description: Deploy Mistral service
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Ceilometer Api
+ description:
+ environments:
+ - file: environments/services/disable-ceilometer-api.yaml
+ title: Ceilometer Api
+ description: Disable Ceilometer Api service. This service is
+ deprecated and will be removed in future releases. Please move
+ to using gnocchi/aodh/panko apis instead.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
# - title: Network Interface Configuration
# description:
via puppet
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-hpelefthand-config.yaml
+ title: Cinder HPELeftHandISCSI backend
+ description: >
+ Enables a Cinder HPELeftHandISCSI backend, configured
+ via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- file: environments/cinder-eqlx-config.yaml
title: Cinder EQLX backend
description: >
Enables a Cinder EQLX backend, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-iser.yaml
+ title: Cinder iSER backend
+ description: >
+ Enable a Cinder iSER RDMA backend, configured via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Externally managed Ceph
description: >
Enable the use of an externally managed Ceph cluster
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
# - AdminPassword
# - UndercloudFQDN
# - HostsSecret
+# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning
+# interface (which is hardcoded to eth1)
#
set -eux
source /tmp/freeipa-setup.env
fi
+if [ -n "$ProvisioningCIDR" ]; then
+ # Add address to provisioning network interface
+ ip link set dev eth1 up
+ ip addr add $ProvisioningCIDR dev eth1
+fi
+
# Set DNS servers
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
[NovaCompute]: CREATE_IN_PROGRESS state changed
The user running the script must be able to ssh as root to each server. Define
-the the names of your custom roles (if applicable) and hostnames of the deployed
+the names of your custom roles (if applicable) and hostnames of the deployed
servers you intend to use for each role type. For each role name, a
corresponding <role-name>_hosts variable should also be defined, e.g.::
--- /dev/null
+heat_template_version: ocata
+
+parameters:
+ network:
+ type: string
+ default: ctlplane
+ name:
+ type: string
+ replacement_policy:
+ type: string
+ default: AUTO
+
+resources:
+
+ ControlPlanePort:
+ type: OS::Neutron::Port
+ properties:
+ network: ctlplane
+ name:
+ list_join:
+ - '-'
+ - - {get_param: name}
+ - port
+ replacement_policy: AUTO
+
+outputs:
+ fixed_ips:
+ value: {get_attr: [ControlPlanePort, fixed_ips]}
Example:
parameter_defaults:
DeployedServerPortMap:
- gatsby_ctlplane:
+ gatsby-ctlplane:
fixed_ips:
- ip_address: 127.0.0.1
subnets:
--- /dev/null
+#!/bin/bash
+
+set -eux
+
+yum install -y \
+ jq \
+ python-ipaddr \
+ openstack-puppet-modules \
+ os-net-config \
+ openvswitch \
+ python-heat-agent*
+
+ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
+
+setenforce 0
+sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
--- /dev/null
+heat_template_version: ocata
+
+description: 'Deployed Server Bootstrap Config'
+
+parameters:
+
+ server:
+ type: string
+
+resources:
+
+ DeployedServerBootstrapConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: deployed-server-bootstrap-centos.sh}
+
+ DeployedServerBootstrapDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: DeployedServerBootstrapConfig}
+ server: {get_param: server}
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
-- name: Controller
+- name: ControllerDeployedServer
CountDefault: 1
disable_constraints: True
ServicesDefault:
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- - OS::TripleO::Services::Core
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::OVNDBs
-- name: Compute
+- name: ComputeDeployedServer
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_constraints: True
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
-- name: BlockStorage
+- name: BlockStorageDeployedServer
disable_constraints: True
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
-- name: ObjectStorage
+- name: ObjectStorageDeployedServer
disable_constraints: True
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
-- name: CephStorage
+- name: CephStorageDeployedServer
disable_constraints: True
ServicesDefault:
- OS::TripleO::Services::CACerts
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
resources:
deployed-server:
name: {get_param: name}
software_config_transport: {get_param: software_config_transport}
+ UpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ UpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ name: UpgradeInitDeployment
+ server: {get_resource: deployed-server}
+ config: {get_resource: UpgradeInitConfig}
+
+
InstanceIdConfig:
type: OS::Heat::StructuredConfig
properties:
properties:
config: {get_resource: InstanceIdConfig}
server: {get_resource: deployed-server}
+ depends_on: UpgradeInitDeployment
HostsEntryConfig:
type: OS::Heat::SoftwareConfig
config: {get_resource: HostsEntryConfig}
server: {get_resource: deployed-server}
- ControlPlanePortImpl:
+ DeployedServerBootstrapConfig:
+ type: OS::TripleO::DeployedServer::Bootstrap
+ properties:
+ server: {get_resource: deployed-server}
+
+ ControlPlanePort:
type: OS::TripleO::DeployedServer::ControlPlanePort
properties:
network: ctlplane
networks:
value:
ctlplane:
- - {get_attr: [ControlPlanePortImpl, fixed_ips, 0, ip_address]}
+ - {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]}
name:
value: {get_attr: [HostsEntryDeployment, hostname]}
server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value)
done
- deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url')
+ while true; do
+ deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url')
+ if [ "$deployed_server_metadata_url" = "null" ]; then
+ continue
+ else
+ break
+ fi
+ done
echo "======================"
echo "$role$i os-collect-config.conf configuration:"
NeutronOpenvswitchAgentConfig:
type: string
- default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
+ default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/openvswitch_agent.ini"
resources:
description: image
default: 'centos-binary-neutron-openvswitch-agent'
type: string
- NeutronOpenvswitchAgentPluginVolume:
- type: string
- default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro"
- NeutronOpenvswitchAgentOvsVolume:
- type: string
- default: " "
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
- /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json
- /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro
- /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro
- - {get_param: NeutronOpenvswitchAgentPluginVolume}
- - {get_param: NeutronOpenvswitchAgentOvsVolume}
+ - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- /run:/run
--- /dev/null
+# A Heat environment file which can be used to enable a
+# a Cinder HPELeftHandISCSI backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderHPELeftHandISCSI: ../puppet/services/cinder-hpelefthand-iscsi.yaml
+
+parameter_defaults:
+ CinderHPELeftHandISCSIApiUrl: ''
+ CinderHPELeftHandISCSIUserName: ''
+ CinderHPELeftHandISCSIPassword: ''
+ CinderHPELeftHandISCSIBackendName: 'tripleo_hpelefthand'
+ CinderHPELeftHandISCSIChapEnabled: false
+ CinderHPELeftHandClusterName: ''
+ CinderHPELeftHandDebug: false
--- /dev/null
+parameter_defaults:
+
+ ## Whether to enable iscsi backend for Cinder.
+ CinderEnableIscsiBackend: true
+ CinderISCSIProtocol: 'iser'
+ CinderISCSIHelper: 'lioadm'
+
+ ## Whether to enable rbd (Ceph) backend for Cinder.
+ CinderEnableRbdBackend: false
+
+ ## Whether to enable NFS backend for Cinder.
+ CinderEnableNfsBackend: false
+
+ ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage.
+ NovaEnableRbdBackend: false
+
+ ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'.
+ ## GlanceBackend: swift
+
--- /dev/null
+# An environment that can be used with the deployed-server.yaml template to do
+# initial bootstrapping of the deployed servers.
+resource_registry:
+ OS::TripleO::DeployedServer::Bootstrap: ../deployed-server/deployed-server-bootstrap-centos.yaml
+
+parameter_defaults:
+ EnablePackageInstall: True
resource_registry:
OS::TripleO::Server: ../deployed-server/deployed-server.yaml
OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port
+ OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None
resource_registry:
+ OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None
OS::TripleO::Server: ../deployed-server/deployed-server.yaml
OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml
+++ /dev/null
-parameter_defaults:
- NeutronOpenvswitchAgentConfig: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/openvswitch_agent.ini"
- NeutronOpenvswitchAgentPluginVolume: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro"
- NeutronOpenvswitchAgentOvsVolume: "/var/lib/etc-data/neutron/conf.d/neutron-openvswitch-agent:/etc/neutron/conf.d/neutron-openvswitch-agent:ro"
--- /dev/null
+# Use this environment to create a swap partition in all Overcloud nodes
+resource_registry:
+ OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap-partition.yaml
--- /dev/null
+# Use this environment to create a swap file in all Overcloud nodes
+resource_registry:
+ OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap.yaml
ExternalInterfaceDefaultRoute: 10.0.0.1
# Uncomment if using the Management Network (see network-management.yaml)
# ManagementNetCidr: 10.0.1.0/24
- # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}]
+ # ManagementAllocationPools: [{'start': '10.0.1.10', 'end': '10.0.1.50'}]
# Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
# ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
+ # Uncomment if connecting to a pre-Jewel or RHCS1.3 Ceph Cluster
+ # RbdDefaultFeatures: 1
+
# Backward compatibility setting, will be removed in the future
CephAdminKey: ''
# An environment which enables configuration of an
# Overcloud controller with Pacemaker.
resource_registry:
- OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml
OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::CeilometerApi: OS::Heat::None
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Etcd: ../../puppet/services/etcd.yaml
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
- GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
**update-from-publicvip-on-ctlplane.yaml**
To be used if the PublicVirtualIP resource was deployed as an additional VIP on the 'ctlplane'.
+
+**update-from-deloyed-server-newton.yaml**
+ To be used when updating from the deployed-server template from Newton.
--- /dev/null
+resource_registry:
+ OS::TripleO::DeployedServer::ControlPlanePort: ../../deployed-server/ctlplane-port.yaml
heat_template_version: ocata
-description: >
- Extra config to add swap space to nodes.
+description: Template file to add a swap partition to a node.
-# Parameters passed from the parent template - note if you maintain
-# out-of-tree templates they may require additional parameters if the
-# in-tree templates add a new role.
parameters:
servers:
type: json
description: Swap partition label
default: 'swap1'
-
resources:
-
SwapConfig:
type: OS::Heat::SoftwareConfig
properties:
#!/bin/bash
set -eux
swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label)
- swapon $swap_partition
- echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab
+ if [ -f "$swap_partition" ]; then
+ swapon $swap_partition
+ echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab
+ else
+ echo "$swap_partition needs to be a valid path"
+ echo "Check that $swap_partition_label is a valid partition label"
+ fi
inputs:
- name: swap_partition_label
description: Swap partition label
heat_template_version: ocata
-description: >
- Extra config to add swap space to nodes.
+description: Template file to add a swap file to a node.
-# Parameters passed from the parent template - note if you maintain
-# out-of-tree templates they may require additional parameters if the
-# in-tree templates add a new role.
parameters:
servers:
type: json
description: Full path to location of swap file
default: '/swap'
-
resources:
-
SwapConfig:
type: OS::Heat::SoftwareConfig
properties:
-heat_template_version: 2014-10-16
+heat_template_version: ocata
description: >
Do some configuration, then reboot - sometimes needed for early-boot
-heat_template_version: 2016-10-14
+heat_template_version: ocata
description: >
Do some configuration, then reboot - sometimes needed for early-boot
# TODO: check if this can be triggered in puppet and removed from here
ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types
cinder-manage db sync
- glance-manage --config-file=/etc/glance/glance-registry.conf db_sync
+ glance-manage db_sync
heat-manage --config-file /etc/heat/heat.conf db_sync
keystone-manage db_sync
- neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
+ neutron-db-manage upgrade heads
nova-manage db sync
nova-manage api_db sync
nova-manage db online_data_migrations
openstack-cinder-api-clone
openstack-cinder-scheduler-clone
openstack-glance-api-clone
- openstack-glance-registry-clone
openstack-gnocchi-metricd-clone
openstack-gnocchi-statsd-clone
openstack-heat-api-cfn-clone
net_param: GlanceApi
port: 9292
-GlanceRegistry:
- Internal:
- net_param: GlanceRegistry
- port: 9191
-
Mysql:
Internal:
net_param: Mysql
'': /v2.1
port: 8774
+NovaPlacement:
+ Internal:
+ net_param: NovaPlacement
+ uri_suffixes:
+ '': /placement
+ Public:
+ net_param: Public
+ uri_suffixes:
+ '': /placement
+ Admin:
+ net_param: NovaPlacement
+ uri_suffixes:
+ '': /placement
+ port: 8778
+
NovaVNCProxy:
Internal:
net_param: NovaApi
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
- GlanceRegistryInternal: {protocol: http, port: '9191', host: IP_ADDRESS}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
+ NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
+ NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
+ NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlancePublic, port]
- GlanceRegistryInternal:
- host:
- str_replace:
- template:
- get_param: [EndpointMap, GlanceRegistryInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, GlanceRegistryNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, GlanceRegistryNetwork]
- template: NETWORK_uri
- host_nobrackets:
- str_replace:
- template:
- get_param: [EndpointMap, GlanceRegistryInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, GlanceRegistryNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - get_param: [ServiceNetMap, GlanceRegistryNetwork]
- port:
- get_param: [EndpointMap, GlanceRegistryInternal, port]
- protocol:
- get_param: [EndpointMap, GlanceRegistryInternal, protocol]
- uri:
- list_join:
- - ''
- - - get_param: [EndpointMap, GlanceRegistryInternal, protocol]
- - ://
- - str_replace:
- template:
- get_param: [EndpointMap, GlanceRegistryInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, GlanceRegistryNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, GlanceRegistryNetwork]
- template: NETWORK_uri
- - ':'
- - get_param: [EndpointMap, GlanceRegistryInternal, port]
- uri_no_suffix:
- list_join:
- - ''
- - - get_param: [EndpointMap, GlanceRegistryInternal, protocol]
- - ://
- - str_replace:
- template:
- get_param: [EndpointMap, GlanceRegistryInternal, host]
- params:
- CLOUDNAME:
- get_param:
- - CloudEndpoints
- - get_param: [ServiceNetMap, GlanceRegistryNetwork]
- IP_ADDRESS:
- get_param:
- - NetIpMap
- - str_replace:
- params:
- NETWORK:
- get_param: [ServiceNetMap, GlanceRegistryNetwork]
- template: NETWORK_uri
- - ':'
- - get_param: [EndpointMap, GlanceRegistryInternal, port]
GnocchiAdmin:
host:
str_replace:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaPublic, port]
+ NovaPlacementAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ port:
+ get_param: [EndpointMap, NovaPlacementAdmin, port]
+ protocol:
+ get_param: [EndpointMap, NovaPlacementAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementAdmin, port]
+ - /placement
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementAdmin, port]
+ NovaPlacementInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ port:
+ get_param: [EndpointMap, NovaPlacementInternal, port]
+ protocol:
+ get_param: [EndpointMap, NovaPlacementInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementInternal, port]
+ - /placement
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaPlacementNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaPlacementNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementInternal, port]
+ NovaPlacementPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, NovaPlacementPublic, port]
+ protocol:
+ get_param: [EndpointMap, NovaPlacementPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementPublic, port]
+ - /placement
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, NovaPlacementPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, NovaPlacementPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, NovaPlacementPublic, port]
NovaVNCProxyAdmin:
host:
str_replace:
# a deployment input via input_values
# $network_config : the json serialized os-net-config config to apply
#
-set -ux
+set -eux
function get_metadata_ip() {
fi
fi
done
+ set +e
os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup
RETVAL=$?
+ set -e
if [[ $RETVAL == 2 ]]; then
ping_metadata_ip
elif [[ $RETVAL != 0 ]]; then
sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json
sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json
+ set +e
os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes
RETVAL=$?
+ set -e
if [[ $RETVAL == 2 ]]; then
ping_metadata_ip
# snake_case - the names must still match when converted
ServiceNetMapDefaults:
default:
+ # Note the values in this map are replaced by *NetName
+ # to allow for sane defaults when the network names are
+ # overridden.
ApacheNetwork: internal_api
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
GlanceApiNetwork: storage
- GlanceRegistryNetwork: internal_api
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
HeatApiCfnNetwork: internal_api
HeatApiCloudwatchNetwork: internal_api
NovaApiNetwork: internal_api
+ NovaPlacementNetwork: internal_api
NovaMetadataNetwork: internal_api
NovaVncProxyNetwork: internal_api
SwiftStorageNetwork: storage_mgmt
# We special-case the default ResolveNetwork for the CephStorage role
# for backwards compatibility, all other roles default to internal_api
CephStorageHostnameResolveNetwork: storage
+ EtcdNetwork: internal_api
{% for role in roles if role.name != 'CephStorage' %}
{{role.name}}HostnameResolveNetwork: internal_api
{% endfor %}
internal use only, this will be removed in future.
type: json
+ InternalApiNetName:
+ default: internal_api
+ description: The name of the internal API network.
+ type: string
+ ExternalNetName:
+ default: external
+ description: The name of the external network.
+ type: string
+ ManagementNetName:
+ default: management
+ description: The name of the management network.
+ type: string
+ StorageNetName:
+ default: storage
+ description: The name of the storage network.
+ type: string
+ StorageMgmtNetName:
+ default: storage_mgmt
+ description: The name of the Storage management network.
+ type: string
+ TenantNetName:
+ default: tenant
+ description: The name of the tenant network.
+ type: string
+
+
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- ServiceNetMapDeprecatedMapping
+resources:
+ ServiceNetMapValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_merge:
+ - map_replace:
+ - {get_param: ServiceNetMapDefaults}
+ - values:
+ external: {get_param: ExternalNetName}
+ internal_api: {get_param: InternalApiNetName}
+ storage: {get_param: StorageNetName}
+ storage_mgmt: {get_param: StorageMgmtNetName}
+ tenant: {get_param: TenantNetName}
+ management: {get_param: ManagementNetName}
+ - map_replace:
+ - {get_param: ServiceNetMap}
+ - keys: {get_param: ServiceNetMapDeprecatedMapping}
+
+
outputs:
service_net_map:
- value:
- map_merge:
- - {get_param: ServiceNetMapDefaults}
- - map_replace:
- - {get_param: ServiceNetMap}
- - keys: {get_param: ServiceNetMapDeprecatedMapping}
+ value: {get_attr: [ServiceNetMapValue, value]}
service_net_map_lower:
value:
yaql:
expression: dict($.data.map.items().select([ regex(`([a-z0-9])([A-Z])`).replace($[0], '\\1_\\2').toLower(), $[1]]))
data:
- map:
- map_merge:
- - {get_param: ServiceNetMapDefaults}
- - map_replace:
- - {get_param: ServiceNetMap}
- - keys: {get_param: ServiceNetMapDeprecatedMapping}
+ map: {get_attr: [ServiceNetMapValue, value]}
OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml
OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml
+ OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml
OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml
OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml
OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml
OS::TripleO::Services::Zaqar: OS::Heat::None
OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None
+ OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None
+ OS::TripleO::Services::Etcd: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
- {{role.name}}AllNodesValidationDeployment
{% endfor %}
properties:
+ servers:
{% for role in roles %}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
# Upgrade steps for all roles
+++ /dev/null
-heat_template_version: ocata
-
-description: >
- A software config which runs manifests/overcloud_controller_pacemaker.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ControllerPuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- outputs:
- - name: result
- inputs:
- - name: step
- type: Number
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_controller_pacemaker.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller_pacemaker.pp
- value: {get_resource: ControllerPuppetConfigImpl}
# Upgrade Steps for all roles
# FIXME(shardy): would be nice to make the number of steps configurable
-{% for step in range(1, 8) %}
+{% for step in range(0, 8) %}
{% for role in roles %}
# Step {{step}} resources
{{role.name}}UpgradeConfig_Step{{step}}:
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
- {% if step > 1 %}
+ {% if step > 0 %}
depends_on:
{% for dep in roles %}
- {{dep.name}}Upgrade_Step{{step -1}}
{{role.name}}Upgrade_Step{{step}}:
type: OS::Heat::StructuredDeploymentGroup
- {% if step > 1 %}
+ {% if step > 0 %}
depends_on:
{% for dep in roles %}
- {{dep.name}}Upgrade_Step{{step -1}}
+++ /dev/null
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('controller_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
+
+# NOTE(gfidente): ensure deprecated package manifest is absent, can be removed after Pike
+$absent_package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
+package_manifest{$absent_package_manifest_name: ensure => absent}
MonitoringSubscriptionCeilometerCompute:
default: 'overcloud-ceilometer-agent-compute'
type: string
+ InstanceDiscoveryMethod:
+ default: 'libvirt_metadata'
+ description: Method used to discover instances running on compute node
+ type: string
+ constraints:
+ - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
resources:
CeilometerServiceBase:
service_name: ceilometer_agent_compute
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute}
config_settings:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
step_config: |
include ::tripleo::profile::base::ceilometer::agent::compute
default: 0
description: Number of workers for Ceilometer service.
type: number
- CeilometerStoreEvents:
- default: false
- description: Whether to store events in ceilometer.
- type: boolean
- EnableLegacyCeilometerApi:
- default: false
- description: Enable legacy ceilometer Api service if needed.
- type: boolean
EventPipelinePublishers:
default: ['notifier://?topic=alarm.all']
description: A list of publishers to put in event_pipeline.yaml.
- '/ceilometer'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi}
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer::metering_secret: {get_param: CeilometerMeteringSecret}
# we include db_sync class in puppet-tripleo
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
- ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
MonitoringSubscriptionCephExternal:
default: 'overcloud-ceph-external'
type: string
+ RbdDefaultFeatures:
+ default: ''
+ description: The default features enabled when creating a block device
+ image. Only applies to format 2 images. Set to '1' for Jewel
+ clients using older Ceph servers.
+ type: string
conditions:
glance_multiple_locations:
config_settings:
tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost}
ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ ceph::profile::params::rbd_default_features: {get_param: RbdDefaultFeatures}
ceph::profile::params::client_keys:
str_replace:
template: "{
CinderRbdPoolName:
default: volumes
type: string
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
CinderBackupRbdPoolName:
default: backups
type: string
for_each:
<%pool%>:
- {get_param: CinderRbdPoolName}
+ - {get_param: ManilaCephFSDataPoolName}
+ - {get_param: ManilaCephFSMetadataPoolName}
- {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
cinder::config:
DEFAULT/swift_catalog_info:
value: 'object-store:swift:internalURL'
+ # TODO(emilien) remove the next line when https://review.openstack.org/422915
+ # is merged.
cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
tripleo.cinder_api.firewall_rules:
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: check for cinder running under apache (post upgrade)
+ tags: step2
+ shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder"
+ register: cinder_apache
+ ignore_errors: true
+ - name: Stop cinder_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: "cinder_apache.rc == 0"
+ - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-cinder-api state=stopped enabled=no
default: guest
description: The username for RabbitMQ
type: string
+ CinderCronDbPurgeMinute:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Minute
+ default: '1'
+ CinderCronDbPurgeHour:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Hour
+ default: '0'
+ CinderCronDbPurgeMonthday:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Month Day
+ default: '*'
+ CinderCronDbPurgeMonth:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Month
+ default: '*'
+ CinderCronDbPurgeWeekday:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Week Day
+ default: '*'
+ CinderCronDbPurgeUser:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - User
+ default: 'keystone'
+ CinderCronDbPurgeAge:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Age
+ default: '0'
+ CinderCronDbPurgeDestination:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Log destination
+ default: '/var/log/cinder/cinder-rowsflush.log'
outputs:
role_data:
cinder::cron::db_purge::destination: '/dev/null'
cinder::db::database_db_max_retries: -1
cinder::db::database_max_retries: -1
+ cinder::cron::db_purge::minute: {get_param: CinderCronDbPurgeMinute}
+ cinder::cron::db_purge::hour: {get_param: CinderCronDbPurgeHour}
+ cinder::cron::db_purge::monthday: {get_param: CinderCronDbPurgeMonthday}
+ cinder::cron::db_purge::month: {get_param: CinderCronDbPurgeMonth}
+ cinder::cron::db_purge::weekday: {get_param: CinderCronDbPurgeWeekday}
+ cinder::cron::db_purge::user: {get_param: CinderCronDbPurgeUser}
+ cinder::cron::db_purge::age: {get_param: CinderCronDbPurgeAge}
+ cinder::cron::db_purge::destination: {get_param: CinderCronDbPurgeDestination}
+ cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ Configure Cinder HPELeftHandISCSIDriver
+
+parameters:
+ # Config specific parameters, to be provided via parameter_defaults
+ CinderHPELeftHandISCSIApiUrl:
+ type: string
+ CinderHPELeftHandISCSIUserName:
+ type: string
+ CinderHPELeftHandISCSIPassword:
+ type: string
+ hidden: true
+ CinderHPELeftHandISCSIBackendName:
+ type: string
+ default: 'tripleo_hpelefthand'
+ CinderHPELeftHandISCSIChapEnabled:
+ type: boolean
+ default: false
+ CinderHPELeftHandClusterName:
+ type: string
+ CinderHPELeftHandDebug:
+ type: boolean
+ default: false
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for Cinder HPELeftHandISCSIDriver
+ value:
+ service_name: cinder_hpelefthand_iscsi
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_hpelefthand_backend: true
+ cinder::backend::hpelefthand_iscsi::hpelefthand_api_url: {get_param: CinderHPELeftHandISCSIApiUrl}
+ cinder::backend::hpelefthand_iscsi::hpelefthand_username: {get_param: CinderHPELeftHandISCSIUserName}
+ cinder::backend::hpelefthand_iscsi::hpelefthand_password: {get_param: CinderHPELeftHandISCSIPassword}
+ cinder::backend::hpelefthand_iscsi::volume_backend_name: {get_param: CinderHPELeftHandISCSIBackendName}
+ cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled: {get_param: CinderHPELeftHandISCSIChapEnabled}
+ cinder::backend::hpelefthand_iscsi::hpelefthand_clustername: {get_param: CinderHPELeftHandClusterName}
+ cinder::backend::hpelefthand_iscsi::hpelefthand_debug: {get_param: CinderHPELeftHandDebug}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
- cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
step_config: |
include ::tripleo::profile::base::cinder::scheduler
+ upgrade_tasks:
+ - name: Stop cinder_scheduler service
+ tags: step2
+ service: name=openstack-cinder-scheduler state=stopped
default: lioadm
description: The iSCSI helper to use with cinder.
type: string
+ CinderISCSIProtocol:
+ default: iscsi
+ description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI
+ type: string
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
SERVERS: {get_param: CinderNfsServers}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
tripleo.cinder_volume.firewall_rules:
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
+ upgrade_tasks:
+ - name: Stop cinder_volume service
+ tags: step2
+ service: name=openstack-cinder-volume state=stopped
+ - name: Sync cinder_volume DB
+ tags: step5
+ command: cinder-manage db sync
step_config: |
include ::tripleo::profile::base::database::mysql
upgrade_tasks:
+ - name: Check for galera root password
+ tags: step0
+ file: path=/root/.my.cnf state=file
- name: Stop service
tags: step2
service: name=mariadb state=stopped
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ Etcd service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ EtcdInitialClusterToken:
+ default: 'etcd-tripleo'
+ description: Initial cluster token for the etcd cluster during bootstrap.
+ type: string
+ MonitoringSubscriptionEtcd:
+ default: 'overcloud-etcd'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Etcd role.
+ value:
+ service_name: etcd
+ monitoring_subscription: {get_param: MonitoringSubscriptionEtcd}
+ config_settings:
+ etcd::etcd_name:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
+ tripleo::profile::base::etcd::client_port: '2379'
+ tripleo::profile::base::etcd::peer_port: '2380'
+ etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
+ etcd::manage_package: false
+ tripleo.etcd.firewall_rules:
+ '141 etcd':
+ dport:
+ - 2379
+ - 2380
+ step_config: |
+ include ::tripleo::profile::base::etcd
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::api::registry_host:
- str_replace:
- template: "'REGISTRY_HOST'"
- params:
- REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
+ glance::api::enable_v1_api: false
+ glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
- name: Stop glance_api service
tags: step2
service: name=openstack-glance-api state=stopped
+ - name: Stop and disable glance registry (removed for Ocata)
+ tags: step2
+ service: name=openstack-glance-registry state=stopped enabled=no
- name: Sync glance_api DB
tags: step5
command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync
- - name: Start glance_api service
- tags: step6
- service: name=openstack-glance-api state=started
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
glance::notify::rabbitmq::notification_driver: messagingv2
- glance::registry::db::database_db_max_retries: -1
- glance::registry::db::database_max_retries: -1
tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
+++ /dev/null
-heat_template_version: ocata
-
-description: >
- OpenStack Glance Registry service configured with Puppet
-
-parameters:
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- DefaultPasswords:
- default: {}
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- GlancePassword:
- description: The password for the glance service and db account, used by the glance services.
- type: string
- hidden: true
- GlanceWorkers:
- default: ''
- description: |
- Number of worker processes for glance registry. If left unset (empty
- string), the default value will result in the configuration being left
- unset and a system-dependent default value will be chosen (e.g.: number of
- processors). Please note that this will create a large number of processes
- on systems with a large number of CPUs resulting in excess memory
- consumption. It is recommended that a suitable non-default value be
- selected on such systems.
- type: string
- MonitoringSubscriptionGlanceRegistry:
- default: 'overcloud-glance-registry'
- type: string
- GlanceRegistryLoggingSource:
- type: json
- default:
- tag: openstack.glance.registry
- path: /var/log/glance/registry.log
-
-resources:
- GlanceBase:
- type: ./glance-base.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
-
-outputs:
- role_data:
- description: Role data for the Glance Registry role.
- value:
- service_name: glance_registry
- monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry}
- logging_source: {get_param: GlanceRegistryLoggingSource}
- logging_groups:
- - glance
- config_settings:
- map_merge:
- - get_attr: [GlanceBase, role_data, config_settings]
-
- - glance::registry::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/glance'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- glance::registry::authtoken::password: {get_param: GlancePassword}
- glance::registry::authtoken::project_name: 'service'
- glance::registry::pipeline: 'keystone'
- glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::registry::debug: {get_param: Debug}
- glance::registry::workers: {get_param: GlanceWorkers}
- tripleo.glance_registry.firewall_rules:
- '112 glance_registry':
- dport:
- - 9191
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
- step_config: |
- include ::tripleo::profile::base::glance::registry
- service_config_settings:
- get_attr: [GlanceBase, role_data, config_settings]
- upgrade_tasks:
- - name: Stop glance_registry service
- tags: step2
- service: name=openstack-glance-registry state=stopped
- - name: Start glance_registry service
- tags: step6
- service: name=openstack-glance-registry state=started
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
+ upgrade_tasks:
+ - name: Stop heat_api_cfn service
+ tags: step2
+ service: name=openstack-heat-api-cfn state=stopped
heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
+ upgrade_tasks:
+ - name: Stop heat_api_cloudwatch service
+ tags: step2
+ service: name=openstack-heat-api-cloudwatch state=stopped
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
+ upgrade_tasks:
+ - name: Stop heat_api service
+ tags: step2
+ service: name=openstack-heat-api state=stopped
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HeatCronPurgeDeletedEnsure:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Ensure
+ default: 'present'
+ HeatCronPurgeDeletedMinute:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Minute
+ default: '1'
+ HeatCronPurgeDeletedHour:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Hour
+ default: '0'
+ HeatCronPurgeDeletedMonthday:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Month Day
+ default: '*'
+ HeatCronPurgeDeletedMonth:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Month
+ default: '*'
+ HeatCronPurgeDeletedWeekday:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Week Day
+ default: '*'
+ HeatCronPurgeDeletedMaxDelay:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Max Delay
+ default: '3600'
+ HeatCronPurgeDeletedUser:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - User
+ default: 'heat'
+ HeatCronPurgeDeletedAge:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Age
+ default: '30'
+ HeatCronPurgeDeletedAgeType:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Age type
+ default: 'days'
+ HeatCronPurgeDeletedDestination:
+ type: string
+ description: >
+ Cron to purge db entries marked as deleted and older than $age - Log destination
+ default: '/dev/null'
outputs:
role_data:
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
- heat::cron::purge_deleted::age: 30
- heat::cron::purge_deleted::age_type: 'days'
- heat::cron::purge_deleted::maxdelay: 3600
- heat::cron::purge_deleted::destination: '/dev/null'
heat::db::database_db_max_retries: -1
heat::db::database_max_retries: -1
heat::yaql_memory_quota: 100000
heat::yaql_limit_iterators: 1000
+ heat::cron::purge_deleted::ensure: {get_param: HeatCronPurgeDeletedEnsure}
+ heat::cron::purge_deleted::minute: {get_param: HeatCronPurgeDeletedMinute}
+ heat::cron::purge_deleted::hour: {get_param: HeatCronPurgeDeletedHour}
+ heat::cron::purge_deleted::monthday: {get_param: HeatCronPurgeDeletedMonthday}
+ heat::cron::purge_deleted::month: {get_param: HeatCronPurgeDeletedMonth}
+ heat::cron::purge_deleted::weekday: {get_param: HeatCronPurgeDeletedWeekday}
+ heat::cron::purge_deleted::maxdelay: {get_param: HeatCronPurgeDeletedMaxDelay}
+ heat::cron::purge_deleted::user: {get_param: HeatCronPurgeDeletedUser}
+ heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge}
+ heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
+ heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
service_config_settings:
keystone:
tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'
keystone:
# This is needed because the keystone profile handles creating the domain
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
+ upgrade_tasks:
+ - name: Stop heat_engine service
+ tags: step2
+ service: name=openstack-heat-engine state=stopped
+ - name: Sync heat_engine DB
+ tags: step5
+ command: heat-manage --config-file /etc/heat/heat.conf db_sync
EnableInternalTLS:
type: boolean
default: false
+ KeystoneCronTokenFlushEnsure:
+ type: string
+ description: >
+ Cron to purge expired tokens - Ensure
+ default: 'present'
+ KeystoneCronTokenFlushMinute:
+ type: string
+ description: >
+ Cron to purge expired tokens - Minute
+ default: '1'
+ KeystoneCronTokenFlushHour:
+ type: string
+ description: >
+ Cron to purge expired tokens - Hour
+ default: '0'
+ KeystoneCronTokenFlushMonthday:
+ type: string
+ description: >
+ Cron to purge expired tokens - Month Day
+ default: '*'
+ KeystoneCronTokenFlushMonth:
+ type: string
+ description: >
+ Cron to purge expired tokens - Month
+ default: '*'
+ KeystoneCronTokenFlushWeekday:
+ type: string
+ description: >
+ Cron to purge expired tokens - Week Day
+ default: '*'
+ KeystoneCronTokenFlushMaxDelay:
+ type: string
+ description: >
+ Cron to purge expired tokens - Max Delay
+ default: '0'
+ KeystoneCronTokenFlushDestination:
+ type: string
+ description: >
+ Cron to purge expired tokens - Log destination
+ default: '/var/log/keystone/keystone-tokenflush.log'
+ KeystoneCronTokenFlushUser:
+ type: string
+ description: >
+ Cron to purge expired tokens - User
+ default: 'keystone'
resources:
# NOTE: this applies to all 2 bind IP settings below...
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
+ keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
+ keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
+ keystone::cron::token_flush::monthday: {get_param: KeystoneCronTokenFlushMonthday}
+ keystone::cron::token_flush::month: {get_param: KeystoneCronTokenFlushMonth}
+ keystone::cron::token_flush::weekday: {get_param: KeystoneCronTokenFlushWeekday}
+ keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
+ keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
+ keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
+
step_config: |
include ::tripleo::profile::base::keystone
service_config_settings:
- name: Sync keystone DB
tags: step5
command: keystone-manage db_sync
- - name: Start keystone service (running under httpd)
- tags: step6
- service: name=httpd state=started
# internal_api_subnet - > IP/CIDR
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::enable_proxy_headers_parsing: true
+ manila::api::default_share_type: 'default'
step_config: |
include ::tripleo::profile::base::manila::api
service_config_settings:
ManilaCephFSNativeCephFSEnableSnapshots:
type: boolean
default: true
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
+ # (jprovazn) default value is set to assure this templates works with an
+ # external ceph too (user/key is created only when ceph is deployed by
+ # TripleO)
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
outputs:
role_data:
manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId}
manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
+ manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey}
+ ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
+ ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
+ ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config:
- name: Sync neutron_api DB
tags: step5
command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
- - name: Start neutron_api service
- tags: step6
- service: name=neutron-server state=started
-
- name: Stop neutron_dhcp service
tags: step2
service: name=neutron-dhcp-agent state=stopped
- - name: Start neutron_dhcp service
- tags: step6
- service: name=neutron-dhcp-agent state=started
- name: Stop neutron_l3 service
tags: step2
service: name=neutron-l3-agent state=stopped
- - name: Start neutron_l3 service
- tags: step6
- service: name=neutron-l3-agent state=started
- name: Stop neutron_metadata service
tags: step2
service: name=neutron-metadata-agent state=stopped
- - name: Start neutron_metadata service
- tags: step6
- service: name=neutron-metadata-agent state=started
tag: openstack.neutron.agent.openvswitch
path: /var/log/neutron/openvswitch-agent.log
+conditions:
+ no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
+
resources:
NeutronBase:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
tripleo.neutron_ovs_agent.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
+ -
+ if:
+ - no_firewall_driver
+ - {}
+ - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
- name: Stop neutron_ovs_agent service
tags: step2
service: name=neutron-openvswitch-agent state=stopped
- - name: Start neutron_ovs_agent service
- tags: step6
- service: name=neutron-openvswitch-agent state=started
-
-heat_template_version: 2017-02-24
+heat_template_version: ocata
description: >
Configure hieradata for Fujitsu C-Fabric plugin configuration
EnableInternalTLS:
type: boolean
default: false
+ NovaDefaultFloatingPool:
+ default: 'public'
+ description: Default pool for floating IP addresses
+ type: string
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::api::enabled: true
- nova::api::default_floating_pool: 'public'
+ nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
nova::api::api_bind_address:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
type: string
description: Nova Compute upgrade level
default: ''
+ NovaCronArchiveDeleteRowsMinute:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Minute
+ default: '1'
+ NovaCronArchiveDeleteRowsHour:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Hour
+ default: '0'
+ NovaCronArchiveDeleteRowsMonthday:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Month Day
+ default: '*'
+ NovaCronArchiveDeleteRowsMonth:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Month
+ default: '*'
+ NovaCronArchiveDeleteRowsWeekday:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Week Day
+ default: '*'
+ NovaCronArchiveDeleteRowsMaxRows:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Max Rows
+ default: '100'
+ NovaCronArchiveDeleteRowsUser:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - User
+ default: 'nova'
+ NovaCronArchiveDeleteRowsDestination:
+ type: string
+ description: >
+ Cron to move deleted instances to another table - Log destination
+ default: '/var/log/nova/nova-rowsflush.log'
+ NovaCronArchiveDeleteRowsUntilComplete:
+ type: boolean
+ description: >
+ Cron to move deleted instances to another table - Until complete
+ default: false
+
+
conditions:
compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']}
nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
nova::rabbit_port: {get_param: RabbitClientPort}
+ nova::placement::project_name: 'service'
+ nova::placement::password: {get_param: NovaPassword}
+ nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::placement::os_region_name: {get_param: KeystoneRegion}
nova::database_connection:
list_join:
- ''
- '/nova_api'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ nova::placement_database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://nova_placement:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/nova_placement'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
nova::use_ipv6: {get_param: NovaIPv6}
nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
- -
+ nova::cron::archive_deleted_rows::minute: {get_param: NovaCronArchiveDeleteRowsMinute}
+ nova::cron::archive_deleted_rows::hour: {get_param: NovaCronArchiveDeleteRowsHour}
+ nova::cron::archive_deleted_rows::monthday: {get_param: NovaCronArchiveDeleteRowsMonthday}
+ nova::cron::archive_deleted_rows::month: {get_param: NovaCronArchiveDeleteRowsMonth}
+ nova::cron::archive_deleted_rows::weekday: {get_param: NovaCronArchiveDeleteRowsWeekday}
+ nova::cron::archive_deleted_rows::max_rows: {get_param: NovaCronArchiveDeleteRowsMaxRows}
+ nova::cron::archive_deleted_rows::user: {get_param: NovaCronArchiveDeleteRowsUser}
+ nova::cron::archive_deleted_rows::destination: {get_param: NovaCronArchiveDeleteRowsDestination}
+ nova::cron::archive_deleted_rows::until_complete: {get_param: NovaCronArchiveDeleteRowsUntilComplete}
+ -
if:
- compute_upgrade_level_empty
- {}
- nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
service_config_settings:
mysql:
+ # NOTE(aschultz): this should be configurable if/when we support more
+ # complex cell v2 configurations. For now, this is the default cell
+ # created for the cell v2 configuration
+ nova::db::mysql_api::setup_cell0: true
nova::rabbit_password: {get_param: RabbitPassword}
nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack Nova Placement API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaWorkers:
+ default: 0
+ description: Number of workers for Nova Placement API service.
+ type: number
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-placement.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionNovaPlacement:
+ default: 'overcloud-nova-placement'
+ type: string
+ NovaPlacementLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.placement
+ path: /var/log/httpd/nova_placement_wsgi_error_ssl.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
+
+resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Placement API service.
+ value:
+ service_name: nova_placement
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaPlacement}
+ logging_source: {get_param: NovaPlacementLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - tripleo.nova_placement.firewall_rules:
+ '138 nova_placement':
+ dport:
+ - 8778
+ - 13778
+ nova::wsgi::apache_placement::api_port: '8778'
+ nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache_placement::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ -
+ if:
+ - nova_workers_zero
+ - {}
+ - nova::wsgi::apache_placement::workers: {get_param: NovaWorkers}
+ step_config: |
+ include tripleo::profile::base::nova::placement
+ service_config_settings:
+ keystone:
+ nova::keystone::auth_placement::tenant: 'service'
+ nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]}
+ nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]}
+ nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]}
+ nova::keystone::auth_placement::password: {get_param: NovaPassword}
+ nova::keystone::auth_placement::region: {get_param: KeystoneRegion}
+ mysql:
+ map_merge:
+ - {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
+ - nova::db::mysql_placement::password: {get_param: NovaPassword}
+ nova::db::mysql_placement::user: nova_placement
+ nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ nova::db::mysql_placement::dbname: nova_placement
+ nova::db::mysql_placement::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
-heat_template_version: 2016-04-08
+heat_template_version: ocata
description: >
OVN databases configured with puppet
get_param: [ServiceNetMap, MysqlNetwork]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
+ upgrade_tasks:
+ - name: Check for galera root password
+ tags: step0
+ file: path=/root/.my.cnf state=file
NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
rabbitmq_kernel_variables:
inet_dist_listen_min: '25672'
inet_dist_listen_max: '25672'
sahara::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: Stop sahara_api service
+ tags: step2
+ service: name=openstack-sahara-api state=stopped
- get_attr: [SaharaBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::sahara::engine
+ upgrade_tasks:
+ - name: Stop sahara_engine service
+ tags: step2
+ service: name=openstack-sahara-engine state=stopped
+ - name: Sync sahara_engine DB
+ tags: step5
+ command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
- 'keystone'
- 'staticweb'
- 'copy'
- - 'container-quotas'
- - 'account-quotas'
+ - 'container_quotas'
+ - 'account_quotas'
- 'slo'
- 'dlo'
- 'versioned_writes'
- admin
- swiftoperator
- ResellerAdmin
+ upgrade_tasks:
+ - name: Stop swift_proxy service
+ tags: step2
+ service: name=openstack-swift-proxy state=stopped
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage
+ upgrade_tasks:
+ - name: Stop swift storage services
+ tags: step2
+ service: name={{ item }} state=stopped
+ with_items:
+ - openstack-swift-account-auditor
+ - openstack-swift-account-reaper
+ - openstack-swift-account-replicator
+ - openstack-swift-account
+ - openstack-swift-container-auditor
+ - openstack-swift-container-replicator
+ - openstack-swift-container-updater
+ - openstack-swift-container
+ - openstack-swift-object-auditor
+ - openstack-swift-object-replicator
+ - openstack-swift-object-updater
+ - openstack-swift-object
dport: 123
proto: udp
step_config: |
- include ::ntp
+ include ::tripleo::profile::base::time::ntp
step_config: |
include ::tripleo::packages
upgrade_tasks:
+ - name: Check yum for rpm-python present
+ tags: step0
+ yum: "name=rpm-python state=present"
+ register: rpm_python_check
+ - name: Fail when rpm-python wasn't present
+ fail: msg="rpm-python package was not present before this run! Check environment before re-running"
+ when: rpm_python_check.changed != false
+ tags: step0
- name: Update all packages
tags: step3
yum: name=* state=latest
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::Etcd
- name: Compute
CountDefault: 1
- OS::TripleO::Services::Apache
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConductor
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
+ 'tls-endpoints-public-ip.yaml',
+ 'tls-everywhere-endpoints-dns.yaml']
+ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
+
def exit_usage():
print('Usage %s <yaml file or directory>' % sys.argv[0])
sys.exit(1)
+def get_base_endpoint_map(filename):
+ try:
+ tpl = yaml.load(open(filename).read())
+ return tpl['parameters']['EndpointMap']['default']
+ except Exception:
+ print(traceback.format_exc())
+ return None
+
+
+def get_endpoint_map_from_env(filename):
+ try:
+ tpl = yaml.load(open(filename).read())
+ return {
+ 'file': filename,
+ 'map': tpl['parameter_defaults']['EndpointMap']
+ }
+ except Exception:
+ print(traceback.format_exc())
+ return None
+
+
+def validate_endpoint_map(base_map, env_map):
+ return sorted(base_map.keys()) == sorted(env_map.keys())
+
+
def validate_mysql_connection(settings):
no_op = lambda *args: False
error_status = [0]
def validate_service(filename, tpl):
+ if 'heat_template_version' in tpl and not str(tpl['heat_template_version']).isalpha():
+ print('ERROR: heat_template_version needs to be the release alias not a date: %s'
+ % filename)
+ return 1
if 'outputs' in tpl and 'role_data' in tpl['outputs']:
if 'value' not in tpl['outputs']['role_data']:
print('ERROR: invalid role_data for filename: %s'
path_args = sys.argv[1:]
exit_val = 0
failed_files = []
+base_endpoint_map = None
+env_endpoint_maps = list()
for base_path in path_args:
if os.path.isdir(base_path):
if failed:
failed_files.append(file_path)
exit_val |= failed
+ if f == ENDPOINT_MAP_FILE:
+ base_endpoint_map = get_base_endpoint_map(file_path)
+ if f in envs_containing_endpoint_map:
+ env_endpoint_map = get_endpoint_map_from_env(file_path)
+ if env_endpoint_map:
+ env_endpoint_maps.append(env_endpoint_map)
elif os.path.isfile(base_path) and base_path.endswith('.yaml'):
failed = validate(base_path)
if failed:
print('Unexpected argument %s' % base_path)
exit_usage()
+if base_endpoint_map and \
+ len(env_endpoint_maps) == len(envs_containing_endpoint_map):
+ for env_endpoint_map in env_endpoint_maps:
+ matches = validate_endpoint_map(base_endpoint_map,
+ env_endpoint_map['map'])
+ if not matches:
+ print("ERROR: %s doesn't match base endpoint map" %
+ env_endpoint_map['file'])
+ failed_files.append(env_endpoint_map['file'])
+ exit_val |= 1
+ else:
+ print("%s matches base endpoint map" % env_endpoint_map['file'])
+else:
+ print("ERROR: Can't validate endpoint maps since a file is missing. "
+ "If you meant to delete one of these files you should update this "
+ "tool as well.")
+ if not base_endpoint_map:
+ failed_files.append(ENDPOINT_MAP_FILE)
+ if len(env_endpoint_maps) != len(envs_containing_endpoint_map):
+ matched_files = set(os.path.basename(matched_env_file['file'])
+ for matched_env_file in env_endpoint_maps)
+ failed_files.extend(set(envs_containing_endpoint_map) - matched_files)
+ exit_val |= 1
+
if failed_files:
print('Validation failed on:')
for f in failed_files:
Code Review / apex-tripleo-heat-templates.git / commitdiff