it was disabled
-          tags: step3
-          yum: name=openstack-mistral-api state=latest
-          when: mistral_api_enabled.rc != 0
+          service: name=httpd state=stopped
+          when: mistral_api_apache.rc == 0
+        - name: Stop and disable mistral_api service (pre-upgrade not under httpd)
+          tags: step1
+          when: mistral_api_enabled.rc == 0
+          service: name=openstack-mistral-api state=stopped enabled=no
index 2e70865..8b3655d 100644 (file)
@@ -31,6 +31,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  MistralDebug:
+    default: ''
+    description: Set to True to enable debugging Mistral services.
+    type: string
   RabbitPassword:
     description: The password for RabbitMQ
     type: string
@@ -58,6 +62,9 @@ parameters:
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
+
 outputs:
   role_data:
     description: Shared role data for the Mistral services.
@@ -78,7 +85,11 @@ outputs:
         mistral::rabbit_password: {get_param: RabbitPassword}
         mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         mistral::rabbit_port: {get_param: RabbitClientPort}
-        mistral::debug: {get_param: Debug}
+        mistral::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: MistralDebug }
         mistral::keystone_password: {get_param: MistralPassword}
         mistral::keystone_tenant: 'service'
         mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
index 7513afa..6a0fed1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral Engine service configured with Puppet
index 1935d40..57f29dd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral API service configured with Puppet
index 961ff3b..5e7e994 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Sensu base service
 
index cebf647..25e2b94 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Sensu client configured with Puppet
 
index e806640..9b78437 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Analytics Database service deployment using puppet, this YAML file
index 02d2fd4..f85ba7c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Analytics service deployment using puppet, this YAML file
index 68def62..bdcdbb8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Base parameters for all Contrail Services.
index 03f9a55..feda585 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Config service deployment using puppet, this YAML file
index a233bc4..f110854 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Control service deployment using puppet, this YAML file
index 826b85e..5ce25a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Database service deployment using puppet, this YAML file
index c19be1d..da86714 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Heat plugin adds Contrail specific heat resources enabling heat
index 8fc4928..0c5e2a8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Opencontrail plugin
index 259def3..8918f6d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Provision Contrail services after deployment
index 6718335..9d48e0e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail TSN Service
index 47934a2..f03ed9c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute OpenContrail plugin
index 5ef5244..f723e6a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail WebUI service deployment using puppet, this YAML file
index b4a21a3..8e1e0b8 100644 (file)
@@ -166,6 +166,7 @@ outputs:
                   - 9696
                   - 13696
             neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+            neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
index 764d548..3c7518b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron base service. Shared for all Neutron agents.
@@ -50,6 +50,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  NeutronDebug:
+    default: ''
+    description: Set to True to enable debugging Neutron services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -90,6 +94,7 @@ parameters:
 
 conditions:
   dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
+  service_debug_unset: {equals : [{get_param: NeutronDebug}, '']}
 
 outputs:
   role_data:
@@ -104,7 +109,11 @@ outputs:
             neutron::rabbit_port: {get_param: RabbitClientPort}
             neutron::core_plugin: {get_param: NeutronCorePlugin}
             neutron::service_plugins: {get_param: NeutronServicePlugins}
-            neutron::debug: {get_param: Debug}
+            neutron::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: NeutronDebug }
             neutron::purge_config: {get_param: EnableConfigPurge}
             neutron::allow_overlapping_ips: true
             neutron::dns_domain: {get_param: NeutronDnsDomain}
index 606e5b2..a70337d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   BGPVPN API service configured with Puppet
index 7e42a01..3faf788 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Installs bigswitch agent and enables the services
index f689088..75b0304 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Midonet plugin
index 4fcc49a..a165725 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Nuage plugin
index 3aefe37..b5ce790 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute OVN agent
index 2d5bfc7..08cecf6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Plumgrid plugin
index b8c307a..91582db 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron DHCP agent configured with Puppet
diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml
new file mode 100644 (file)
index 0000000..39c443f
--- /dev/null
@@ -0,0 +1,106 @@
+heat_template_version: pike
+
+description: >
+  L2 Gateway agent configured with Puppet
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  L2gwAgentOvsdbHosts:
+    default: ''
+    description: L2 gateway agent OVSDB server list.
+    type: comma_delimited_list
+  L2gwAgentEnableManager:
+    default: false
+    description: Connection can be initiated by the ovsdb server.
+    type: boolean
+  L2gwAgentManagerTableListeningPort:
+    default: 6632
+    description: port number for L2 gateway agent, so that it can listen
+    type: number
+  L2gwAgentPeriodicInterval:
+    default: 20
+    description: The L2 gateway agent checks connection state with the OVSDB
+                 servers. The interval is number of seconds between attempts.
+    type: number
+  L2gwAgentMaxConnectionRetries:
+    default: 10
+    description: The L2 gateway agent retries to connect to the OVSDB server
+    type: number
+  L2gwAgentSocketTimeout:
+    default: 30
+    description: socket timeout
+    type: number
+  MonitoringSubscriptionNeutronL2gwAgent:
+    default: 'overcloud-neutron-l2gw-agent'
+    type: string
+  NeutronL2gwAgentLoggingSource:
+    type: json
+    default:
+      tag: openstack.neutron.agent.l2gw
+      path: /var/log/neutron/l2gw-agent.log
+
+conditions:
+  internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]}
+
+outputs:
+  role_data:
+    description: Role data for the L2 Gateway role.
+    value:
+      service_name: neutron_l2gw_agent
+      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent}
+      logging_source: {get_param: NeutronL2gwAgentLoggingSource}
+      logging_groups:
+        - neutron
+      config_settings:
+        map_merge:
+          - neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts}
+            neutron::agents::l2gw::enable_manager: {get_param: L2gwAgentEnableManager}
+            neutron::agents::l2gw::manager_table_listening_port: {get_param: L2gwAgentManagerTableListeningPort}
+            neutron::agents::l2gw::periodic_interval: {get_param: L2gwAgentPeriodicInterval}
+            neutron::agents::l2gw::max_connection_retries: {get_param: L2gwAgentMaxConnectionRetries}
+            neutron::agents::l2gw::socket_timeout: {get_param: L2gwAgentSocketTimeout}
+          -
+            if:
+              - internal_manager_enabled
+              - tripleo.neutron_l2gw_agent.firewall_rules:
+                  '142 neutron l2gw agent input':
+                    proto: 'tcp'
+                    dport: {get_param: L2gwAgentManagerTableListeningPort}
+              - null
+
+      step_config: |
+        include tripleo::profile::base::neutron::agents::l2gw
+      upgrade_tasks:
+        - name: Check if neutron_l2gw_agent is deployed
+          command: systemctl is-enabled neutron-l2gw-agent
+          tags: common
+          ignore_errors: True
+          register: neutron_l2gw_agent_enabled
+        - name: "PreUpgrade step0,validation: Check service neutron-l2gw-agent is running"
+          shell: /usr/bin/systemctl show 'neutron-l2gw-agent' --property ActiveState | grep '\bactive\b'
+          when: neutron_l2gw_agent_enabled.rc == 0
+          tags: step0,validation
+        - name: Stop neutron_l2gw_agent service
+          tags: step1
+          when: neutron_l2gw_agent_enabled.rc == 0
+          service: name=neutron-l2gw-agent state=stopped
index 5e92a2c..1ad009b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   L2 Gateway service plugin configured with Puppet
index f23df43..1a4a4f6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron L3 agent for DVR enabled compute nodes
index f1d3095..0598639 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron L3 agent configured with Puppet
diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml
new file mode 100644 (file)
index 0000000..f432405
--- /dev/null
@@ -0,0 +1,83 @@
+heat_template_version: ocata
+
+description: >
+  OpenStack Neutron Linuxbridge agent configured with Puppet.
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  PhysicalInterfaceMapping:
+    description: List of  <physical_network>:<physical_interface> tuples
+                 mapping physical network names to agent's node-specific
+                 physical network interfaces. Defaults to empty list.
+    type: comma_delimited_list
+    default: ''
+  NeutronLinuxbridgeFirewallDriver:
+    default: ''
+    description: Configure the classname of the firewall driver to  use  for
+                 implementing security groups.  Possible  values  depend  on
+                 system  configuration. The default value of an empty string
+                 will result in a default supported configuration.
+    type: string
+  NeutronEnableL2Pop:
+    type: string
+    description: Enable/disable the L2 population feature in the Neutron agents.
+    default: 'False'
+  NeutronTunnelTypes:
+    default: 'vxlan'
+    description: The tunnel types for the Neutron tenant network.
+    type: comma_delimited_list
+
+conditions:
+  no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
+
+resources:
+
+  NeutronBase:
+    type: ./neutron-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Neutron Linuxbridge agent service.
+    value:
+      service_name: neutron_linuxbridge_agent
+      config_settings:
+        map_merge:
+          - get_attr: [NeutronBase, role_data, config_settings]
+          - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
+            neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
+            neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
+            neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
+            neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
+          -
+            if:
+            - no_firewall_driver
+            - {}
+            - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
+      step_config: |
+        include ::tripleo::profile::base::neutron::linuxbridge
index ec4a3df..593fae4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Metadata agent configured with Puppet
index f79674f..8ace3e5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Midonet plugin and services
index 6900194..76d5c26 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron OVS agent configured with Puppet
index 6dcc59c..29c1046 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
@@ -27,20 +27,23 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   HostCpusList:
+    default: "0"
     description: List of cores to be used for host process
     type: string
     constraints:
-      - allowed_pattern: "'[0-9,-]+'"
+      - allowed_pattern: "[0-9,-]+"
   NeutronDpdkCoreList:
+    default: ""
     description: List of cores to be used for DPDK Poll Mode Driver
     type: string
     constraints:
-      - allowed_pattern: "'[0-9,-]+'"
+      - allowed_pattern: "[0-9,-]*"
   NeutronDpdkMemoryChannels:
+    default: ""
     description: Number of memory channels to be used for DPDK
     type: string
     constraints:
-      - allowed_pattern: "[0-9]+"
+      - allowed_pattern: "[0-9]*"
   NeutronDpdkSocketMemory:
     default: ""
     description: Memory allocated for each socket
@@ -75,6 +78,32 @@ resources:
   OpenVswitchUpgrade:
     type: ./openvswitch-upgrade.yaml
 
+  # Merging role-specific parameters (RoleParameters) with the default parameters.
+  # RoleParameters will have the precedence over the default parameters.
+  RoleParametersValue:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
+        map_replace:
+          - map_replace:
+            - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType
+              neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir
+              vswitch::dpdk::driver_type: NeutronDpdkDriverType
+              vswitch::dpdk::host_core_list: HostCpusList
+              vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList
+              vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels
+              vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory
+            - values: {get_param: [RoleParameters]}
+          - values:
+              NeutronDatapathType: {get_param: NeutronDatapathType}
+              NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
+              NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType}
+              HostCpusList: {get_param: HostCpusList}
+              NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList}
+              NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels}
+              NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory}
+
 outputs:
   role_data:
     description: Role data for the Neutron OVS DPDK Agent service.
@@ -87,13 +116,7 @@ outputs:
             - keys:
                 tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules
           - neutron::agents::ml2::ovs::enable_dpdk: true
-            neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
-            neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
-            vswitch::dpdk::host_core_list: {get_param: HostCpusList}
-            vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList}
-            vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
-            vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
-            vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+          - get_attr: [RoleParametersValue, value]
       step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
       upgrade_tasks:
         get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
index 211e96a..a151695 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure hieradata for Fujitsu C-Fabric plugin configuration
index 6974d5f..c4bf075 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Fujitsu fossw plugin configuration
 
index 88246f9..6424b76 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet
index e9fb5ed..4cda87b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2/OVN plugin configured with Puppet
index a89e740..130f889 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2 Plugin configured with Puppet
index c0b94ce..c4088e6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron NSX
index 490b129..953ffeb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Nuage plugin
index 31eea58..c124d1e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron SR-IOV nic agent configured with Puppet
index edf52b3..cb72f67 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2/VPP agent configured with Puppet
index 345d2bd..835edf0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova API service configured with Puppet
index ea21af8..ea58493 100644 (file)
@@ -68,6 +68,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  NovaDebug:
+    default: ''
+    description: Set to True to enable debugging Nova services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -136,6 +140,7 @@ parameters:
 conditions:
 
   compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']}
+  service_debug_unset: {equals : [{get_param: NovaDebug}, '']}
 
 outputs:
   role_data:
@@ -193,7 +198,11 @@ outputs:
               query:
                 read_default_file: /etc/my.cnf.d/tripleo.cnf
                 read_default_group: tripleo
-          nova::debug: {get_param: Debug}
+          nova::debug:
+            if:
+            - service_debug_unset
+            - {get_param: Debug }
+            - {get_param: NovaDebug }
           nova::purge_config: {get_param: EnableConfigPurge}
           nova::network::neutron::neutron_project_name: 'service'
           nova::network::neutron::neutron_username: 'neutron'
index 35e9be5..e39e997 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Compute service configured with Puppet
@@ -72,7 +72,7 @@ parameters:
     description: >
       Reserved RAM for host processes.
     type: number
-    default: 2048
+    default: 4096
     constraints:
       - range: { min: 512 }
   MonitoringSubscriptionNovaCompute:
index 22ac9f0..30eb127 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Conductor service configured with Puppet
index 8f4ba15..fa1168a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Consoleauth service configured with Puppet
index bba12aa..4f66432 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Compute service configured with Puppet and using Ironic
index f500e35..4e762b5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Libvirt service configured with Puppet
index 3a74796..335b2c2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova API service configured with Puppet
index 68ffc72..86aa079 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Placement API service configured with Puppet
index 41122cc..5da6d43 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Scheduler service configured with Puppet
index 690e152..2db44d6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Vncproxy service configured with Puppet
index 8b83f31..0809b3e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia base service. Shared for all Octavia services
@@ -30,6 +30,10 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  OctaviaDebug:
+    default: ''
+    description: Set to True to enable debugging Octavia services.
+    type: string
   EnableConfigPurge:
     type: boolean
     default: false
@@ -55,13 +59,20 @@ parameters:
     description: Set rabbit subscriber port, change this if using SSL
     type: number
 
+conditions:
+  service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
+
 outputs:
   role_data:
     description: Base role data for Octavia services
     value:
        service_name: octavia_base
        config_settings:
-         octavia::debug: {get_param: Debug}
+         octavia::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: OctaviaDebug }
          octavia::purge_config: {get_param: EnableConfigPurge}
          octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
          octavia::rabbit_userid: {get_param: RabbitUserName}
index c21f14c..853567d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Health Manager service.
index 2d99167..6c556fa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Housekeeping service.
index 87688fb..4feae41 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Worker service.
index 54e49b5..af85f4a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenDaylight SDN Controller.
index 105442b..0d859be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenDaylight OVS Configuration.
index fea1ba9..f6e7846 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openvswitch package special handling for upgrade.
index 58b3d1f..20c38d8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OVN databases configured with puppet
index 9998fcc..1c89011 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Pacemaker service configured with Puppet
index 956b570..7ecb64d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph RBD mirror service.
index 81bbc23..d888d4a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Backup service with Pacemaker configured with Puppet
index 1b0770f..39914db 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Volume service with Pacemaker configured with Puppet
@@ -54,3 +54,18 @@ outputs:
             cinder::host: hostgroup
       step_config:
         include ::tripleo::profile::pacemaker::cinder::volume
+      upgrade_tasks:
+        - name: Stop cinder_volume service (pacemaker)
+          tags: step1
+          pacemaker_resource:
+            resource: openstack-cinder-volume
+            state: disable
+            wait_for_resource: true
+        - name: Sync cinder DB
+          tags: step5
+          command: cinder-manage db sync
+        - name: Start cinder_volume service (pacemaker)
+          tags: step5
+          pacemaker_resource:
+            resource: openstack-cinder-volume
+            state: enable
index e19d3a3..d8e942d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL with Pacemaker service deployment using puppet
index c845d28..5bc28ed 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
index 7e5d25b..0fb8393 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service with Pacemaker configured with Puppet
index b21a45e..12f6529 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   The manila-share service with Pacemaker configured with Puppet
index 208a8f1..7925720 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RabbitMQ service with Pacemaker configured with Puppet
index dc1752e..74aaf59 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Pacemaker remote service configured with Puppet
index 6f11e0c..a41e34f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Panko API service configured with Puppet.
index 84817bc..a94d4ea 100644 (file)
@@ -34,11 +34,18 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  PankoDebug:
+    default: ''
+    description: Set to True to enable debugging Panko services.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
 
+conditions:
+  service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Panko role.
@@ -55,7 +62,11 @@ outputs:
             query:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
-        panko::debug: {get_param: Debug}
+        panko::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: PankoDebug }
         panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         panko::keystone::authtoken::project_name: 'service'
         panko::keystone::authtoken::user_domain_name: 'Default'
index cf7715a..0659a94 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Qpid dispatch router service configured with Puppet
index c89dd70..1a42fda 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RabbitMQ service configured with Puppet
index c84d4ce..3df4ce7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Sahara API service configured with Puppet
index 1ee6d17..c294e74 100644 (file)
@@ -52,11 +52,18 @@ parameters:
     type: string
     default: ''
     description: Set to True to enable debugging on all services.
+  SaharaDebug:
+    default: ''
+    description: Set to True to enable debugging Sahara services.
+    type: string
   SaharaPlugins:
     default: ["ambari","cdh","mapr","vanilla","spark","storm"]
     description: Sahara enabled plugin list
     type: comma_delimited_list
 
+conditions:
+  service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Sahara base service.
@@ -77,7 +84,11 @@ outputs:
         sahara::rabbit_user: {get_param: RabbitUserName}
         sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         sahara::rabbit_port: {get_param: RabbitClientPort}
-        sahara::debug: {get_param: Debug}
+        sahara::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: SaharaDebug }
         # Remove admin_password when https://review.openstack.org/442619 is merged.
         sahara::admin_password: {get_param: SaharaPassword}
         sahara::use_neutron: true
index 3e0070a..b6c108e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Sahara Engine service configured with Puppet
index 019ac96..84a370f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure securetty values
index b374dfb..0e7b6d2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Utility stack to convert an array of services into a set of combined
index 325656e..ffa5d31 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   SNMP client configured with Puppet, to facilitate Ceilometer Hardware
@@ -40,6 +40,10 @@ parameters:
     description: An array of bind host addresses on which SNMP daemon will listen.
     type: comma_delimited_list
     default: ['udp:161','udp6:[::1]:161']
+  SnmpdOptions:
+    description: A string containing the commandline options passed to snmpd
+    type: string
+    default: '-LS0-5d'
 
 outputs:
   role_data:
@@ -50,6 +54,7 @@ outputs:
         tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
         tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
         snmp::agentaddress: {get_param: SnmpdBindHost}
+        snmp::snmpd_options: {get_param: SnmpdOptions}
         tripleo.snmp.firewall_rules:
           '127 snmp':
             dport: 161
index 7e908c4..30058f0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure sshd_config
index d8804c4..3066aec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Proxy service configured with Puppet
index 9bb9dd8..9a304ed 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Proxy service configured with Puppet
@@ -61,6 +61,10 @@ parameters:
     description: Set to False to disable the swift proxy ceilometer pipeline.
     default: True
     type: boolean
+  SwiftCeilometerIgnoreProjects:
+    default: ['services']
+    description: Comma-seperated list of project names to ignore.
+    type: comma_delimited_list
   RabbitClientPort:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
@@ -116,6 +120,10 @@ outputs:
             swift::proxy::workers: {get_param: SwiftWorkers}
             swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
             swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+            swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+            swift::proxy::ceilometer::password: {get_param: SwiftPassword}
+            swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
             swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
             swift::proxy::ceilometer::nonblocking_notify: true
             tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
index dc4e645..3808dbc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Ringbuilder
index 2388fd9..f1a9b93 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Storage service configured with Puppet
index e121feb..5ced8c3 100644 (file)
@@ -33,6 +33,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  TackerDebug:
+    default: ''
+    description: Set to True to enable debugging Tacker service.
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -62,6 +66,9 @@ parameters:
     default: {}
     type: json
 
+conditions:
+  service_debug_unset: {equals : [{get_param: TackerDebug}, '']}
+
 outputs:
   role_data:
     description: Role data for the Tacker role.
@@ -80,7 +87,11 @@ outputs:
               read_default_file: /etc/my.cnf.d/tripleo.cnf
               read_default_group: tripleo
 
-        tacker::debug: {get_param: Debug}
+        tacker::debug:
+          if:
+          - service_debug_unset
+          - {get_param: Debug }
+          - {get_param: TackerDebug }
         tacker::rpc_backend: rabbit
         tacker::rabbit_userid: {get_param: RabbitUserName}
         tacker::rabbit_password: {get_param: RabbitPassword}
index 5694081..92c3f9e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   NTP service deployment using puppet, this YAML file
index 2904222..aece02c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Composable Timezone service
index 94f1e97..9fb590e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   TripleO Firewall settings
index 7084b7f..2b9b883 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   TripleO Package installation settings
index 62864ba..e3e28a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Vpp service configured with Puppet
index ea7ce98..416d86d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Zaqar service. Shared for all Heat services.
@@ -30,6 +30,10 @@ parameters:
     default: ''
     description: Set to True to enable debugging on all services.
     type: string
+  ZaqarDebug:
+    default: ''
+    description: Set to True to enable debugging Zaqar service.
+    type: string
   ZaqarPassword:
     description: The password for Zaqar
     type: string
@@ -54,6 +58,7 @@ parameters:
 
 conditions:
   zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
+  service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
 
 resources:
 
@@ -78,7 +83,11 @@ outputs:
             zaqar::keystone::authtoken::project_name: 'service'
             zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-            zaqar::debug: {get_param: Debug}
+            zaqar::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: ZaqarDebug }
             zaqar::server::service_name: 'httpd'
             zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
             zaqar::wsgi::apache::ssl: false
index 2cfd43f..4f96717 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Upgrade for via ansible by applying a step related tag'
 
 parameters:
diff --git a/releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml b/releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml
new file mode 100644 (file)
index 0000000..e6e452f
--- /dev/null
@@ -0,0 +1,8 @@
+---
+upgrade:
+  - Mongodb is no longer used by default, so now one has to enable it
+    explicitly if there's a need for using it.
+other:
+  - Mongodb is not used by any service we enable by default, so it has been
+    removed from the default services. It has subsequently been added to the
+    services that use it (zaqar and ceilometer-collector).
diff --git a/releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml b/releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml
new file mode 100644 (file)
index 0000000..a45938b
--- /dev/null
@@ -0,0 +1,7 @@
+---
+features:
+  - Add new cadf.yaml environment, that will configure
+    Keystone to emit CADF notifications. This standard
+    provides auditing capabilities for compliance with
+    security, and is intented to be used for deploying
+    TripleO with hardened security.
diff --git a/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml b/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml
new file mode 100644 (file)
index 0000000..7f88e26
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+   - Add support for L2 Gateway Neutron agent
diff --git a/releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml b/releasenotes/notes/add-num-of-sacks-7bd6658474ddb14c.yaml
new file mode 100644 (file)
index 0000000..e5adb6a
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+  - Add support to configure number of sacks in gnocchi.
diff --git a/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml b/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml
new file mode 100644 (file)
index 0000000..46f3b85
--- /dev/null
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    During a deployment on lower spec systems, the "db sync" can take longer
+    than five minutes. value of DatabaseSyncTimeout has change from 300
+    to 900 at the environment file "low-memory-usage.yaml".
diff --git a/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml b/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml
new file mode 100644 (file)
index 0000000..d69bf4f
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Per default, don't log a message in syslog for each incoming SNMP query.
+    So set the default log level to '-LS0-5d'. Allow the operator to customize
+    the log level via a parameter.
diff --git a/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml
new file mode 100644 (file)
index 0000000..da9af4a
--- /dev/null
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Allow to configure debug per service.
+    The feature is backward compatible with existing Debug parameter.
+    Adding a new parameter per service, e.g. GlanceDebug. Set to False,
+    it will disable debug for the service, even if Debug is set to True.
+    If Debug is set to False but GlanceDebug is set to True, Glance debug
+    will be enabled.
diff --git a/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml
new file mode 100644 (file)
index 0000000..4025477
--- /dev/null
@@ -0,0 +1,9 @@
+---
+other:
+  - |
+    All nodes now enable ``arp_accept`` sysctl setting to help with honoring
+    gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP
+    packets are diverse, this comes especially useful for Neutron floating IP
+    addresses that roam between devices, and for which Neutron L3 agent sends
+    gratuitous ARP packets to update all network nodes about IP address new
+    locations.
diff --git a/releasenotes/notes/example-roles-d27c748090f6a154.yaml b/releasenotes/notes/example-roles-d27c748090f6a154.yaml
new file mode 100644 (file)
index 0000000..e27674d
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    A set of example roles has been created in the roles folder in
+    tripleo-heat-templates.  Management of services for roles should occur
+    in these role files rather than in roles_data.yaml.
diff --git a/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml b/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml
new file mode 100644 (file)
index 0000000..88f67a0
--- /dev/null
@@ -0,0 +1,4 @@
+---
+other:
+  - Increased the default of NovaReservedHostMemory for
+    Compute nodes to 4096 MB.
diff --git a/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml b/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml
new file mode 100644 (file)
index 0000000..5440043
--- /dev/null
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Neutron API controller no longer advertises ``dvr`` extension if the
+    cloud is not configured for DVR. This is achieved by setting ``enable_dvr``
+    to match ``NeutronEnableDVR`` setting.
diff --git a/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml b/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml
new file mode 100644 (file)
index 0000000..ae6401f
--- /dev/null
@@ -0,0 +1,7 @@
+---
+features:
+  - Move Mistral API to use mod_wsgi under Apache.
+upgrade:
+  - Mistral API systemd service will be stopped and 
+    disabled.
+
diff --git a/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml b/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml
new file mode 100644 (file)
index 0000000..8c24a22
--- /dev/null
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Support for Redfish hardware is enabled by default for overcloud Ironic
+    via the ``redfish`` hardware type.
+  - |
+    Support changing enabled management and power interfaces for hardware types
+    in overcloud Ironic.
diff --git a/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml
new file mode 100644 (file)
index 0000000..7854fa5
--- /dev/null
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats
+    configured with ceilometer user will be removed to ensure the expirer
+    script is not running.
diff --git a/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml b/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml
new file mode 100644 (file)
index 0000000..7ab253b
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - Added the ability to blacklist servers by name from being
+    associated with any Heat triggered SoftwareDeployment
+    resources. The servers are specified in the new
+    DeploymentServerBlacklist parameter.
diff --git a/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml b/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml
new file mode 100644 (file)
index 0000000..fc2cb48
--- /dev/null
@@ -0,0 +1,12 @@
+---
+fixes:
+  - |
+    Removed the hard coding of osd_pool_default_min_size. Setting this value
+    to 1 can result in data loss in operating production deployments. Not
+    setting this value (or setting it to 0) will allow ceph to calculate the
+    value based on the current setting of osd_pool_default_size. If the
+    replication count is 3, then the calculated min_size is 2.  If the
+    replication count is 1, then the calcualted min_size is 1. For a POC
+    deployments using a single OSD, set osd_pool_default_size = 1. See
+    description at http://docs.ceph.com/docs/master/rados/configuration/pool-pg-config-ref/
+    Added CephPoolDefaultSize to set default replication size. Default value is 3.
diff --git a/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml
new file mode 100644 (file)
index 0000000..d74e3a1
--- /dev/null
@@ -0,0 +1,4 @@
+---
+fixes:
+  - Update the default metric processing delay to 30. This will help reduce
+    the metric backlog and wont load up the storage backend.
diff --git a/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml b/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml
new file mode 100644 (file)
index 0000000..b9ddaec
--- /dev/null
@@ -0,0 +1,6 @@
+---
+issues:
+  - Modify ``NeutronVhostuserSocketDir`` to a seprate directory in the DPDK
+    environment file. A different set of permission is required for creating
+    vhost sockets when the vhost type is dpdkvhostuserclient (which is default
+    from ocata).
index ec158ce..72b89b1 100644 (file)
@@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers'
 # built documents.
 #
 # The full version, including alpha/beta/rc tags.
-release = '7.0.0.0b1'
+release = '7.0.0.0b2'
 # The short X.Y version.
 version = '7.0.0'
 
diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml
new file mode 100644 (file)
index 0000000..d242a5b
--- /dev/null
@@ -0,0 +1,24 @@
+###############################################################################
+# Role: BlockStorage                                                          #
+###############################################################################
+- name: BlockStorage
+  description: |
+    Cinder Block Storage node role
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::BlockStorageCinderVolume
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml
new file mode 100644 (file)
index 0000000..d3de6ba
--- /dev/null
@@ -0,0 +1,24 @@
+###############################################################################
+# Role: CephStorage                                                           #
+###############################################################################
+- name: CephStorage
+  description: |
+    Ceph OSD Storage node role
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
diff --git a/roles/Compute.yaml b/roles/Compute.yaml
new file mode 100644 (file)
index 0000000..73ec659
--- /dev/null
@@ -0,0 +1,40 @@
+###############################################################################
+# Role: Compute                                                               #
+###############################################################################
+- name: Compute
+  description: |
+    Basic Compute Node role
+  CountDefault: 1
+  HostnameFormatDefault: '%stackname%-novacompute-%index%'
+  disable_upgrade_deployment: True
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CephClient
+    - OS::TripleO::Services::CephExternal
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::ComputeCeilometerAgent
+    - OS::TripleO::Services::ComputeNeutronCorePlugin
+    - OS::TripleO::Services::ComputeNeutronL3Agent
+    - OS::TripleO::Services::ComputeNeutronMetadataAgent
+    - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
+    - OS::TripleO::Services::NeutronSriovAgent
+    - OS::TripleO::Services::NeutronVppAgent
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::Vpp
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
new file mode 100644 (file)
index 0000000..7511d4c
--- /dev/null
@@ -0,0 +1,120 @@
+###############################################################################
+# Role: Controller                                                            #
+###############################################################################
+- name: Controller
+  description: |
+    Controller role that has all the controler services loaded and handles
+    Database, Messaging and Network functions.
+  CountDefault: 1
+  tags:
+    - primary
+    - controller
+  HostnameFormatDefault: '%stackname%-controller-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::BarbicanApi
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentNotification
+    # FIXME: This service was disabled in Pike and this entry should be removed
+    # in Queens.
+    - OS::TripleO::Services::CeilometerExpirer
+    - OS::TripleO::Services::CephExternal
+    - OS::TripleO::Services::CephMds
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephRbdMirror
+    - OS::TripleO::Services::CephRgw
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackendDellPs
+    - OS::TripleO::Services::CinderBackendDellSc
+    - OS::TripleO::Services::CinderBackendNetApp
+    - OS::TripleO::Services::CinderBackendScaleIO
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderHPELeftHandISCSI
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Congress
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Ec2Api
+    - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::ExternalSwiftProxy
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::Horizon
+    - OS::TripleO::Services::IronicApi
+    - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::ManilaApi
+    - OS::TripleO::Services::ManilaBackendCephFs
+    - OS::TripleO::Services::ManilaBackendGeneric
+    - OS::TripleO::Services::ManilaBackendNetapp
+    - OS::TripleO::Services::ManilaScheduler
+    - OS::TripleO::Services::ManilaShare
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronApi
+    - OS::TripleO::Services::NeutronBgpVpnApi
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL2gwAgent
+    - OS::TripleO::Services::NeutronL2gwApi
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronML2FujitsuCfab
+    - OS::TripleO::Services::NeutronML2FujitsuFossw
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NeutronVppAgent
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaConsoleauth
+    - OS::TripleO::Services::NovaIronic
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::NovaVncProxy
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::OctaviaApi
+    - OS::TripleO::Services::OctaviaHealthManager
+    - OS::TripleO::Services::OctaviaHousekeeping
+    - OS::TripleO::Services::OctaviaWorker
+    - OS::TripleO::Services::OpenDaylightApi
+    - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::OVNDBs
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::SaharaApi
+    - OS::TripleO::Services::SaharaEngine
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::Tacker
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::Vpp
+    - OS::TripleO::Services::Zaqar
diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml
new file mode 100644 (file)
index 0000000..2d1702e
--- /dev/null
@@ -0,0 +1,98 @@
+###############################################################################
+# Role: ControllerOpenstack                                                   #
+###############################################################################
+- name: ControllerOpenstack
+  description: |
+    Controller role that does not contain the database, messaging and networking
+    components. Use in combination with the Database, Messaging and Networker
+    roles.
+  tags:
+    - primary
+    - controller
+  HostnameFormatDefault: '%stackname%-controller-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::BarbicanApi
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentNotification
+    - OS::TripleO::Services::CeilometerApi
+    - OS::TripleO::Services::CeilometerExpirer
+    - OS::TripleO::Services::CephExternal
+    - OS::TripleO::Services::CephMds
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephRbdMirror
+    - OS::TripleO::Services::CephRgw
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderHPELeftHandISCSI
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Congress
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Ec2Api
+    - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::Horizon
+    - OS::TripleO::Services::IronicApi
+    - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::ManilaApi
+    - OS::TripleO::Services::ManilaBackendCephFs
+    - OS::TripleO::Services::ManilaBackendGeneric
+    - OS::TripleO::Services::ManilaBackendNetapp
+    - OS::TripleO::Services::ManilaScheduler
+    - OS::TripleO::Services::ManilaShare
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaConsoleauth
+    - OS::TripleO::Services::NovaIronic
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::NovaVncProxy
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::OctaviaApi
+    - OS::TripleO::Services::OctaviaHealthManager
+    - OS::TripleO::Services::OctaviaHousekeeping
+    - OS::TripleO::Services::OctaviaWorker
+    - OS::TripleO::Services::OpenDaylightApi
+    - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::OVNDBs
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::SaharaApi
+    - OS::TripleO::Services::SaharaEngine
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::Tacker
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::Vpp
+    - OS::TripleO::Services::Zaqar
+
diff --git a/roles/Database.yaml b/roles/Database.yaml
new file mode 100644 (file)
index 0000000..3ef751a
--- /dev/null
@@ -0,0 +1,23 @@
+###############################################################################
+# Role: Database                                                              #
+###############################################################################
+- name: Database
+  description: |
+    Standalone database role with the database being managed via Pacemaker
+  HostnameFormatDefault: '%stackname%-database-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml
new file mode 100644 (file)
index 0000000..cbef61a
--- /dev/null
@@ -0,0 +1,22 @@
+###############################################################################
+# Role: Messaging                                                             #
+###############################################################################
+- name: Messaging
+  description: |
+    Standalone messaging role with RabbitMQ being managed via Pacemaker
+  HostnameFormatDefault: '%stackname%-messaging-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/Networker.yaml b/roles/Networker.yaml
new file mode 100644 (file)
index 0000000..b393fa7
--- /dev/null
@@ -0,0 +1,36 @@
+###############################################################################
+# Role: Networker                                                             #
+###############################################################################
+- name: Networker
+  description: |
+    Standalone networking role to run Neutron services their own. Includes
+    Pacemaker integration via PacemakerRemote
+  HostnameFormatDefault: '%stackname%-networker-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronApi
+    - OS::TripleO::Services::NeutronBgpvpnApi
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL2gwAgent
+    - OS::TripleO::Services::NeutronL2gwApi
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronML2FujitsuCfab
+    - OS::TripleO::Services::NeutronML2FujitsuFossw
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NeutronVppAgent
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::PacemakerRemote
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml
new file mode 100644 (file)
index 0000000..3741ca6
--- /dev/null
@@ -0,0 +1,26 @@
+###############################################################################
+# Role: ObjectStorage                                                         #
+###############################################################################
+- name: ObjectStorage
+  description: |
+    Swift Object Storage node role
+  disable_upgrade_deployment: True
+  ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
diff --git a/roles/README.rst b/roles/README.rst
new file mode 100644 (file)
index 0000000..6c74233
--- /dev/null
@@ -0,0 +1,206 @@
+Roles
+=====
+
+The yaml files in this directory can be combined into a single roles_data.yaml
+and be used with TripleO to create custom deployments.
+
+Use tripleoclient to build your own custom roles_data.yaml for your
+environment.
+
+roles_data.yaml
+---------------
+
+The roles_data.yaml specifies which roles (groups of nodes) will be deployed.
+Note this file is used as an input the the various \*.j2.yaml jinja2 templates,
+so that they are converted into \*.yaml during the plan creation. This occurs
+via a mistral action/workflow. The file format of this file is a yaml list.
+
+Role YAML files
+===============
+
+Each role yaml file should contain only a single role. The filename should
+match the role name. The name of the role is  mandatory and must be unique.
+
+The role files in this folder should contain at least a role name and the
+default list of services for the role.
+
+Role Options
+------------
+
+* CountDefault: (number) optional, default number of nodes, defaults to 0
+  sets the default for the {{role.name}}Count parameter in overcloud.yaml
+
+* HostnameFormatDefault: (string) optional default format string for hostname
+  defaults to '%stackname%-{{role.name.lower()}}-%index%'
+  sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+
+* disable_constraints: (boolean) optional, whether to disable Nova and Glance
+  constraints for each role specified in the templates.
+
+* disable_upgrade_deployment: (boolean) optional, whether to run the
+  ansible upgrade steps for all services that are deployed on the role. If set
+  to True, the operator will drive the upgrade for this role's nodes.
+
+* upgrade_batch_size: (number): batch size for upgrades where tasks are
+  specified by services to run in batches vs all nodes at once.
+  This defaults to 1, but larger batches may be specified here.
+
+* ServicesDefault: (list) optional default list of services to be deployed
+  on the role, defaults to an empty list. Sets the default for the
+  {{role.name}}Services parameter in overcloud.yaml
+
+* tags: (list) list of tags used by other parts of the deployment process to
+  find the role for a specific type of functionality. Currently a role
+  with both 'primary' and 'controller' is used as the primary role for the
+  deployment process. If no roles have have 'primary' and 'controller', the
+  first role in this file is used as the primary role.
+
+* description: (string) as few sentences describing the role and information
+  pertaining to the usage of the role.
+
+Working with Roles
+==================
+The tripleoclient provides a series of commands that can be used to view
+roles and generate a roles_data.yaml file for deployment.
+
+Listing Available Roles
+-----------------------
+The ``openstack overcloud role list`` command can be used to view the list
+of roles provided by tripleo-heat-templates.
+
+Usage
+^^^^^
+.. code-block::
+
+  usage: openstack overcloud role list [-h] [--roles-path <roles directory>]
+
+  List availables roles
+
+  optional arguments:
+    -h, --help            show this help message and exit
+    --roles-path <roles directory>
+                          Filesystem path containing the role yaml files. By
+                          default this is /usr/share/openstack-tripleo-heat-
+                          templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+  [user@host ~]$ openstack overcloud role list
+  BlockStorage
+  CephStorage
+  Compute
+  Controller
+  ControllerOpenstack
+  Database
+  Messaging
+  Networker
+  ObjectStorage
+  Telemetry
+  Undercloud
+
+Viewing Role Details
+--------------------
+The ``openstack overcloud role show`` command can be used as a quick way to
+view some of the information about a role.
+
+Usage
+^^^^^
+.. code-block::
+
+  usage: openstack overcloud role show [-h] [--roles-path <roles directory>]
+                                       <role>
+
+  Show information about a given role
+
+  positional arguments:
+    <role>                Role to display more information about.
+
+  optional arguments:
+    -h, --help            show this help message and exit
+    --roles-path <roles directory>
+                          Filesystem path containing the role yaml files. By
+                          default this is /usr/share/openstack-tripleo-heat-
+                          templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+  [user@host ~]$ openstack overcloud role show Compute
+  ###############################################################################
+  # Role Data for 'Compute'
+  ###############################################################################
+  HostnameFormatDefault: '%stackname%-novacompute-%index%'
+  ServicesDefault:
+   * OS::TripleO::Services::AuditD
+   * OS::TripleO::Services::CACerts
+   * OS::TripleO::Services::CephClient
+   * OS::TripleO::Services::CephExternal
+   * OS::TripleO::Services::CertmongerUser
+   * OS::TripleO::Services::Collectd
+   * OS::TripleO::Services::ComputeCeilometerAgent
+   * OS::TripleO::Services::ComputeNeutronCorePlugin
+   * OS::TripleO::Services::ComputeNeutronL3Agent
+   * OS::TripleO::Services::ComputeNeutronMetadataAgent
+   * OS::TripleO::Services::ComputeNeutronOvsAgent
+   * OS::TripleO::Services::Docker
+   * OS::TripleO::Services::FluentdClient
+   * OS::TripleO::Services::Kernel
+   * OS::TripleO::Services::MySQLClient
+   * OS::TripleO::Services::NeutronSriovAgent
+   * OS::TripleO::Services::NeutronVppAgent
+   * OS::TripleO::Services::NovaCompute
+   * OS::TripleO::Services::NovaLibvirt
+   * OS::TripleO::Services::Ntp
+   * OS::TripleO::Services::OpenDaylightOvs
+   * OS::TripleO::Services::Securetty
+   * OS::TripleO::Services::SensuClient
+   * OS::TripleO::Services::Snmp
+   * OS::TripleO::Services::Sshd
+   * OS::TripleO::Services::Timezone
+   * OS::TripleO::Services::TripleoFirewall
+   * OS::TripleO::Services::TripleoPackages
+   * OS::TripleO::Services::Vpp
+  name: 'Compute'
+
+Generate roles_data.yaml
+------------------------
+The ``openstack overcloud roles generate`` command can be used to generate
+a roles_data.yaml file for deployments.
+
+Usage
+^^^^^
+.. code-block::
+
+  usage: openstack overcloud roles generate [-h]
+                                            [--roles-path <roles directory>]
+                                            [-o <output file>]
+                                            <role> [<role> ...]
+
+  Generate roles_data.yaml file
+
+  positional arguments:
+    <role>                List of roles to use to generate the roles_data.yaml
+                          file for the deployment. NOTE: Ordering is important
+                          if no role has the "primary" and "controller" tags. If
+                          no role is tagged then the first role listed will be
+                          considered the primary role. This usually is the
+                          controller role.
+
+  optional arguments:
+    -h, --help            show this help message and exit
+    --roles-path <roles directory>
+                          Filesystem path containing the role yaml files. By
+                          default this is /usr/share/openstack-tripleo-heat-
+                          templates/roles
+    -o <output file>, --output-file <output file>
+                          File to capture all output to. For example,
+                          roles_data.yaml
+
+Example
+^^^^^^^
+.. code-block::
+
+  [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage
diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml
new file mode 100644 (file)
index 0000000..0f60364
--- /dev/null
@@ -0,0 +1,30 @@
+###############################################################################
+# Role: Telemetry                                                             #
+###############################################################################
+- name: Telemetry
+  description: |
+    Telemetry role that has all the telemetry services.
+  HostnameFormatDefault: '%stackname%-telemetry-%index%'
+  ServicesDefault:
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentNotification
+    - OS::TripleO::Services::CeilometerApi
+    - OS::TripleO::Services::CeilometerExpirer
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
new file mode 100644 (file)
index 0000000..0a9bcad
--- /dev/null
@@ -0,0 +1,55 @@
+###############################################################################
+# Role: Undercloud                                                            #
+###############################################################################
+- name: Undercloud
+  description: |
+    EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+    undercloud deploy' command.
+  CountDefault: 1
+  disable_constraints: True
+  tags:
+    - primary
+    - controller
+  ServicesDefault:
+    - OS::TripleO::Services::Apache
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::IronicApi
+    - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::IronicPxe
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::MistralApi
+    - OS::TripleO::Services::MistralEngine
+    - OS::TripleO::Services::MistralExecutor
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::NeutronApi
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaIronic
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::UndercloudAodhApi
+    - OS::TripleO::Services::UndercloudAodhEvaluator
+    - OS::TripleO::Services::UndercloudAodhListener
+    - OS::TripleO::Services::UndercloudAodhNotifier
+    - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+    - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+    - OS::TripleO::Services::UndercloudGnocchiApi
+    - OS::TripleO::Services::UndercloudGnocchiMetricd
+    - OS::TripleO::Services::UndercloudGnocchiStatsd
+    - OS::TripleO::Services::UndercloudPankoApi
+    - OS::TripleO::Services::Zaqar
index e0867cb..c536e83 100644 (file)
-# Specifies which roles (groups of nodes) will be deployed
-# Note this is used as an input to the various *.j2.yaml
-# jinja2 templates, so that they are converted into *.yaml
-# during the plan creation (via a mistral action/workflow).
-#
-# The format is a list, with the following format:
-#
-# * name: (string) mandatory, name of the role, must be unique
-#
-# CountDefault: (number) optional, default number of nodes, defaults to 0
-# sets the default for the {{role.name}}Count parameter in overcloud.yaml
-#
-# HostnameFormatDefault: (string) optional default format string for hostname
-# defaults to '%stackname%-{{role.name.lower()}}-%index%'
-# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
-#
-# disable_constraints: (boolean) optional, whether to disable Nova and Glance
-# constraints for each role specified in the templates.
-#
-# disable_upgrade_deployment: (boolean) optional, whether to run the
-# ansible upgrade steps for all services that are deployed on the role. If set
-# to True, the operator will drive the upgrade for this role's nodes.
-#
-# upgrade_batch_size: (number): batch size for upgrades where tasks are
-# specified by services to run in batches vs all nodes at once.
-# This defaults to 1, but larger batches may be specified here.
-#
-# ServicesDefault: (list) optional default list of services to be deployed
-# on the role, defaults to an empty list. Sets the default for the
-# {{role.name}}Services parameter in overcloud.yaml
-#
-# tags: (list) list of tags used by other parts of the deployment process to
-# find the role for a specific type of functionality. Currently a role
-# with both 'primary' and 'controller' is used as the primary role for the
-# deployment process. If no roles have have 'primary' and 'controller', the
-# first role in this file is used as the primary role.
-#
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Controller                                                            #
+###############################################################################
 - name: Controller
+  description: |
+    Controller role that has all the controler services loaded and handles
+    Database, Messaging and Network functions.
   CountDefault: 1
   tags:
     - primary
     - controller
+  HostnameFormatDefault: '%stackname%-controller-%index%'
   ServicesDefault:
+    - OS::TripleO::Services::AodhApi
+    - OS::TripleO::Services::AodhEvaluator
+    - OS::TripleO::Services::AodhListener
+    - OS::TripleO::Services::AodhNotifier
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::BarbicanApi
     - OS::TripleO::Services::CACerts
-    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::CeilometerAgentCentral
+    - OS::TripleO::Services::CeilometerAgentNotification
+    # FIXME: This service was disabled in Pike and this entry should be removed
+    # in Queens.
+    - OS::TripleO::Services::CeilometerExpirer
+    - OS::TripleO::Services::CephExternal
     - OS::TripleO::Services::CephMds
     - OS::TripleO::Services::CephMon
-    - OS::TripleO::Services::CephExternal
     - OS::TripleO::Services::CephRbdMirror
     - OS::TripleO::Services::CephRgw
+    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::CinderApi
-    - OS::TripleO::Services::CinderBackup
-    - OS::TripleO::Services::CinderScheduler
-    - OS::TripleO::Services::CinderVolume
     - OS::TripleO::Services::CinderBackendDellPs
     - OS::TripleO::Services::CinderBackendDellSc
     - OS::TripleO::Services::CinderBackendNetApp
     - OS::TripleO::Services::CinderBackendScaleIO
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderHPELeftHandISCSI
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Congress
-    - OS::TripleO::Services::Kernel
-    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Ec2Api
+    - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::ExternalSwiftProxy
+    - OS::TripleO::Services::FluentdClient
     - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::GnocchiApi
+    - OS::TripleO::Services::GnocchiMetricd
+    - OS::TripleO::Services::GnocchiStatsd
+    - OS::TripleO::Services::HAproxy
     - OS::TripleO::Services::HeatApi
     - OS::TripleO::Services::HeatApiCfn
     - OS::TripleO::Services::HeatApiCloudwatch
     - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::Horizon
+    - OS::TripleO::Services::IronicApi
+    - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::ManilaApi
+    - OS::TripleO::Services::ManilaBackendCephFs
+    - OS::TripleO::Services::ManilaBackendGeneric
+    - OS::TripleO::Services::ManilaBackendNetapp
+    - OS::TripleO::Services::ManilaScheduler
+    - OS::TripleO::Services::ManilaShare
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::MongoDb
     - OS::TripleO::Services::MySQL
     - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronApi
     - OS::TripleO::Services::NeutronBgpVpnApi
+    - OS::TripleO::Services::NeutronCorePlugin
     - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL2gwAgent
     - OS::TripleO::Services::NeutronL2gwApi
     - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::NeutronMetadataAgent
-    - OS::TripleO::Services::NeutronApi
-    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronML2FujitsuCfab
+    - OS::TripleO::Services::NeutronML2FujitsuFossw
     - OS::TripleO::Services::NeutronOvsAgent
-    - OS::TripleO::Services::RabbitMQ
-    - OS::TripleO::Services::HAproxy
-    - OS::TripleO::Services::Keepalived
-    - OS::TripleO::Services::Memcached
-    - OS::TripleO::Services::Pacemaker
-    - OS::TripleO::Services::Redis
-    - OS::TripleO::Services::NovaConductor
-    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::NovaApi
-    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaConsoleauth
+    - OS::TripleO::Services::NovaIronic
     - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaPlacement
     - OS::TripleO::Services::NovaScheduler
-    - OS::TripleO::Services::NovaConsoleauth
     - OS::TripleO::Services::NovaVncProxy
-    - OS::TripleO::Services::Ec2Api
     - OS::TripleO::Services::Ntp
-    - OS::TripleO::Services::SwiftProxy
-    - OS::TripleO::Services::ExternalSwiftProxy
-    - OS::TripleO::Services::SwiftStorage
-    - OS::TripleO::Services::SwiftRingBuilder
-    - OS::TripleO::Services::Snmp
-    - OS::TripleO::Services::Sshd
-    - OS::TripleO::Services::Securetty
-    - OS::TripleO::Services::Timezone
-    - OS::TripleO::Services::CeilometerAgentCentral
-    - OS::TripleO::Services::CeilometerAgentNotification
-    - OS::TripleO::Services::Horizon
-    - OS::TripleO::Services::GnocchiApi
-    - OS::TripleO::Services::GnocchiMetricd
-    - OS::TripleO::Services::GnocchiStatsd
-    - OS::TripleO::Services::ManilaApi
-    - OS::TripleO::Services::ManilaScheduler
-    - OS::TripleO::Services::ManilaBackendGeneric
-    - OS::TripleO::Services::ManilaBackendNetapp
-    - OS::TripleO::Services::ManilaBackendCephFs
-    - OS::TripleO::Services::ManilaShare
-    - OS::TripleO::Services::AodhApi
-    - OS::TripleO::Services::AodhEvaluator
-    - OS::TripleO::Services::AodhNotifier
-    - OS::TripleO::Services::AodhListener
-    - OS::TripleO::Services::SaharaApi
-    - OS::TripleO::Services::SaharaEngine
-    - OS::TripleO::Services::IronicApi
-    - OS::TripleO::Services::IronicConductor
-    - OS::TripleO::Services::NovaIronic
-    - OS::TripleO::Services::TripleoPackages
-    - OS::TripleO::Services::TripleoFirewall
-    - OS::TripleO::Services::OpenDaylightApi
-    - OS::TripleO::Services::OpenDaylightOvs
-    - OS::TripleO::Services::SensuClient
-    - OS::TripleO::Services::FluentdClient
-    - OS::TripleO::Services::Collectd
-    - OS::TripleO::Services::BarbicanApi
-    - OS::TripleO::Services::PankoApi
-    - OS::TripleO::Services::Tacker
-    - OS::TripleO::Services::Zaqar
-    - OS::TripleO::Services::OVNDBs
-    - OS::TripleO::Services::NeutronML2FujitsuCfab
-    - OS::TripleO::Services::NeutronML2FujitsuFossw
-    - OS::TripleO::Services::CinderHPELeftHandISCSI
-    - OS::TripleO::Services::Etcd
-    - OS::TripleO::Services::AuditD
     - OS::TripleO::Services::OctaviaApi
     - OS::TripleO::Services::OctaviaHealthManager
     - OS::TripleO::Services::OctaviaHousekeeping
     - OS::TripleO::Services::OctaviaWorker
+    - OS::TripleO::Services::OpenDaylightApi
+    - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::OVNDBs
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::Redis
+    - OS::TripleO::Services::SaharaApi
+    - OS::TripleO::Services::SaharaEngine
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::Tacker
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::Vpp
-    - OS::TripleO::Services::NeutronVppAgent
-    - OS::TripleO::Services::Docker
-
+    - OS::TripleO::Services::Zaqar
+###############################################################################
+# Role: Compute                                                               #
+###############################################################################
 - name: Compute
+  description: |
+    Basic Compute Node role
   CountDefault: 1
   HostnameFormatDefault: '%stackname%-novacompute-%index%'
   disable_upgrade_deployment: True
   ServicesDefault:
+    - OS::TripleO::Services::AuditD
     - OS::TripleO::Services::CACerts
-    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::CephClient
     - OS::TripleO::Services::CephExternal
-    - OS::TripleO::Services::Timezone
-    - OS::TripleO::Services::Ntp
-    - OS::TripleO::Services::Snmp
-    - OS::TripleO::Services::Sshd
-    - OS::TripleO::Services::Securetty
-    - OS::TripleO::Services::NovaCompute
-    - OS::TripleO::Services::NovaLibvirt
-    - OS::TripleO::Services::Kernel
-    - OS::TripleO::Services::ComputeNeutronCorePlugin
-    - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::ComputeCeilometerAgent
+    - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
-    - OS::TripleO::Services::TripleoPackages
-    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::NeutronSriovAgent
+    - OS::TripleO::Services::NeutronVppAgent
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::OpenDaylightOvs
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::SensuClient
-    - OS::TripleO::Services::FluentdClient
-    - OS::TripleO::Services::AuditD
-    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::Vpp
-    - OS::TripleO::Services::NeutronVppAgent
-    - OS::TripleO::Services::MySQLClient
-    - OS::TripleO::Services::Docker
-
+###############################################################################
+# Role: BlockStorage                                                          #
+###############################################################################
 - name: BlockStorage
+  description: |
+    Cinder Block Storage node role
   ServicesDefault:
+    - OS::TripleO::Services::AuditD
+    - OS::TripleO::Services::BlockStorageCinderVolume
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CertmongerUser
-    - OS::TripleO::Services::BlockStorageCinderVolume
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
     - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Ntp
-    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
-    - OS::TripleO::Services::Securetty
-    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::TripleoFirewall
-    - OS::TripleO::Services::SensuClient
-    - OS::TripleO::Services::FluentdClient
-    - OS::TripleO::Services::AuditD
-    - OS::TripleO::Services::Collectd
-    - OS::TripleO::Services::MySQLClient
-    - OS::TripleO::Services::Docker
-
+    - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: ObjectStorage                                                         #
+###############################################################################
 - name: ObjectStorage
+  description: |
+    Swift Object Storage node role
   disable_upgrade_deployment: True
   ServicesDefault:
+    - OS::TripleO::Services::AuditD
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
     - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Ntp
-    - OS::TripleO::Services::SwiftStorage
-    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
-    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
     - OS::TripleO::Services::Timezone
-    - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
-    - OS::TripleO::Services::SensuClient
-    - OS::TripleO::Services::FluentdClient
-    - OS::TripleO::Services::AuditD
-    - OS::TripleO::Services::Collectd
-    - OS::TripleO::Services::MySQLClient
-    - OS::TripleO::Services::Docker
-
+    - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: CephStorage                                                           #
+###############################################################################
 - name: CephStorage
+  description: |
+    Ceph OSD Storage node role
   ServicesDefault:
+    - OS::TripleO::Services::AuditD
     - OS::TripleO::Services::CACerts
-    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CertmongerUser
+    - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::FluentdClient
     - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SensuClient
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
-    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
-    - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
-    - OS::TripleO::Services::SensuClient
-    - OS::TripleO::Services::FluentdClient
-    - OS::TripleO::Services::AuditD
-    - OS::TripleO::Services::Collectd
-    - OS::TripleO::Services::MySQLClient
-    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::TripleoPackages
index d57c8fc..ad760fd 100644 (file)
@@ -1,49 +1,58 @@
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Undercloud                                                            #
+###############################################################################
 - name: Undercloud
+  description: |
+    EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+    undercloud deploy' command.
   CountDefault: 1
   disable_constraints: True
   tags:
     - primary
     - controller
   ServicesDefault:
-    - OS::TripleO::Services::Ntp
-    - OS::TripleO::Services::MySQL
-    - OS::TripleO::Services::MongoDb
-    - OS::TripleO::Services::Keystone
     - OS::TripleO::Services::Apache
-    - OS::TripleO::Services::RabbitMQ
     - OS::TripleO::Services::GlanceApi
-    - OS::TripleO::Services::SwiftProxy
-    - OS::TripleO::Services::SwiftStorage
-    - OS::TripleO::Services::SwiftRingBuilder
-    - OS::TripleO::Services::Memcached
     - OS::TripleO::Services::HeatApi
     - OS::TripleO::Services::HeatApiCfn
     - OS::TripleO::Services::HeatEngine
-    - OS::TripleO::Services::NovaApi
-    - OS::TripleO::Services::NovaPlacement
-    - OS::TripleO::Services::NovaMetadata
-    - OS::TripleO::Services::NovaScheduler
-    - OS::TripleO::Services::NovaConductor
-    - OS::TripleO::Services::MistralEngine
-    - OS::TripleO::Services::MistralApi
-    - OS::TripleO::Services::MistralExecutor
     - OS::TripleO::Services::IronicApi
     - OS::TripleO::Services::IronicConductor
     - OS::TripleO::Services::IronicPxe
-    - OS::TripleO::Services::NovaIronic
-    - OS::TripleO::Services::Zaqar
-    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::MistralApi
+    - OS::TripleO::Services::MistralEngine
+    - OS::TripleO::Services::MistralExecutor
+    - OS::TripleO::Services::MongoDb
+    - OS::TripleO::Services::MySQL
     - OS::TripleO::Services::NeutronApi
     - OS::TripleO::Services::NeutronCorePlugin
-    - OS::TripleO::Services::NeutronOvsAgent
     - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaIronic
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::SwiftStorage
     - OS::TripleO::Services::UndercloudAodhApi
     - OS::TripleO::Services::UndercloudAodhEvaluator
-    - OS::TripleO::Services::UndercloudAodhNotifier
     - OS::TripleO::Services::UndercloudAodhListener
+    - OS::TripleO::Services::UndercloudAodhNotifier
+    - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+    - OS::TripleO::Services::UndercloudCeilometerAgentNotification
     - OS::TripleO::Services::UndercloudGnocchiApi
     - OS::TripleO::Services::UndercloudGnocchiMetricd
     - OS::TripleO::Services::UndercloudGnocchiStatsd
     - OS::TripleO::Services::UndercloudPankoApi
-    - OS::TripleO::Services::UndercloudCeilometerAgentCentral
-    - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+    - OS::TripleO::Services::Zaqar
index 1c9e3b4..76f03d7 100644 (file)
@@ -4,6 +4,6 @@
 PyYAML>=3.10.0 # MIT
 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
 six>=1.9.0 # MIT
-sphinx>=1.5.1 # BSD
+sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-reno>=1.8.0 # Apache-2.0
+reno!=2.3.1,>=1.8.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 3796a54..b92e545 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,7 @@ skipsdist = True
 
 [testenv]
 usedevelop = True
+install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
 deps = -r{toxinidir}/requirements.txt
        -r{toxinidir}/test-requirements.txt